Abstract
Users typically reuse the same personalized identification number (PIN) for multiple systems and in numerous sessions. Direct PIN entries are highly susceptible to shoulder-surfing attacks as attackers can effectively observe PIN entry with concealed cameras. Indirect PIN entry methods proposed as countermeasures are rarely deployed because they demand a heavier cognitive workload for users. To achieve security and usability, we present a practical indirect PIN entry method called SteganoPIN. The human-machine interface of SteganoPIN is two numeric keypads, one covered and the other open, designed to physically block shoulder-surfing attacks. After locating a long-Term PIN in the more typical layout, through the covered permuted keypad, a user generates a one-Time PIN that can safely be entered in plain view of attackers. Forty-eight participants were involved in investigating the PIN entry time and error rate of SteganoPIN. Our experimental manipulation used a within-subject factorial design with two independent variables: PIN entry system (standard PIN, SteganoPIN) and PIN type (system-chosen PIN, user-chosen PIN). The PIN entry time in SteganoPIN (5.4-5.7 s) was slower but acceptable, and the error rate (0-2.1%) was not significantly different from that of the standard PIN. SteganoPIN is resilient to camera-based shoulder-surfing attacks over multiple authentication sessions. It remains limited to PIN-based authentication.
| Original language | English |
|---|---|
| Article number | 7167675 |
| Pages (from-to) | 143-150 |
| Number of pages | 8 |
| Journal | IEEE Transactions on Human-Machine Systems |
| Volume | 46 |
| Issue number | 1 |
| DOIs | |
| Publication status | Published - 2016 Feb 1 |
Fingerprint
All Science Journal Classification (ASJC) codes
- Human Factors and Ergonomics
- Control and Systems Engineering
- Signal Processing
- Human-Computer Interaction
- Computer Science Applications
- Computer Networks and Communications
- Artificial Intelligence
Cite this
}
SteganoPIN : Two-Faced Human-Machine Interface for Practical Enforcement of PIN Entry Security. / Kwon, Taekyoung; Na, Sarang.
In: IEEE Transactions on Human-Machine Systems, Vol. 46, No. 1, 7167675, 01.02.2016, p. 143-150.Research output: Contribution to journal › Article
TY - JOUR
T1 - SteganoPIN
T2 - Two-Faced Human-Machine Interface for Practical Enforcement of PIN Entry Security
AU - Kwon, Taekyoung
AU - Na, Sarang
PY - 2016/2/1
Y1 - 2016/2/1
N2 - Users typically reuse the same personalized identification number (PIN) for multiple systems and in numerous sessions. Direct PIN entries are highly susceptible to shoulder-surfing attacks as attackers can effectively observe PIN entry with concealed cameras. Indirect PIN entry methods proposed as countermeasures are rarely deployed because they demand a heavier cognitive workload for users. To achieve security and usability, we present a practical indirect PIN entry method called SteganoPIN. The human-machine interface of SteganoPIN is two numeric keypads, one covered and the other open, designed to physically block shoulder-surfing attacks. After locating a long-Term PIN in the more typical layout, through the covered permuted keypad, a user generates a one-Time PIN that can safely be entered in plain view of attackers. Forty-eight participants were involved in investigating the PIN entry time and error rate of SteganoPIN. Our experimental manipulation used a within-subject factorial design with two independent variables: PIN entry system (standard PIN, SteganoPIN) and PIN type (system-chosen PIN, user-chosen PIN). The PIN entry time in SteganoPIN (5.4-5.7 s) was slower but acceptable, and the error rate (0-2.1%) was not significantly different from that of the standard PIN. SteganoPIN is resilient to camera-based shoulder-surfing attacks over multiple authentication sessions. It remains limited to PIN-based authentication.
AB - Users typically reuse the same personalized identification number (PIN) for multiple systems and in numerous sessions. Direct PIN entries are highly susceptible to shoulder-surfing attacks as attackers can effectively observe PIN entry with concealed cameras. Indirect PIN entry methods proposed as countermeasures are rarely deployed because they demand a heavier cognitive workload for users. To achieve security and usability, we present a practical indirect PIN entry method called SteganoPIN. The human-machine interface of SteganoPIN is two numeric keypads, one covered and the other open, designed to physically block shoulder-surfing attacks. After locating a long-Term PIN in the more typical layout, through the covered permuted keypad, a user generates a one-Time PIN that can safely be entered in plain view of attackers. Forty-eight participants were involved in investigating the PIN entry time and error rate of SteganoPIN. Our experimental manipulation used a within-subject factorial design with two independent variables: PIN entry system (standard PIN, SteganoPIN) and PIN type (system-chosen PIN, user-chosen PIN). The PIN entry time in SteganoPIN (5.4-5.7 s) was slower but acceptable, and the error rate (0-2.1%) was not significantly different from that of the standard PIN. SteganoPIN is resilient to camera-based shoulder-surfing attacks over multiple authentication sessions. It remains limited to PIN-based authentication.
UR - http://www.scopus.com/inward/record.url?scp=84938490816&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84938490816&partnerID=8YFLogxK
U2 - 10.1109/THMS.2015.2454498
DO - 10.1109/THMS.2015.2454498
M3 - Article
VL - 46
SP - 143
EP - 150
JO - IEEE Transactions on Human-Machine Systems
JF - IEEE Transactions on Human-Machine Systems
SN - 2168-2291
IS - 1
M1 - 7167675
ER -