DragPIN: A Secured PIN Entry Scheme to Avert
Attacks
Rajarajan Srinivasan
School of Computing, SASTRA University, India
Abstract:
Personal Identification Numbers (PIN) are widely used for authenticating users
for financial transactions. PIN numbers are entered at Automatic Teller Machine
(ATMs), card payments at Point of Sale (POS) counters and for e-banking
services. When PIN numbers are keyed in by the users, they are vulnerable to
shoulder surfing and keylogging attacks. By entering PIN numbers through virtual
keyboards, the keylogging attacks can be mitigated, but it elevates the risk of
shoulder surfing. A number of shoulder surfing resistive keyboard schemes have
been proposed. But many of them offer inadequate security and are poor in
usability. They also demand substantial user intelligence, training, user
memory and additional devices for entering the PIN numbers. Keeping in mind
that securing PIN number should not be done at the cost of user inconvenience,
a new scheme based on key sliding is proposed in this paper. Two variations of
the scheme are presented. They are based on manual and automatic sliding of
keys and indirect user entry of PIN numbers. Our proposed schemes are simple
and easy to adopt. They are sufficiently stronger against attacks. Our
extensive analysis and user study of the schemes have proved their security and
usability.
Keywords: PIN,
Shoulder surfing, keylogging, virtual keyboard, user authentication, e-banking,
man-In-the-middle attacks.
|
|