Enhancing the Security of Personal Identification Numbers with Three-Dimensional Displays

Passwords and personal identification numbers (PINs) are convenient and ubiquitous, but they are quite vulnerable to attackers who stand near the user (“shoulder-surfers”). This problem may be partially resolved by changing the user interface, but previous solutions of this kind still give shoulder-surfing attackers a significant advantage over brute force search. This paper provides a novel solution based on three dimensions, particularly suitable for glasses-free three-dimensional (3D) displays found in many smartphones and handheld game consoles. A user at the “3D spot” may log in easily, while nearby shoulder-surfers gain no advantage. A detailed experimental usability analysis is performed to demonstrate the effectiveness of the proposed scheme in comparison to the existing methods.

[1]  Robert H. Deng,et al.  Designing leakage-resilient password entry on touchscreen mobile devices , 2013, ASIA CCS '13.

[2]  Athanasios V. Vasilakos,et al.  BASA: building mobile Ad-Hoc social networks on top of android , 2014, IEEE Network.

[3]  Matthew K. Franklin,et al.  3DPIN: Enhancing security with 3D display , 2014, 2014 IEEE 3rd Global Conference on Consumer Electronics (GCCE).

[4]  An Introduction to 3D Computer Graphics, Stereoscopic Image, and Animation in OpenGL and C/C++ , 2012 .

[5]  Mun-Kyu Lee,et al.  Security Notions and Advanced Method for Human Shoulder-Surfing Resistant PIN-Entry , 2014, IEEE Transactions on Information Forensics and Security.

[6]  Ross J. Anderson,et al.  A Birthday Present Every Eleven Wallets? The Security of Customer-Chosen Banking PINs , 2012, Financial Cryptography.

[7]  Ian Oakley,et al.  Open Sesame: Design Guidelines for Invisible Passwords , 2012, Computer.

[8]  Nasir D. Memon,et al.  Design and Analysis of Shoulder Surfing Resistant PIN Based Authentication Mechanisms on Google Glass , 2015, Financial Cryptography Workshops.

[9]  Ian Oakley,et al.  The haptic wheel: design & evaluation of a tactile password system , 2010, CHI EA '10.

[10]  Ian Oakley,et al.  The phone lock: audio and haptic shoulder-surfing resistant PIN entry methods for mobile devices , 2011, Tangible and Embedded Interaction.

[11]  Joseph Bonneau,et al.  The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords , 2012, 2012 IEEE Symposium on Security and Privacy.

[12]  Ian Oakley,et al.  Spinlock: A Single-Cue Haptic and Audio PIN Input Technique for Authentication , 2011, HAID.

[13]  Marc Langheinrich,et al.  Back-of-device authentication on smartphones , 2013, CHI.

[14]  Volker Roth,et al.  A PIN-entry method resilient against shoulder surfing , 2004, CCS '04.

[15]  Steven Furnell,et al.  An assessment of website password practices , 2007, Comput. Secur..

[16]  Nicolas Christin,et al.  Undercover: authentication usable in front of prying eyes , 2008, CHI.

[17]  Min-Shiang Hwang,et al.  A modified remote user authentication scheme using smart cards , 2003, IEEE Trans. Consumer Electron..

[18]  Kazukuni Kobara,et al.  Limiting the Visible Space Visual Secret Sharing Schemes and Their Application to Human Identification , 1996, ASIACRYPT.

[19]  Heinrich Hußmann,et al.  Vibrapass: secure authentication based on shared lies , 2009, CHI.

[20]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..