Scrambling Keypad for Secure Pin Entry to Defeat Shoulder Surfing and Inference Attacks

2021 ◽  
Vol 13 (3) ◽  
pp. 12-33
Author(s):  
Samuel Selassie Yakohene ◽  
Winfred Yaokumah ◽  
Ernest Barfo Boadi Gyebi
Keyword(s):  
User Authentication ◽  
Object Oriented ◽  
Personal Identification ◽  
Object Oriented Programming ◽  
Personal Identification Number ◽  
Automated Teller Machines ◽  
Shoulder Surfing ◽  
Inference Attacks ◽  
Computing Platforms ◽  
Common User

Personal identification number (PIN) is a common user authentication method widely used especially for automated teller machines and point-of-sales devices. The user's PIN entry is susceptible to shoulder-surfing and inference attacks, where the attacker can obtain the PIN by looking over the user's shoulder. The conventional keypad with a fixed layout makes it easy for the attacker to infer the PIN entered by casual observation. This paper proposes a method of authentication to address these challenges. The paper develops a prototype numeric keypad with a layout akin to the conventional keypad, with the keys randomized for each PIN entry. The shuffle algorithm, Durstenfeld shuffle algorithm, is implemented in an application developed using JavaScript, which is a prototype-based object-oriented programming application that conforms to the ECMAScript specification. The prototype is implemented on three computing platforms for evaluation. The test proves the effectiveness of the system to mitigate shoulder-surfing and inference attacks.

scholarly journals Gaze Touch Cross PIN: Secure Multimodal Authentication using Gaze and Touch PIN

2019 ◽  
Vol 9 (1) ◽  
pp. 777-781 ◽  
Keyword(s):  
Information Security ◽  
User Authentication ◽  
Personal Identification ◽  
Personal Identification Number ◽  
Public Places ◽  
The Gaze ◽  
Shoulder Surfing ◽  
Basic Goal ◽  
Authentication System ◽  
Reliability And Availability

The basic goal of information security is, to protect the privacy, reliability, and availability of information on devices that manipulate and store the information. To protect this information, the fundamental step is user authentication. The most common method for authentication on devices is the personal identification number (PIN) method, which is vulnerable to shoulder surfing attack. Shoulder surfing attack used by attacker especially in the crowded public places. For shoulder surfing attack prevention several methods had been proposed. This paper proposed a GazeTouchCrossPIN authentication method that overcome the limitations found in the earlier work. we propose a multimodal authentication system that combines between the gaze gesture and touch PIN authentication systems. The results illustrate that the proposed GazeTouchCrossPIN method is more secure hence it decreases the shoulder surfing rate in both side attacks and iterative attacks.

scholarly journals Multi-Factor Authentication and Fingerprint-based Debit Card System

2019 ◽  
Vol 5 (2) ◽  
pp. 19-28
Author(s):  
Mubarak Adetunji Ojewale ◽  
Patrick Meumeu Yomsi
Keyword(s):  
Mobile Phone ◽  
Personal Identification ◽  
Biometric Authentication ◽  
Personal Identification Number ◽  
Debit Card ◽  
Automated Teller Machines ◽  
Card System ◽  
Authentication System ◽  
One Time Password ◽  
Secure Authentication

One thing can be said to be common to all forms of debit card fraud – authentication bypass. This implies that a secure debit card transaction system can only be guaranteed by a safe and reliable authentication system. Many approaches have been adopted to ensure a secure authentication system, but often, these approaches are either focused on the Automated Teller Machines (ATM)/Point of Sales (POS) terminals or Online/e-commerce transactions, thus not providing full security on both fronts. In this work, we address this problem by adopting a multi-factor debit card system that uses a combination of the traditional Personal Identification Number code (PIN) and the mobile-phone delivered One-Time Password (OTP) with a biometric authentication option (fingerprint). We demonstrate that this approach ensures the security of both online and terminal transactions. The fingerprint option makes it easy to use by people who find memorizing PINs difficult.

scholarly journals Smart Secured Wireless ATM using Finger Print Recognition

2020 ◽  
Vol 9 (8) ◽  
pp. 70-78
Keyword(s):  
User Interface ◽  
Graphical User Interface ◽  
Main Idea ◽  
Personal Identification ◽  
Daily Routine ◽  
Wireless Atm ◽  
Personal Identification Number ◽  
Identification Number ◽  
Automated Teller Machines ◽  
Email Address

