Browse > Article
http://dx.doi.org/10.6109/jicce.2017.15.2.91

Hidden Indicator Based PIN-Entry Method Using Audio Signals  

Seo, Hwajeong (Department of IT Convergence Engineering, Hansung University)
Kim, Howon (Department of Computer Engineering, Pusan National University)
Publication Information
Journal of information and communication convergence engineering / v.15, no.2, 2017 , pp. 91-96 More about this Journal
Abstract
PIN-entry interfaces have high risks to leak secret values if the malicious attackers perform shoulder-surfing attacks with advanced monitoring and observation devices. To make the PIN-entry secure, many studies have considered invisible radio channels as a secure medium to deliver private information. However, the methods are also vulnerable if the malicious adversaries find a hint of secret values from user's $na{\ddot{i}}ve$ gestures. In this paper, we revisit the state-of-art radio channel based bimodal PIN-entry method and analyze the information leakage from the previous method by exploiting the sight tracking attacks. The proposed sight tracking attack technique significantly reduces the original password complexities by 93.8% after post-processing. To keep the security level strong, we introduce the advanced bimodal PIN-entry technique. The new technique delivers the secret indicator information through a secure radio channel and the smartphone screen only displays the multiple indicator options without corresponding numbers. Afterwards, the users select the target value by following the circular layout. The method completely hides the password and is secure against the advanced shoulder-surfing attacks.
Keywords
Personal identification number; Random guessing attack; Shoulder surfing attack; User authentication;
Citations & Related Records
연도 인용수 순위
  • Reference
1 M. K. Lee, H. Nam, and D. K. Kim, "Secure bimodal pin-entry method using audio signals," Computers & Security, vol. 56, pp. 140-150, 2016.   DOI
2 A. Bianchi, I. Oakley, V. Kostakos, and D. S. Kwon, "The phone lock: audio and haptic shoulder-surfing resistant pin entry methods for mobile devices," in Proceedings of the 5th International Conference on Tangible, Embedded, and Embodied Interaction, Funchal, Portugal, pp. 197-200, 2011.
3 Q. Yue, Z. Ling, B. Liu, X. Fu, and W. Zhao, "Blind recognition of touched keys: attack and countermeasures," 2014 [Internet], Available: https://arxiv.org/abs/1403.4829.
4 H. Seo, Z. Liu, G. Seo, T. Park, J. Choi, and H. Kim, "Open sesame! Hacking the password," in Information Security Applications, Lecture Notes in Computer Science, vol. 9503, pp. 215-226, 2015.
5 Specification of the Samsung Galaxy Note5, 2016 [Internet], Available: http://www.gsmarena.com/samsung_galaxy_note5-7431.php.
6 V. Roth, K. Richter, and R. Freidinger, "A pin-entry method resilient against shoulder surfing," in Proceedings of the 11th ACM Conference on Computer and Communications Security, Washington, DC, pp. 236-245, 2004.
7 A. Bianchi, I. Oakley, and D. S. Kwon, "Counting clicks and beeps: Exploring numerosity based haptic and audio pin entry," Interacting with Computers, vol. 24, no. 5, pp. 409-422, 2012.   DOI
8 Ivona Text-to-Speech, 2016 [Internet], Available: https://www. ivona.com.