A secure pin-entry method resistant to shoulder-surfing and recording attacks / Farid Binbeshr
The regular PIN-entry method has been considered the most common method of authentication for systems and networks. However, PINs are easy to be captured through shoulder-surfing and recording attacks. An adversary may shoulder surf the authentication session to obtain the PIN. He or she may use...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Published: |
2022
|
| Subjects: | |
| Online Access: | http://studentsrepo.um.edu.my/15111/1/Farid_Binbeshr.pdf http://studentsrepo.um.edu.my/15111/2/Farid_Binbeshr.pdf http://studentsrepo.um.edu.my/15111/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.um.stud.15111 |
|---|---|
| record_format |
eprints |
| spelling |
my.um.stud.151112024-11-09T22:23:32Z A secure pin-entry method resistant to shoulder-surfing and recording attacks / Farid Binbeshr Farid , Binbeshr QA75 Electronic computers. Computer science The regular PIN-entry method has been considered the most common method of authentication for systems and networks. However, PINs are easy to be captured through shoulder-surfing and recording attacks. An adversary may shoulder surf the authentication session to obtain the PIN. He or she may use a video-recording device to record a user while performing authentication and later reproduce the PIN. It is also possible that the adversary might install spyware on the compromised device and capture the user input and screen content. This problem with the regular PIN-entry method could be attributed to the involuntary nature of entering the original PIN during authentication. A plethora of PIN-entry methods have been proposed in the literature to mitigate such attacks. They are categorised into direct input and indirect input methods according to the way of entering the original PIN. Unfortunately, these methods either provide no protection against shoulder-surfing and recording attacks (video-based and spyware-based) or hamper the PIN-entry method’s usability or compatibility. In this research, an indirect input method that employs the challenge-response approach is proposed in order to produce a One Time PIN (OTP) that obscures the original PIN. Three versions of the proposed PIN-entry method are designed. Two user studies were conducted; preliminary and primary. The preliminary user study was used to find the best version of the proposed PIN-entry method. The primary user study was used to evaluate the security and usability of the best version and compared it with the related work. The results of the user study manifest that the proposed PIN-entry method provides better security than the existing PIN-entry methods while maintaining an acceptable level of usability. Moreover, the user feedback fully supports the use of the proposed PIN-entry method in critical-security situations. 2022-09 Thesis NonPeerReviewed application/pdf http://studentsrepo.um.edu.my/15111/1/Farid_Binbeshr.pdf application/pdf http://studentsrepo.um.edu.my/15111/2/Farid_Binbeshr.pdf Farid , Binbeshr (2022) A secure pin-entry method resistant to shoulder-surfing and recording attacks / Farid Binbeshr. PhD thesis, Universiti Malaya. http://studentsrepo.um.edu.my/15111/ |
| institution |
Universiti Malaya |
| building |
UM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Malaya |
| content_source |
UM Student Repository |
| url_provider |
http://studentsrepo.um.edu.my/ |
| topic |
QA75 Electronic computers. Computer science |
| spellingShingle |
QA75 Electronic computers. Computer science Farid , Binbeshr A secure pin-entry method resistant to shoulder-surfing and recording attacks / Farid Binbeshr |
| description |
The regular PIN-entry method has been considered the most common method of authentication
for systems and networks. However, PINs are easy to be captured through
shoulder-surfing and recording attacks. An adversary may shoulder surf the authentication
session to obtain the PIN. He or she may use a video-recording device to record a user
while performing authentication and later reproduce the PIN. It is also possible that the
adversary might install spyware on the compromised device and capture the user input and
screen content. This problem with the regular PIN-entry method could be attributed to
the involuntary nature of entering the original PIN during authentication. A plethora of
PIN-entry methods have been proposed in the literature to mitigate such attacks. They
are categorised into direct input and indirect input methods according to the way of
entering the original PIN. Unfortunately, these methods either provide no protection against
shoulder-surfing and recording attacks (video-based and spyware-based) or hamper the
PIN-entry method’s usability or compatibility. In this research, an indirect input method
that employs the challenge-response approach is proposed in order to produce a One Time
PIN (OTP) that obscures the original PIN. Three versions of the proposed PIN-entry
method are designed. Two user studies were conducted; preliminary and primary. The
preliminary user study was used to find the best version of the proposed PIN-entry method.
The primary user study was used to evaluate the security and usability of the best version
and compared it with the related work. The results of the user study manifest that the
proposed PIN-entry method provides better security than the existing PIN-entry methods
while maintaining an acceptable level of usability. Moreover, the user feedback fully supports the use of the proposed PIN-entry method in critical-security situations.
|
| format |
Thesis |
| author |
Farid , Binbeshr |
| author_facet |
Farid , Binbeshr |
| author_sort |
Farid , Binbeshr |
| title |
A secure pin-entry method resistant to shoulder-surfing and recording attacks / Farid Binbeshr |
| title_short |
A secure pin-entry method resistant to shoulder-surfing and recording attacks / Farid Binbeshr |
| title_full |
A secure pin-entry method resistant to shoulder-surfing and recording attacks / Farid Binbeshr |
| title_fullStr |
A secure pin-entry method resistant to shoulder-surfing and recording attacks / Farid Binbeshr |
| title_full_unstemmed |
A secure pin-entry method resistant to shoulder-surfing and recording attacks / Farid Binbeshr |
| title_sort |
secure pin-entry method resistant to shoulder-surfing and recording attacks / farid binbeshr |
| publishDate |
2022 |
| url |
http://studentsrepo.um.edu.my/15111/1/Farid_Binbeshr.pdf http://studentsrepo.um.edu.my/15111/2/Farid_Binbeshr.pdf http://studentsrepo.um.edu.my/15111/ |
| _version_ |
1816130786697412608 |
| score |
13.214268 |