Two-Thumbs-Up: Physical protection for PIN entry secure against recording attacks

Two-Thumbs-Up: Physical protection for PIN entry secure against recording attacks

We present a new Personal Identification Number (PIN) entry method for smartphones that can be used in security-critical applications, such as smartphone banking. The proposed “Two-Thumbs-Up” (TTU) scheme is resilient against observation attacks such as shoulder-surfing and camera recording, and gui...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers & security 2018-09, Vol.78, p.1-15
Hauptverfasser: Nyang, DaeHun, Kim, Hyoungshick, Lee, Woojoo, Kang, Sung-bae, Cho, Geumhwan, Lee, Mun-Kyu, Mohaisen, Aziz
Format: Artikel
Sprache:eng
Schlagworte:
Authentication
Authentication protocols
Eavesdropping
Feasibility studies
Mobile commerce
Personal Identification Number (PIN)
Personal identification numbers
Physical shielding
Recording
Recording attack
Shielding
Smartphone
Smartphones
Touch screens
User studies
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 15
container_issue
container_start_page 1
container_title Computers & security
container_volume 78
creator Nyang, DaeHun
Kim, Hyoungshick
Lee, Woojoo
Kang, Sung-bae
Cho, Geumhwan
Lee, Mun-Kyu
Mohaisen, Aziz
description We present a new Personal Identification Number (PIN) entry method for smartphones that can be used in security-critical applications, such as smartphone banking. The proposed “Two-Thumbs-Up” (TTU) scheme is resilient against observation attacks such as shoulder-surfing and camera recording, and guides users to protect their PIN information from eavesdropping by shielding the challenge area on the touch screen. To demonstrate the feasibility of TTU, we conducted a user study for TTU, and compared it with existing authentication methods (Normal PIN, Black and White PIN, and ColorPIN) in terms of usability and security. The study results demonstrate that TTU is more secure than other PIN entry methods in the presence of an observer recording multiple authentication sessions.
doi_str_mv 10.1016/j.cose.2018.05.012
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2131205231</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0167404818305789</els_id><sourcerecordid>2131205231</sourcerecordid><originalsourceid>FETCH-LOGICAL-c328t-6cfc9aafbcf36bd65232caa8405d75a2ac52eaf94c342346c628b1aaa70261e13</originalsourceid><addsrcrecordid>eNp9kLtOwzAUhi0EEqXwAkyWmBNsJ3FcxIIqLpUQFKmdrZMTp3Vp42I7oL49icrMdJb_dj5CrjlLOePydpOiCyYVjKuUFSnj4oSMuCpFIgVTp2TUi8okZ7k6JxchbBjjpVRqRD4WPy5ZrLtdFZLl_o7O14dgEbZ07100GK1raeM8nc_eqGmjP9BgsPOGwgpsGyL1Bp2vbbuiECPgZ7gkZw1sg7n6u2OyfHpcTF-S1_fn2fThNcFMqJhIbHAC0FTYZLKqZSEygQAqZ0VdFiAAC2GgmeSY5SLLJUqhKg4AJROSG56Nyc0xt1_61ZkQ9cZ1vu0rteAZF6xPHFTiqELvQvCm0Xtvd-APmjM9oNMbPaDTAzrNCt2j6033R5Pp939b43VAa1o0te3fjbp29j_7L5egd9k</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2131205231</pqid></control><display><type>article</type><title>Two-Thumbs-Up: Physical protection for PIN entry secure against recording attacks</title><source>Elsevier ScienceDirect Journals</source><creator>Nyang, DaeHun ; Kim, Hyoungshick ; Lee, Woojoo ; Kang, Sung-bae ; Cho, Geumhwan ; Lee, Mun-Kyu ; Mohaisen, Aziz</creator><creatorcontrib>Nyang, DaeHun ; Kim, Hyoungshick ; Lee, Woojoo ; Kang, Sung-bae ; Cho, Geumhwan ; Lee, Mun-Kyu ; Mohaisen, Aziz</creatorcontrib><description>We present a new Personal Identification Number (PIN) entry method for smartphones that can be used in security-critical applications, such as smartphone banking. The proposed “Two-Thumbs-Up” (TTU) scheme is resilient against observation attacks such as shoulder-surfing and camera recording, and guides users to protect their PIN information from eavesdropping by shielding the challenge area on the touch screen. To demonstrate the feasibility of TTU, we conducted a user study for TTU, and compared it with existing authentication methods (Normal PIN, Black and White PIN, and ColorPIN) in terms of usability and security. The study results demonstrate that TTU is more secure than other PIN entry methods in the presence of an observer recording multiple authentication sessions.