A Secure Pin Authentication Method against Shoulder Surfing Attacks

Abstract

Users normally tend to reuse the same personalized identification number (PIN) for multiple applications. Direct PIN entries are highly susceptible to shoulder-surfing attacks as attackers can effectively capture user's PIN entry number with the help of concealed cameras. Indirect PIN entry methods proposed as counter measures are rarely deployed because they demand a heavier cognitive workload for users. To achieve fool-proof security and usability, a practical indirect PIN entry method called SteganoPIN is proposed. The human- machine interface of SteganoPIN comprises two numerical keypads: one shielded or hidden and the other exposed, designed specifically to physically thwart and protect against shoulder-surfing attacks. After locating a long-term PIN in the more usual layout, through the covered permuted keypad, a user generates a one-time password that can safely be entered in plain view of attackers. This enables the user to establish a secure transaction by means of a mobile app to the server by implementing the SteganoPIN method using multi-touch concept that is based on independent variable PIN entry system (Standard PIN, SteganoPIN). The main objective of the project is to create an android application for coping with shoulder-surfing attacks using multi-touch concept in SteganoPIN method. Only after the user PIN entered in the shuffled keypad matches with that of the static keypad, the authentication is then confirmed.Thus, this method allows the user to perform a safe banking transaction through multi-touch SteganoPIN concept. By this method, when the user details are sent to the bank server, a unique MAC id is generated, which should match the user's PIN and MAC id registered in the bank. There are two keypads: static and challenged (or) shuffled key pads; the challenged keypad becomes visible only if the proximity sensor senses the user's cup-shaped hand gesture.