Browse > Article
http://dx.doi.org/10.9717/kmms.2020.23.6.738

Indirect PIN Entry Method for Mobile Banking Using Relative Location Information of Secret Code  

Choi, Dongmin (Div. of Undeclared Majors, Chosun University)
Publication Information
Journal of Korea Multimedia Society / v.23, no.6, 2020 , pp. 738-746 More about this Journal
Abstract
In this paper, we propose an indirect PIN entry method that provides enhanced security against smudge, recording, and thermal attacks. Conventional mobile PIN entry methods use on-screen numeric keypad for both use of display and entry. Thus These methods are vulnerable to aforementioned attacks. In our method, passcode is same as that of the conventional PIN entry methods, and that is user-friendly way for mobile device users. Therefore, our method does not reduce user convenience which is one of the advantages of the conventional methods. In addition, our method is not a method of directly touching the on-screen numeric keypad for entering passcode like the conventional PIN methods. Unlike the conventional methods, our method uses an indirect passcode entry method that applied a passcode indicating key. According to the performance comparison result, proposed method provides user convenience similar to the conventional methods, and also provides a higher level of security and safety against recording, smudge, and thermal attacks than the conventional methods.
Keywords
Indirect PIN Entry; Social Engineering; Arrow Key; Mobile Banking;
Citations & Related Records
연도 인용수 순위
  • Reference
1 L. Cai and H. Chen, "TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion," Proceedings of 6th UNIX and Advanced Computing Systems Professional and Technical Association Conference on Hot Topics in Security, pp. 9-9, 2011.
2 E. Miluzzo, A. Varshavsky, S. Balakrishnan, and R.R. Choudhury, "TapPrints: Your Finger Taps Have Fingerprints," Proceedings of International Conference on Mobile Systems, Applications, and Services, pp. 323-336, 2012.
3 H. Kim, H. Seo, Y. Lee, T. Park, and H. Kim, “Implementation of Secure Virtual Financial Keypad for Shoulder Surfing Attack,” Korea Institute of Information Security and Cryptography, Vol. 23, No. 6, pp. 21-29, 2013.
4 H. Sun, S. Chen, J. Yeh, and C. Cheng, "A Shoulder Surfing Resistant Graphical Authentication System," IEEE Transactions on Dependable and Secure Computing, Vol. 15, Issue 2, pp. 1-1, 2016.
5 Password Security: Top 20 Most Common Passwords Revealed(2018), https://vpns.co.uk/the-20-most-common-passwords-by-keyboard-pattern/ (accessed May 09, 2020).
6 PIN Analysis(2012), https://www.datagenetics.com/blog/september32012/ (accessed May 09, 2020).
7 Y. Abdelrahman, M. Khamis, S. Schneegass, and F. Alt, "Stay Cool! Understanding Thermal Attacks on Mobile-based User Authentication," Proceedings of Conference on Human Factors in Computing Systems, pp. 3751-3763, 2017.
8 Y. Lee, "An Analysis on the Vulnerability of Secure Keypads for Mobile Devices," Journal of Korean Society for Internet Information, Vol. 14, No. 3, pp. 15-21, 2013.
9 J. Lee, J. Lee, and D. Park, "Smart Lock Design Using by Complex Context-Information," Proceedings of the Conference on Korea Human Computer Interaction Society, pp. 197-202, 2018.
10 T. Kwon and S. Na, "Switch PIN: Securing Smartphone PIN Entry with Switchable Keypads," Proceedings of the IEEE International Conference on Consumer Electronics, pp. 23-24, 2014.
11 Thermal Imaging Camera CAT S61(2019), https://www.catphones.com/en-dk/features/integrated-thermal-imaging/ (accessed May 09, 2020).
12 Smartphone Camera(2020), https://www.zdnet.co.kr/view/?no=20200324181642 (accessed May 09, 2020).
13 K. Cheoi and J. Han, "A Novel Door Security System Using Hand Gesture Recognition," Journal of Korea Multimedia Society, Vol. 19, No. 8, pp. 1320-1328, 2016.   DOI
14 Galaxy S20 5G(2020), https://www.samsung.com/sec/smartphones/galaxy-s20/specs/ (accessed May 09, 2020).
15 Huawei P30 Pro, https://brunch.co.kr/@bkoon/24 (accessed May 09, 2020).
16 T. Takada, "Fake Pointer: An Authentication Scheme for Improving Security against Peeping Attacks Using Video Cameras," Proceeding of International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies, pp. 395-400, 2008.
17 A.J. Aviv, K. Gibson, E. Mossop, M. Blaze, and J.M. Smith, "Smudge Attacks on Smartphone Touch Screens," Proceedings of 4th UNIX and Advanced Computing Systems Professional and Technical Association Conference on Offensive Technologies, pp. 1-7, 2010.