Scrambling Keypad for Secure Pin Entry to Defeat Shoulder Surfing and Inference Attacks

Personal identification number (PIN) is a common user authentication method widely used especially for automated teller machines and point-of-sales devices. The user's PIN entry is susceptible to shoulder-surfing and inference attacks, where the attacker can obtain the PIN by looking over the user's shoulder. The conventional keypad with a fixed layout makes it easy for the attacker to infer the PIN entered by casual observation. This paper proposes a method of authentication to address these challenges. The paper develops a prototype numeric keypad with a layout akin to the conventional keypad, with the keys randomized for each PIN entry. The shuffle algorithm, Durstenfeld shuffle algorithm, is implemented in an application developed using JavaScript, which is a prototype-based object-oriented programming application that conforms to the ECMAScript specification. The prototype is implemented on three computing platforms for evaluation. The test proves the effectiveness of the system to mitigate shoulder-surfing and inference attacks.

Performance Evolution of Face and Speech Recognition system using DTCWT and MFCC Features

Every activity in day-to-day life is required the need of mechanized automation for ensuring the security. The biometrics security system provides the automatic recognition of human by overcoming the traditional recognition methods like Password, Personal Identification Number and ID cards etc. The face recognition is a wide research with many applications. In the proposed work face recognition is carried out using DTCWT (Dual Tree Complex Wavelet Transform) integrated with predominant QFT (Quick Fourier Transform) and speech recognition is carried out using MFCC (Mel Frequency Cepstral Coefficients) algorithm. The distance formula is used for matching the test features and database features of the face and speech images. Performance variables such as EER, FRR, FAR and TSR are evaluated for person recognition

Simple Screen Locking Method Using Randomly Generated Number Grid on Image

Smartphones have become part and parcel of our daily life. Due to the more and more advanced features incorporated, its role has extended beyond calls and text messages, and it has become a place where important personal information is being stored. Thus, it needs to be protected from unauthorised users, which is usually achieved by using screen locking. However, improved screen locking security often compromises other aspects, such as usability and cost. In this article, a new screen locking method (SyS) that is both simple, secure from shoulder surf and smudge attacks, and not expensive to implement is presented. It uses an image and a chosen number to create the screen locking code. Evaluation results show that the SyS screen lock method scores best in terms of usability and security compared to the other three common screen locking methods, namely personal identification number or PIN, password, and pattern. It also performs well theoretically when compared against existing screen locking methods that aim at defending against similar attacks.

An Improved Security Model for Nigerian Unstructured Supplementary Services Data Mobile Banking Platform

Unstructured Supplementary Services Data (USSD) is a menu driven, real time communication technology used for value added services. It is adopted by banks for financial transactions due to its ease of operation. However existing USSD are used by fraudster to commit identity theft through Subscriber Identification Module (SIM) swap, phone theft and kidnap, in other to access funds in the bank. One of the reasons this is made possible is because existing USSD platforms use Automated Teller Machine (ATM) Personal Identification Number (PIN) as second level authenticator and this compromises the ATM channel and violets one of the stated guidelines for USSD operation in Nigeria. More so, the PIN is entered bare on the platform and so can easily be stolen by shoulder surfing. Therefore, in this paper we developed and simulated an improved USSD security model for banking operations in Nigeria. The security of existing USSD platform was enhanced using answer to a secret question as another level of authentication. This was with the view to minimise identity theft. This secret question is registered in the bank during account opening for new customers while existing customers will have to update their details in the banks data base before registering for USSD services. This is done the same way customers verify their ATM PIN in the bank. Hence the answer is known by the customer alone. The model was implemented using php on XAMPP platform and simulated using hubtel USSD mocker. Results showed that security of the proposed system was enhanced through another level of authentication provided by the answer to the security question.

Smart Secured Wireless ATM using Finger Print Recognition

Automated Teller Machines (ATMs) have become an essential part of the individual’s daily routine as it is utilized to change one’s existing ATM Personal Identification Number (PIN), check one’s amount balance and its most important function is to extract one’s money. Nowadays, the culprits have the latest technologies at their disposal, which aids them, to easily hack into the secured systems of the banks and collect the confidential information of the clients such as their ATM PINs, Card Details, etc., To counter that, fingerprint sensing incorporated with One Time Passwords (OTPs) has been suggested, as it is globally accepted that the fingerprints of every person are unique and different, while OTPs don’t hold its value like ATM PINs. This research is based on using Python Graphical User Interface (GUI) as the ATM screen. The innovation in this study exists in two ways. The first one is that OTPs will be sent via Python Graphical User Interface (GUI), on the client’s registered email address also (along with the client’s recorded phone number), so that OTPs can still be accessed in case of Subscriber Identity Modules (SIMs) lost. The second one is that including a Uniform Resource Allocator (URL: www.msbank.co.in) for online enrollments of the clients and producing Application Program Interfaces (APIs). The main idea is to first check the client’s fingerprints and then to verify the OTPs from our Admin-Password Protected Mongo Database. The involved algorithm also maintains a check that the same email address cannot be utilized again for registration.

Behavioral Acoustic Emanations: Attack and Verification of PIN Entry Using Keypress Sounds

This paper explores the security vulnerability of Personal Identification Number (PIN) or numeric passwords. Entry Device (PEDs) that use small strings of data (PINs, keys or passwords) as means of verifying the legitimacy of a user. Today, PEDs are commonly used by personnel in different industrial and consumer electronic applications, such as entry at security checkpoints, ATMs and customer kiosks, etc. In this paper, we propose a side-channel attack on a 4–6 digit random PIN key, and a PIN key user verification method. The intervals between two keystrokes are extracted from the acoustic emanation and used as features to train machine-learning models. The attack model has a 60% chance to recover the PIN key. The verification model has an 88% accuracy on identifying the user. Our attack methods can perform key recovery by using the acoustic side-channel at low cost. As a countermeasure, our verification method can improve the security of PIN entry devices.