Automated Teller Machines (ATMs) have become an essential part of the individual’s daily routine as it is utilized to change one’s existing ATM Personal Identification Number (PIN), check one’s amount balance and its most important function is to extract one’s money. Nowadays, the culprits have the latest technologies at their disposal, which aids them, to easily hack into the secured systems of the banks and collect the confidential information of the clients such as their ATM PINs, Card Details, etc., To counter that, fingerprint sensing incorporated with One Time Passwords (OTPs) has been suggested, as it is globally accepted that the fingerprints of every person are unique and different, while OTPs don’t hold its value like ATM PINs. This research is based on using Python Graphical User Interface (GUI) as the ATM screen. The innovation in this study exists in two ways. The first one is that OTPs will be sent via Python Graphical User Interface (GUI), on the client’s registered email address also (along with the client’s recorded phone number), so that OTPs can still be accessed in case of Subscriber Identity Modules (SIMs) lost. The second one is that including a Uniform Resource Allocator (URL: www.msbank.co.in) for online enrollments of the clients and producing Application Program Interfaces (APIs). The main idea is to first check the client’s fingerprints and then to verify the OTPs from our Admin-Password Protected Mongo Database. The involved algorithm also maintains a check that the same email address cannot be utilized again for registration.

scholarly journals Development of Generic Field Classes for Finite Element and Finite Difference Problems

1993 ◽  
Vol 2 (4) ◽  
pp. 227-234 ◽  
Author(s):  
Diane A. Verner ◽  
Gregory L. Heileman ◽  
Kent G. Budge ◽  
Allen C. Robinson
Keyword(s):  
Finite Element ◽  
Parallel Computing ◽  
Finite Difference ◽  
Finite Element Methods ◽  
Finite Difference Methods ◽  
Object Oriented ◽  
Object Oriented Programming ◽  
The Other ◽  
Difference Methods ◽  
Computing Platforms

This article considers the development of a reusable object-oriented array library, as well as the use of this library in the construction of finite difference and finite element codes. The classes in this array library are also generic enough to be used to construct other classes specific to finite difference and finite element methods. We demonstrate the usefulness of this library by inserting it into two existing object-oriented scientific codes developed at Sandia National Laboratories. One of these codes is based on finite difference methods, whereas the other is based on finite element methods. Previously, these codes were separately maintained across a variety of sequential and parallel computing platforms. The use of object-oriented programming allows both codes to make use of common base classes. This offers a number of advantages related to optimization and portability. Optimization efforts, particularly important in large scientific codes, can be focused on a single library. Furthermore, by encapsulating machine dependencies within this library, the optimization of both codes on different architec-tures will only involve modification to a single library.

scholarly journals An Improved Security Model for Nigerian Unstructured Supplementary Services Data Mobile Banking Platform

2020 ◽  
pp. 974-987
Author(s):  
Samera Uga Otor ◽  
Beatrice Obianiberi Akumba ◽  
Joseph Sunday Idikwu ◽  
Iorwuese Peter Achika
Keyword(s):  
Communication Technology ◽  
Value Added ◽  
Identity Theft ◽  
Personal Identification ◽  
Security Model ◽  
Mobile Banking ◽  
Personal Identification Number ◽  
Shoulder Surfing ◽  
Automated Teller Machine ◽  
Financial Transactions

Unstructured Supplementary Services Data (USSD) is a menu driven, real time communication technology used for value added services. It is adopted by banks for financial transactions due to its ease of operation. However existing USSD are used by fraudster to commit identity theft through Subscriber Identification Module (SIM) swap, phone theft and kidnap, in other to access funds in the bank. One of the reasons this is made possible is because existing USSD platforms use Automated Teller Machine (ATM) Personal Identification Number (PIN) as second level authenticator and this compromises the ATM channel and violets one of the stated guidelines for USSD operation in Nigeria. More so, the PIN is entered bare on the platform and so can easily be stolen by shoulder surfing. Therefore, in this paper we developed and simulated an improved USSD security model for banking operations in Nigeria. The security of existing USSD platform was enhanced using answer to a secret question as another level of authentication. This was with the view to minimise identity theft. This secret question is registered in the bank during account opening for new customers while existing customers will have to update their details in the banks data base before registering for USSD services. This is done the same way customers verify their ATM PIN in the bank. Hence the answer is known by the customer alone. The model was implemented using php on XAMPP platform and simulated using hubtel USSD mocker. Results showed that security of the proposed system was enhanced through another level of authentication provided by the answer to the security question.

Sign in / Sign up

Export Citation Format

Share Document