</description><identifier>ISSN: 0167-4048</identifier><identifier>EISSN: 1872-6208</identifier><identifier>DOI: 10.1016/j.cose.2018.05.012</identifier><language>eng</language><publisher>Amsterdam: Elsevier Ltd</publisher><subject>Authentication ; Authentication protocols ; Eavesdropping ; Feasibility studies ; Mobile commerce ; Personal Identification Number (PIN) ; Personal identification numbers ; Physical shielding ; Recording ; Recording attack ; Shielding ; Smartphone ; Smartphones ; Touch screens ; User studies</subject><ispartof>Computers &amp; security, 2018-09, Vol.78, p.1-15</ispartof><rights>2018</rights><rights>Copyright Elsevier Sequoia S.A. Sep 2018</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c328t-6cfc9aafbcf36bd65232caa8405d75a2ac52eaf94c342346c628b1aaa70261e13</citedby><cites>FETCH-LOGICAL-c328t-6cfc9aafbcf36bd65232caa8405d75a2ac52eaf94c342346c628b1aaa70261e13</cites><orcidid>0000-0003-3227-2505 ; 0000-0003-4423-7467 ; 0000-0002-1605-3866</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.sciencedirect.com/science/article/pii/S0167404818305789$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>314,776,780,3536,27903,27904,65309</link.rule.ids></links><search><creatorcontrib>Nyang, DaeHun</creatorcontrib><creatorcontrib>Kim, Hyoungshick</creatorcontrib><creatorcontrib>Lee, Woojoo</creatorcontrib><creatorcontrib>Kang, Sung-bae</creatorcontrib><creatorcontrib>Cho, Geumhwan</creatorcontrib><creatorcontrib>Lee, Mun-Kyu</creatorcontrib><creatorcontrib>Mohaisen, Aziz</creatorcontrib><title>Two-Thumbs-Up: Physical protection for PIN entry secure against recording attacks</title><title>Computers &amp; security</title><description>We present a new Personal Identification Number (PIN) entry method for smartphones that can be used in security-critical applications, such as smartphone banking. The proposed “Two-Thumbs-Up” (TTU) scheme is resilient against observation attacks such as shoulder-surfing and camera recording, and guides users to protect their PIN information from eavesdropping by shielding the challenge area on the touch screen. To demonstrate the feasibility of TTU, we conducted a user study for TTU, and compared it with existing authentication methods (Normal PIN, Black and White PIN, and ColorPIN) in terms of usability and security. The study results demonstrate that TTU is more secure than other PIN entry methods in the presence of an observer recording multiple authentication sessions.</description><subject>Authentication</subject><subject>Authentication protocols</subject><subject>Eavesdropping</subject><subject>Feasibility studies</subject><subject>Mobile commerce</subject><subject>Personal Identification Number (PIN)</subject><subject>Personal identification numbers</subject><subject>Physical shielding</subject><subject>Recording</subject><subject>Recording attack</subject><subject>Shielding</subject><subject>Smartphone</subject><subject>Smartphones</subject><subject>Touch screens</subject><subject>User studies</subject><issn>0167-4048</issn><issn>1872-6208</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2018</creationdate><recordtype>article</recordtype><recordid>eNp9kLtOwzAUhi0EEqXwAkyWmBNsJ3FcxIIqLpUQFKmdrZMTp3Vp42I7oL49icrMdJb_dj5CrjlLOePydpOiCyYVjKuUFSnj4oSMuCpFIgVTp2TUi8okZ7k6JxchbBjjpVRqRD4WPy5ZrLtdFZLl_o7O14dgEbZ07100GK1raeM8nc_eqGmjP9BgsPOGwgpsGyL1Bp2vbbuiECPgZ7gkZw1sg7n6u2OyfHpcTF-S1_fn2fThNcFMqJhIbHAC0FTYZLKqZSEygQAqZ0VdFiAAC2GgmeSY5SLLJUqhKg4AJROSG56Nyc0xt1_61ZkQ9cZ1vu0rteAZF6xPHFTiqELvQvCm0Xtvd-APmjM9oNMbPaDTAzrNCt2j6033R5Pp939b43VAa1o0te3fjbp29j_7L5egd9k</recordid><startdate>201809</startdate><enddate>201809</enddate><creator>Nyang, DaeHun</creator><creator>Kim, Hyoungshick</creator><creator>Lee, Woojoo</creator><creator>Kang, Sung-bae</creator><creator>Cho, Geumhwan</creator><creator>Lee, Mun-Kyu</creator><creator>Mohaisen, Aziz</creator><general>Elsevier Ltd</general><general>Elsevier Sequoia S.A</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>K7.