Fingereye: improvising security and optimizing ATM transaction time based on iris-scan authentication

The tumultuous increase in ATM attacks using eavesdropping, shoulder-surfing, has risen great concerns. Attackers often target the authentication stage where a customer may be entering his login information on the ATM and thus use direct observation techniques by looking over the customer's shoulder to steal his passwords. Existing authentication mechanism employs the traditional password-based authentication system which fails to curb these attacks. This paper addresses this problem using the FingerEye. The FingerEye is a robust system integrated with iris-scan authentication. A customer’s profile is created at registration where the pattern in his iris is analyzed and converted into binary codes. The binary codes are then stored in the bank database and are required for verification prior to any transaction. We leverage on the iris because every user has unique eyes which do not change until death and even a blind person with iris can be authenticated too. We implemented and tested the proposed system using CIMB bank, Malaysia as case study. The FingerEye is integrated with the current infrastructure employed by the bank and as such, no extra cost was incurred. Our result demonstrates that ATM attacks become impractical. Moreover, transactions were executed faster from 6.5 seconds to 1.4 seconds.

[1]  Shweta Sankhwar,et al.  A Safeguard against ATM Fraud , 2016, 2016 IEEE 6th International Conference on Advanced Computing (IACC).

[2]  Fiza Mughal,et al.  Graphical password: Shoulder-surfing resistant using falsification , 2015, 2015 9th Malaysian Software Engineering Conference (MySEC).

[3]  Ian Oakley,et al.  The secure haptic keypad: a tactile password system , 2010, CHI.

[4]  Atsushi Kanai,et al.  Personal authentication method against shoulder-surfing attacks for smartphone , 2017, 2017 IEEE International Conference on Consumer Electronics (ICCE).

[5]  Mun-Kyu Lee,et al.  Security Notions and Advanced Method for Human Shoulder-Surfing Resistant PIN-Entry , 2014, IEEE Transactions on Information Forensics and Security.

[6]  Jia Uddin,et al.  A New Approach of Iris Detection and Recognition , 2017 .

[7]  Taha H. Rassem,et al.  Face Recognition Using Completed Local Ternary Pattern (CLTP) Texture Descriptor , 2017 .

[8]  Ahmad Tasnim Siddiqui,et al.  Biometrics to Control ATM scams: A study , 2014, 2014 International Conference on Circuits, Power and Computing Technologies [ICCPCT-2014].

[9]  Toan Nguyen,et al.  IllusionPIN: Shoulder-Surfing Resistant Authentication Using Hybrid Images , 2017, IEEE Transactions on Information Forensics and Security.

[10]  Hung-Min Sun,et al.  A Shoulder Surfing Resistant Graphical Authentication System , 2018, IEEE Transactions on Dependable and Secure Computing.

[11]  Ian Oakley,et al.  The phone lock: audio and haptic shoulder-surfing resistant PIN entry methods for mobile devices , 2011, Tangible and Embedded Interaction.

[12]  Hee-Cheol Kim,et al.  Utilizing ECG Waveform Features as New Biometric Authentication Method , 2018 .

[13]  Nakinthorn Wongnarukane,et al.  The Security Challenges of the Rhythmprint Authentication , 2018 .

[14]  K. C. R. Nisha,et al.  Smart ATM surveillance system , 2016, 2016 International Conference on Circuit, Power and Computing Technologies (ICCPCT).

[15]  Uwe Aickelin,et al.  Against Spyware Using CAPTCHA in Graphical Password Scheme , 2010, 2010 24th IEEE International Conference on Advanced Information Networking and Applications.

[16]  Im Young Jung,et al.  An access control resistant to shoulder-surfing , 2015, 2015 IEEE International Conference on Intelligence and Security Informatics (ISI).

[17]  Azman Samsudin,et al.  Enhanced Security of Internet Banking Authentication with EXtended Honey Encryption (XHE) Scheme , 2018 .