A Secure Pin Authentication Method against Shoulder Surfing Attacks

Users normally tend to reuse the same personalized identification number (PIN) for multiple applications. Direct PIN entries are highly susceptible to shoulder-surfing attacks as attackers can effectively capture user's PIN entry number with the help of concealed cameras. Indirect PIN entry methods proposed as counter measures are rarely deployed because they demand a heavier cognitive workload for users. To achieve fool-proof security and usability, a practical indirect PIN entry method called SteganoPIN is proposed. The human- machine interface of SteganoPIN comprises two numerical keypads: one shielded or hidden and the other exposed, designed specifically to physically thwart and protect against shoulder-surfing attacks. After locating a long-term PIN in the more usual layout, through the covered permuted keypad, a user generates a one-time password that can safely be entered in plain view of attackers. This enables the user to establish a secure transaction by means of a mobile app to the server by implementing the SteganoPIN method using multi-touch concept that is based on independent variable PIN entry system (Standard PIN, SteganoPIN). The main objective of the project is to create an android application for coping with shoulder-surfing attacks using multi-touch concept in SteganoPIN method. Only after the user PIN entered in the shuffled keypad matches with that of the static keypad, the authentication is then confirmed.Thus, this method allows the user to perform a safe banking transaction through multi-touch SteganoPIN concept. By this method, when the user details are sent to the bank server, a unique MAC id is generated, which should match the user's PIN and MAC id registered in the bank. There are two keypads: static and challenged (or) shuffled key pads; the challenged keypad becomes visible only if the proximity sensor senses the user's cup-shaped hand gesture.

[1]  Patrick Olivier,et al.  Multi-touch authentication on tabletops , 2010, CHI.

[2]  M. Divya,et al.  Defending Shoulder Surfing Attacks in Secure Transactions Using Session Key Method , 2015 .

[3]  Ted Taekyoung Kwon,et al.  SteganoPIN: Two-Faced Human–Machine Interface for Practical Enforcement of PIN Entry Security , 2016, IEEE Transactions on Human-Machine Systems.

[4]  Amr M. Youssef,et al.  A rotary PIN entry scheme resilient to shoulder-surfing , 2009, 2009 International Conference for Internet Technology and Secured Transactions, (ICITST).

[5]  Adam J. Aviv,et al.  Developing and evaluating a gestural and tactile mobile interface to support user authentication , 2016 .

[6]  Heinrich Hußmann,et al.  My phone is my keypad: privacy-enhanced PIN-entry on public terminals , 2009, OZCHI.

[7]  M Sreelatha,et al.  Authentication Schemes for Session Passwords using Color and Images , 2011 .

[8]  Arash Habibi Lashkari,et al.  Shoulder Surfing attack in graphical password authentication , 2009, ArXiv.

[9]  Ms. K. Dhivya,et al.  REVIEW ON COLOR PASSWORD TO RESIST SHOULDER SURFING ATTACK , 2015 .

[10]  Xiang Cao,et al.  CipherCard: A Token-Based Approach Against Camera-Based Shoulder Surfing Attacks on Common Touchscreen Devices , 2015, INTERACT.

[11]  Taekyoung Kwon,et al.  Covert Attentional Shoulder Surfing: Human Adversaries Are More Powerful Than Expected , 2014, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[12]  Muhammad Sharif,et al.  A Survey of Password Attacks and Comparative Analysis on Methods for Secure Authentication , 2012 .

[13]  Yoshihiro Kita,et al.  PROPOSAL AND ITS EVALUATION OF A SHOULDER-SURFING ATTACK RESISTANTAUTHENTICATION METHOD:SECRET TAP WITH DOUBLE SHIFT , 2013 .

[14]  G. Umarani,et al.  AN ANDROID APPLICATION FOR ATM WITH A SECURED PIN-ENTRY METHODS , 2015 .

[15]  Li Liu,et al.  A Virtual Password Scheme to Protect Passwords , 2008, 2008 IEEE International Conference on Communications.

[16]  Susan Wiedenbeck,et al.  Design and evaluation of a shoulder-surfing resistant graphical password scheme , 2006, AVI '06.