</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0003-3227-2505</orcidid><orcidid>https://orcid.org/0000-0003-4423-7467</orcidid><orcidid>https://orcid.org/0000-0002-1605-3866</orcidid></search><sort><creationdate>201809</creationdate><title>Two-Thumbs-Up: Physical protection for PIN entry secure against recording attacks</title><author>Nyang, DaeHun ; Kim, Hyoungshick ; Lee, Woojoo ; Kang, Sung-bae ; Cho, Geumhwan ; Lee, Mun-Kyu ; Mohaisen, Aziz</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c328t-6cfc9aafbcf36bd65232caa8405d75a2ac52eaf94c342346c628b1aaa70261e13</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2018</creationdate><topic>Authentication</topic><topic>Authentication protocols</topic><topic>Eavesdropping</topic><topic>Feasibility studies</topic><topic>Mobile commerce</topic><topic>Personal Identification Number (PIN)</topic><topic>Personal identification numbers</topic><topic>Physical shielding</topic><topic>Recording</topic><topic>Recording attack</topic><topic>Shielding</topic><topic>Smartphone</topic><topic>Smartphones</topic><topic>Touch screens</topic><topic>User studies</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Nyang, DaeHun</creatorcontrib><creatorcontrib>Kim, Hyoungshick</creatorcontrib><creatorcontrib>Lee, Woojoo</creatorcontrib><creatorcontrib>Kang, Sung-bae</creatorcontrib><creatorcontrib>Cho, Geumhwan</creatorcontrib><creatorcontrib>Lee, Mun-Kyu</creatorcontrib><creatorcontrib>Mohaisen, Aziz</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computers &amp; security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Nyang, DaeHun</au><au>Kim, Hyoungshick</au><au>Lee, Woojoo</au><au>Kang, Sung-bae</au><au>Cho, Geumhwan</au><au>Lee, Mun-Kyu</au><au>Mohaisen, Aziz</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Two-Thumbs-Up: Physical protection for PIN entry secure against recording attacks</atitle><jtitle>Computers &amp; security</jtitle><date>2018-09</date><risdate>2018</risdate><volume>78</volume><spage>1</spage><epage>15</epage><pages>1-15</pages><issn>0167-4048</issn><eissn>1872-6208</eissn><abstract>We present a new Personal Identification Number (PIN) entry method for smartphones that can be used in security-critical applications, such as smartphone banking. The proposed “Two-Thumbs-Up” (TTU) scheme is resilient against observation attacks such as shoulder-surfing and camera recording, and guides users to protect their PIN information from eavesdropping by shielding the challenge area on the touch screen. To demonstrate the feasibility of TTU, we conducted a user study for TTU, and compared it with existing authentication methods (Normal PIN, Black and White PIN, and ColorPIN) in terms of usability and security. The study results demonstrate that TTU is more secure than other PIN entry methods in the presence of an observer recording multiple authentication sessions.</abstract><cop>Amsterdam</cop><pub>Elsevier Ltd</pub><doi>10.1016/j.cose.2018.05.012</doi><tpages>15</tpages><orcidid>https://orcid.org/0000-0003-3227-2505</orcidid><orcidid>https://orcid.org/0000-0003-4423-7467</orcidid><orcidid>https://orcid.org/0000-0002-1605-3866</orcidid></addata></record>
fulltext fulltext
identifier ISSN: 0167-4048
ispartof Computers & security, 2018-09, Vol.78, p.1-15
issn 0167-4048
1872-6208
language eng
recordid cdi_proquest_journals_2131205231
source Elsevier ScienceDirect Journals
subjects Authentication
Authentication protocols
Eavesdropping
Feasibility studies
Mobile commerce
Personal Identification Number (PIN)
Personal identification numbers
Physical shielding
Recording
Recording attack
Shielding
Smartphone
Smartphones
Touch screens
User studies
title Two-Thumbs-Up: Physical protection for PIN entry secure against recording attacks
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-25T03%3A07%3A46IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Two-Thumbs-Up:%20Physical%20protection%20for%20PIN%20entry%20secure%20against%20recording%20attacks&rft.jtitle=Computers%20&%20security&rft.au=Nyang,%20DaeHun&rft.date=2018-09&rft.volume=78&rft.spage=1&rft.epage=15&rft.pages=1-15&rft.issn=0167-4048&rft.eissn=1872-6208&rft_id=info:doi/10.1016/j.cose.2018.05.012&rft_dat=%3Cproquest_cross%3E2131205231%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2131205231&rft_id=info:pmid/&rft_els_id=S0167404818305789&rfr_iscdi=true