Alexander De Luca
Heinrich Hussmann
ABSTRACT
Automated teller machine (ATM) frauds are increasing drastically these days. When analyzing the most common attacks and the reasons for successful frauds, it becomes apparent that the main problem lies in the PIN based authentication which in itself does not provide any security features (besides the use of asterisks). That is, security is solely based on a user's behavior. Indirect input is one way to solve this problem. This mostly comes at the costs of adding overhead to the input process. We present ColorPIN, an authentication mechanism that uses indirect input to provide security enhanced PIN entry. At the same time, ColorPIN remains a one-to-one relationship between the length of the PIN and the required number of clicks. A user study showed that ColorPIN is significantly more secure than standard PIN entry while enabling good authentication speed in comparison with related systems.
Supplemental Material
Available for Download
Slides from the presentation
- Adams, A., Sasse, M. A. Users are not the enemy. Commun. ACM 42, 12, 40--46. Google Scholar
Digital Library
- Hayashi, E., Dhamija, R., Christin, N., Perrig, A. Use your illusion: secure authentication usable anywhere. In Proc. SOUPS '08. Google ScholarDigital Library
- Moncur, W., Leplâtre, G. Pictures at the ATM: exploring the usability of multiple graphical passwords. In Proc. CHI '07. Google ScholarDigital Library
- Roth, V., Richter, K., Freidinger, R. A pin-entry method resilient against shoulder surfing. In Proc. CCS '04. Google ScholarDigital Library
- Sasamoto, H., Christin, N., Hayashi, E. Undercover: authentication usable in front of prying eyes. In Proc. CHI '08. Google ScholarDigital Library
- Tan, D., Keyani, P., Czerwinski, M. Spy-resistant keyboard: more secure password entry on public touch screen displays. In Proc. OZCHI '05. Google ScholarDigital Library
- Wiedenbeck, S., Waters, J., Sobrado, L., Birget, J.-C. Design and evaluation of a shoulder-surfing resistant graphical password scheme. In Proc. AVI 2006. Google ScholarDigital Library
Index Terms
- ColorPIN: securing PIN entry through indirect input
Recommendations
A new signature scheme without random oracles
Digital signature is commonly used for authentication of a user or data. In order to ensure the security of a signature scheme, it is important to design a signature scheme with a security proof. In 1999, Gennaro et al. and Cramer et al. respectively ...
Towards understanding ATM security: a field study of real world ATM use
SOUPS '10: Proceedings of the Sixth Symposium on Usable Privacy and SecurityWith the increase of automated teller machine (ATM) frauds, new authentication mechanisms are developed to overcome security problems of personal identification numbers (PIN). Those mechanisms are usually judged on speed, security, and memorability in ...
Improvement of the Peyravian-Jeffries's user authentication protocol and password change protocol
Remote authentication of users supported by passwords is a broadly adopted method of authentication within insecure network environments. Such protocols typically rely on pre-established secure cryptographic keys or public key infrastructure. Recently, ...
Comments