Journal of information and communication convergence engineering

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

Hidden Indicator Based PIN-Entry Method Using Audio Signals

  • Seo, Hwajeong (Department of IT Convergence Engineering, Hansung University) ;
  • Kim, Howon (Department of Computer Engineering, Pusan National University)
  • Received : 2017.04.15
  • Accepted : 2017.06.19
  • Published : 2017.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

PIN-entry interfaces have high risks to leak secret values if the malicious attackers perform shoulder-surfing attacks with advanced monitoring and observation devices. To make the PIN-entry secure, many studies have considered invisible radio channels as a secure medium to deliver private information. However, the methods are also vulnerable if the malicious adversaries find a hint of secret values from user's $na{\ddot{i}}ve$ gestures. In this paper, we revisit the state-of-art radio channel based bimodal PIN-entry method and analyze the information leakage from the previous method by exploiting the sight tracking attacks. The proposed sight tracking attack technique significantly reduces the original password complexities by 93.8% after post-processing. To keep the security level strong, we introduce the advanced bimodal PIN-entry technique. The new technique delivers the secret indicator information through a secure radio channel and the smartphone screen only displays the multiple indicator options without corresponding numbers. Afterwards, the users select the target value by following the circular layout. The method completely hides the password and is secure against the advanced shoulder-surfing attacks.

Keywords

References

  1. M. K. Lee, H. Nam, and D. K. Kim, "Secure bimodal pin-entry method using audio signals," Computers & Security, vol. 56, pp. 140-150, 2016. https://doi.org/10.1016/j.cose.2015.06.006
  2. A. Bianchi, I. Oakley, V. Kostakos, and D. S. Kwon, "The phone lock: audio and haptic shoulder-surfing resistant pin entry methods for mobile devices," in Proceedings of the 5th International Conference on Tangible, Embedded, and Embodied Interaction, Funchal, Portugal, pp. 197-200, 2011.
  3. Q. Yue, Z. Ling, B. Liu, X. Fu, and W. Zhao, "Blind recognition of touched keys: attack and countermeasures," 2014 [Internet], Available: https://arxiv.org/abs/1403.4829.
  4. H. Seo, Z. Liu, G. Seo, T. Park, J. Choi, and H. Kim, "Open sesame! Hacking the password," in Information Security Applications, Lecture Notes in Computer Science, vol. 9503, pp. 215-226, 2015.
  5. Specification of the Samsung Galaxy Note5, 2016 [Internet], Available: http://www.gsmarena.com/samsung_galaxy_note5-7431.php.
  6. V. Roth, K. Richter, and R. Freidinger, "A pin-entry method resilient against shoulder surfing," in Proceedings of the 11th ACM Conference on Computer and Communications Security, Washington, DC, pp. 236-245, 2004.
  7. A. Bianchi, I. Oakley, and D. S. Kwon, "Counting clicks and beeps: Exploring numerosity based haptic and audio pin entry," Interacting with Computers, vol. 24, no. 5, pp. 409-422, 2012. https://doi.org/10.1016/j.intcom.2012.06.005
  8. Ivona Text-to-Speech, 2016 [Internet], Available: https://www. ivona.com.

Cited by

  1. 스마트폰과 스마트워치를 활용한 사용자 인증 기법 vol.21, pp.11, 2017, https://doi.org/10.6109/jkiice.2017.21.11.2109