Secure bimodal PIN-entry method using audio signals

Abstract

A Personal Identification Number (PIN) is a multiple-digit sequence widely used for user authentication. It is desirable for a PIN-entry method to be secure against two main security threats, random guessing attacks and recording attacks. Although there have been many proposals for challenge-response-based PIN-entry methods, it is well known that the only way to prevent both attacks is to physically prevent attackers from observing the challenge-response pairs, which motivates the development of PIN-entry methods that use secure secondary channels such as audio signals. To provide a guideline for designing an audio-based PIN-entry method, we propose a simple framework to transform a non-audio-based method into an audio-based one. We also present a new PIN-entry method that improves the performance of this simple transformation. Most audio-based methods in the literature are unimodal methods, that is, they transmit almost all required information through an audio channel because it was believed that this approach maximized the user's performance. In this paper, however, we show that a carefully designed bimodal system may be more usable than a unimodal one. We present a new PIN-entry method whose audio channel only transmits the minimal required data while most of the challenge information is transmitted through the efficient visual channel. Our user study shows that the PIN-entry time of the proposed method is shorter than those of the previous audio-based methods, while its error rate is kept as low as that of the previous methods.