SteganoPIN

Two-Faced Human-Machine Interface for Practical Enforcement of PIN Entry Security

Taekyoung Kwon, Sarang Na

Research output: Contribution to journalArticle

6 Citations (Scopus)

Abstract

Users typically reuse the same personalized identification number (PIN) for multiple systems and in numerous sessions. Direct PIN entries are highly susceptible to shoulder-surfing attacks as attackers can effectively observe PIN entry with concealed cameras. Indirect PIN entry methods proposed as countermeasures are rarely deployed because they demand a heavier cognitive workload for users. To achieve security and usability, we present a practical indirect PIN entry method called SteganoPIN. The human-machine interface of SteganoPIN is two numeric keypads, one covered and the other open, designed to physically block shoulder-surfing attacks. After locating a long-Term PIN in the more typical layout, through the covered permuted keypad, a user generates a one-Time PIN that can safely be entered in plain view of attackers. Forty-eight participants were involved in investigating the PIN entry time and error rate of SteganoPIN. Our experimental manipulation used a within-subject factorial design with two independent variables: PIN entry system (standard PIN, SteganoPIN) and PIN type (system-chosen PIN, user-chosen PIN). The PIN entry time in SteganoPIN (5.4-5.7 s) was slower but acceptable, and the error rate (0-2.1%) was not significantly different from that of the standard PIN. SteganoPIN is resilient to camera-based shoulder-surfing attacks over multiple authentication sessions. It remains limited to PIN-based authentication.

Original languageEnglish
Article number7167675
Pages (from-to)143-150
Number of pages8
JournalIEEE Transactions on Human-Machine Systems
Volume46
Issue number1
DOIs
Publication statusPublished - 2016 Feb 1

Fingerprint

Computer keyboards
Authentication
Cameras

All Science Journal Classification (ASJC) codes

  • Human Factors and Ergonomics
  • Control and Systems Engineering
  • Signal Processing
  • Human-Computer Interaction
  • Computer Science Applications
  • Computer Networks and Communications
  • Artificial Intelligence

Cite this

@article{5f7d579bb03c4ca29cea42ead88b705d,
title = "SteganoPIN: Two-Faced Human-Machine Interface for Practical Enforcement of PIN Entry Security",
abstract = "Users typically reuse the same personalized identification number (PIN) for multiple systems and in numerous sessions. Direct PIN entries are highly susceptible to shoulder-surfing attacks as attackers can effectively observe PIN entry with concealed cameras. Indirect PIN entry methods proposed as countermeasures are rarely deployed because they demand a heavier cognitive workload for users. To achieve security and usability, we present a practical indirect PIN entry method called SteganoPIN. The human-machine interface of SteganoPIN is two numeric keypads, one covered and the other open, designed to physically block shoulder-surfing attacks. After locating a long-Term PIN in the more typical layout, through the covered permuted keypad, a user generates a one-Time PIN that can safely be entered in plain view of attackers. Forty-eight participants were involved in investigating the PIN entry time and error rate of SteganoPIN. Our experimental manipulation used a within-subject factorial design with two independent variables: PIN entry system (standard PIN, SteganoPIN) and PIN type (system-chosen PIN, user-chosen PIN). The PIN entry time in SteganoPIN (5.4-5.7 s) was slower but acceptable, and the error rate (0-2.1{\%}) was not significantly different from that of the standard PIN. SteganoPIN is resilient to camera-based shoulder-surfing attacks over multiple authentication sessions. It remains limited to PIN-based authentication.",
author = "Taekyoung Kwon and Sarang Na",
year = "2016",
month = "2",
day = "1",
doi = "10.1109/THMS.2015.2454498",
language = "English",
volume = "46",
pages = "143--150",
journal = "IEEE Transactions on Human-Machine Systems",
issn = "2168-2291",
publisher = "IEEE Systems, Man, and Cybernetics Society",
number = "1",

}

SteganoPIN : Two-Faced Human-Machine Interface for Practical Enforcement of PIN Entry Security. / Kwon, Taekyoung; Na, Sarang.

In: IEEE Transactions on Human-Machine Systems, Vol. 46, No. 1, 7167675, 01.02.2016, p. 143-150.

Research output: Contribution to journalArticle

TY - JOUR

T1 - SteganoPIN

T2 - Two-Faced Human-Machine Interface for Practical Enforcement of PIN Entry Security

AU - Kwon, Taekyoung

AU - Na, Sarang

PY - 2016/2/1

Y1 - 2016/2/1

N2 - Users typically reuse the same personalized identification number (PIN) for multiple systems and in numerous sessions. Direct PIN entries are highly susceptible to shoulder-surfing attacks as attackers can effectively observe PIN entry with concealed cameras. Indirect PIN entry methods proposed as countermeasures are rarely deployed because they demand a heavier cognitive workload for users. To achieve security and usability, we present a practical indirect PIN entry method called SteganoPIN. The human-machine interface of SteganoPIN is two numeric keypads, one covered and the other open, designed to physically block shoulder-surfing attacks. After locating a long-Term PIN in the more typical layout, through the covered permuted keypad, a user generates a one-Time PIN that can safely be entered in plain view of attackers. Forty-eight participants were involved in investigating the PIN entry time and error rate of SteganoPIN. Our experimental manipulation used a within-subject factorial design with two independent variables: PIN entry system (standard PIN, SteganoPIN) and PIN type (system-chosen PIN, user-chosen PIN). The PIN entry time in SteganoPIN (5.4-5.7 s) was slower but acceptable, and the error rate (0-2.1%) was not significantly different from that of the standard PIN. SteganoPIN is resilient to camera-based shoulder-surfing attacks over multiple authentication sessions. It remains limited to PIN-based authentication.

AB - Users typically reuse the same personalized identification number (PIN) for multiple systems and in numerous sessions. Direct PIN entries are highly susceptible to shoulder-surfing attacks as attackers can effectively observe PIN entry with concealed cameras. Indirect PIN entry methods proposed as countermeasures are rarely deployed because they demand a heavier cognitive workload for users. To achieve security and usability, we present a practical indirect PIN entry method called SteganoPIN. The human-machine interface of SteganoPIN is two numeric keypads, one covered and the other open, designed to physically block shoulder-surfing attacks. After locating a long-Term PIN in the more typical layout, through the covered permuted keypad, a user generates a one-Time PIN that can safely be entered in plain view of attackers. Forty-eight participants were involved in investigating the PIN entry time and error rate of SteganoPIN. Our experimental manipulation used a within-subject factorial design with two independent variables: PIN entry system (standard PIN, SteganoPIN) and PIN type (system-chosen PIN, user-chosen PIN). The PIN entry time in SteganoPIN (5.4-5.7 s) was slower but acceptable, and the error rate (0-2.1%) was not significantly different from that of the standard PIN. SteganoPIN is resilient to camera-based shoulder-surfing attacks over multiple authentication sessions. It remains limited to PIN-based authentication.

UR - http://www.scopus.com/inward/record.url?scp=84938490816&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84938490816&partnerID=8YFLogxK

U2 - 10.1109/THMS.2015.2454498

DO - 10.1109/THMS.2015.2454498

M3 - Article

VL - 46

SP - 143

EP - 150

JO - IEEE Transactions on Human-Machine Systems

JF - IEEE Transactions on Human-Machine Systems

SN - 2168-2291

IS - 1

M1 - 7167675

ER -