论文信息 - A PIN Entry Scheme Resistant to Recording-Based Shoulder-Surfing

A PIN Entry Scheme Resistant to Recording-Based Shoulder-Surfing

Two-factor authentication techniques using combination of magnetic cards and personal identification numbers (PINs) are widely used in many applications including automatic teller machines and point of sales. Similar to other valuable personal possessions, cards can be easily stolen by pickpockets. Furthermore, recent security reports show that magnetic cards can be easily duplicated using fake card readers and PINs can be obtained by shoulder surfing legitimate users' PIN entry processes. With this combination, criminals can easily break into users' accounts which represents a great threat. In this paper, we propose a new PIN entry scheme which is resistant against shoulder-surfing attacks conducted by shoulder-surfers with normal cognitive capabilities. Additionally, this scheme offers a relatively good level of security when the shoulder-surfer can record the entire login procedure for one or two times with a video device. Mathematical analysis of the proposed scheme is also presented.

Amr M. Youssef | Bo Zhu | Peipei Shi

[1] Volker Roth,et al. A PIN-entry method resilient against shoulder surfing , 2004, CCS '04.

[2] Daphna Weinshall,et al. Cognitive authentication schemes safe against spyware , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[3] G. A. Miller. The magical number seven plus or minus two: some limits on our capacity for processing information. , 1956, Psychological review.

[4] David A. Wagner,et al. Cryptanalysis of a Cognitive Authentication Scheme (Extended Abstract) , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[5] Susan Wiedenbeck,et al. Design and evaluation of a shoulder-surfing resistant graphical password scheme , 2006, AVI '06.

[6] G. A. Miller. THE PSYCHOLOGICAL REVIEW THE MAGICAL NUMBER SEVEN, PLUS OR MINUS TWO: SOME LIMITS ON OUR CAPACITY FOR PROCESSING INFORMATION 1 , 1956 .

[7] Tal Garfinkel,et al. Reducing shoulder-surfing by using gaze-based password entry , 2007, SOUPS '07.

[8] Maro G. Machizawa,et al. Neural activity predicts individual differences in visual working memory capacity , 2004, Nature.