DragPIN: A Secured PIN Entry Scheme to Avert Attacks

DragPIN: A Secured PIN Entry Scheme to Avert

Attacks

Rajarajan Srinivasan

 School of Computing, SASTRA University, India

Abstract: Personal Identification Numbers (PIN) are widely used for authenticating users for financial transactions. PIN numbers are entered at Automatic Teller Machine (ATMs), card payments at Point of Sale (POS) counters and for e-banking services. When PIN numbers are keyed in by the users, they are vulnerable to shoulder surfing and keylogging attacks. By entering PIN numbers through virtual keyboards, the keylogging attacks can be mitigated, but it elevates the risk of shoulder surfing. A number of shoulder surfing resistive keyboard schemes have been proposed. But many of them offer inadequate security and are poor in usability. They also demand substantial user intelligence, training, user memory and additional devices for entering the PIN numbers. Keeping in mind that securing PIN number should not be done at the cost of user inconvenience, a new scheme based on key sliding is proposed in this paper. Two variations of the scheme are presented. They are based on manual and automatic sliding of keys and indirect user entry of PIN numbers. Our proposed schemes are simple and easy to adopt. They are sufficiently stronger against attacks. Our extensive analysis and user study of the schemes have proved their security and usability.

Keywords: PIN, Shoulder surfing, keylogging, virtual keyboard, user authentication, e-banking, man-In-the-middle attacks.

Received September 24, 2014; accepted August 12, 2015

Full text   


 
Read 2069 times Last modified on Sunday, 20 May 2018 02:37
Share
Top
We use cookies to improve our website. By continuing to use this website, you are giving consent to cookies being used. More details…