论文信息 - A rotary PIN entry scheme resilient to shoulder-surfing

A rotary PIN entry scheme resilient to shoulder-surfing

The combination of tokens or cards and personal identification numbers (PINs) are widely used for authentication in many applications including automatic teller machines (ATMs) and point of sales (POSs). Recent security incidents have shown that criminals can get these authentication tokens or cards either by pickpocketing or through fake magnetic card readers. Furthermore, PINs may also be captured through shoulder-surfing or by the use of concealed miniature cameras. Upon obtaining both authentication factors, criminals can easily break into users' accounts which presents a high security risk. In this paper, we propose a new spinwheel-like PIN entry scheme which is resilient against shoulder-surfing attacks even if the shoulder-surfer can record the entire PIN entry procedure for one time with a video device. This scheme has two variants, both of which achieve a good balance between security and usability.

[1] Amr M. Youssef,et al. A PIN Entry Scheme Resistant to Recording-Based Shoulder-Surfing , 2009, 2009 Third International Conference on Emerging Security Information, Systems and Technologies.

[2] Maro G. Machizawa,et al. Neural activity predicts individual differences in visual working memory capacity , 2004, Nature.

[3] David A. Wagner,et al. Cryptanalysis of a Cognitive Authentication Scheme (Extended Abstract) , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[4] Volker Roth,et al. A PIN-entry method resilient against shoulder surfing , 2004, CCS '04.

[5] Daphna Weinshall,et al. Cognitive authentication schemes safe against spyware , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[6] Susan Wiedenbeck,et al. Design and evaluation of a shoulder-surfing resistant graphical password scheme , 2006, AVI '06.

[7] G. A. Miller. The magical number seven plus or minus two: some limits on our capacity for processing information. , 1956, Psychological review.

[8] G. A. Miller. THE PSYCHOLOGICAL REVIEW THE MAGICAL NUMBER SEVEN, PLUS OR MINUS TWO: SOME LIMITS ON OUR CAPACITY FOR PROCESSING INFORMATION 1 , 1956 .