A secure pin-entry method resistant to shoulder-surfing and recording attacks / Farid Binbeshr

Farid , Binbeshr (2022) A secure pin-entry method resistant to shoulder-surfing and recording attacks / Farid Binbeshr. PhD thesis, Universiti Malaya.

[img] PDF (The Candidate's Agreement)
Restricted to Repository staff only

Download (211Kb)
    [img] PDF (Thesis PhD)
    Download (2020Kb)

      Abstract

      The regular PIN-entry method has been considered the most common method of authentication for systems and networks. However, PINs are easy to be captured through shoulder-surfing and recording attacks. An adversary may shoulder surf the authentication session to obtain the PIN. He or she may use a video-recording device to record a user while performing authentication and later reproduce the PIN. It is also possible that the adversary might install spyware on the compromised device and capture the user input and screen content. This problem with the regular PIN-entry method could be attributed to the involuntary nature of entering the original PIN during authentication. A plethora of PIN-entry methods have been proposed in the literature to mitigate such attacks. They are categorised into direct input and indirect input methods according to the way of entering the original PIN. Unfortunately, these methods either provide no protection against shoulder-surfing and recording attacks (video-based and spyware-based) or hamper the PIN-entry method’s usability or compatibility. In this research, an indirect input method that employs the challenge-response approach is proposed in order to produce a One Time PIN (OTP) that obscures the original PIN. Three versions of the proposed PIN-entry method are designed. Two user studies were conducted; preliminary and primary. The preliminary user study was used to find the best version of the proposed PIN-entry method. The primary user study was used to evaluate the security and usability of the best version and compared it with the related work. The results of the user study manifest that the proposed PIN-entry method provides better security than the existing PIN-entry methods while maintaining an acceptable level of usability. Moreover, the user feedback fully supports the use of the proposed PIN-entry method in critical-security situations.

      Item Type: Thesis (PhD)
      Additional Information: Thesis (PhD) – Faculty of Computer Science & Information Technology, Universiti Malaya, 2022.
      Uncontrolled Keywords: PIN; Password; Authentication; Shoulder surfing; Recording attack
      Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
      Divisions: Faculty of Computer Science & Information Technology
      Depositing User: Mr Mohd Safri Tahir
      Date Deposited: 10 Nov 2024 06:23
      Last Modified: 10 Nov 2024 06:23
      URI: http://studentsrepo.um.edu.my/id/eprint/15111

      Actions (For repository staff only : Login required)

      View Item