ABSTRACT
In this paper, we report our trial to make a better form of personal identification number(PIN) authentication for a mobile device. We think that mobile users should be given a more secure alternative authentication because PIN authentication has well-known flaws. However, proposed alternative schemes change the authentication method drastically and that may discomfort mobile users. Our approach is to just change the input operation of PIN authentication by allowing more than one number at a time using a multi-touch enabled screen. We implemented a web-based prototype system and conducted an informal user study using it. The results of the study indicate that PIN input time, input errors and secret memorability of the proposed scheme were no worse than those of conventional PIN authentication. We also discuss the mathematical security level and other advantages of the scheme.
- A. J. Aviv, K. Gibson, E. Mossop, M. Blaze, and J. M. Smith. Smudge attacks on smartphone touch screens. In Proc. of the 4th USENIX conference on Offensive technologies, WOOT'10, pages 1--7, 2010. Google ScholarDigital Library
- S. Azenkot, K. Rector, R. Ladner, and J. Wobbrock. Passchords: secure multi-touch authentication for blind people. In Proc. of the 14th int'l ACM SIGACCESS conference on Computers and accessibility, ASSETS '12, pages 159--166, 2012. Google ScholarDigital Library
- M. K. Chong, G. Marsden, and H. Gellersen. Gesturepin: using discrete gestures for associating mobile devices. In Proc. of the 12th int'l conference on Human computer interaction with mobile devices and services, MobileHCI '10, pages 261--264, 2010. Google ScholarDigital Library
- A. De Luca, K. Hertzschuch, and H. Hussmann. Colorpin: securing pin entry through indirect input. In Proc. of the SIGCHI Conference on Human Factors in Computing Systems, CHI '10, pages 1103--1106, 2010. Google ScholarDigital Library
- P. Dunphy and J. Yan. Is facepin secure and usable? In Proc. of the 3rd symposium on Usable privacy and security, SOUPS '07, pages 165--166, 2007. Google ScholarDigital Library
- D. Kim, P. Dunphy, P. Briggs, J. Hook, J. W. Ni cholson, J. Nicholson, and P. Olivier. Multi-touch authentication on tabletops. In Proc. of the SIGCHI Conf. on Human Factors in Computing Systems, CHI '10, pages 1093--1102, 2010. Google ScholarDigital Library
- D. Ritter, F. Schaub, M. Walch, and M. Weber. Miba: multitouch image-based authentication on smartphones. In CHI '13 Extended Abstracts on Human Factors in Computing Systems, CHI EA '13, pages 787--792, 2013. Google ScholarDigital Library
- O. Riva, C. Qin, K. Strauss, and D. i. Lymberopoulos. Progressive authentication: Deciding when to authenticate on mobile phones. In Proc. of the 21st USENIX Security Symposium, USENIX Security '12, pages 165--166, 2012. Google ScholarDigital Library
Index Terms
- Extended PIN Authentication Scheme Allowing Multi-Touch Key Input
Recommendations
An Improved and Effective Secure Password-Based Authentication and Key Agreement Scheme Using Smart Cards for the Telecare Medicine Information System
Recently Lee and Liu proposed an efficient password based authentication and key agreement scheme using smart card for the telecare medicine information system [J. Med. Syst. (2013) 37:9933]. In this paper, we show that though their scheme is efficient, ...
Robust key authentication scheme resistant to public key substitution attacks
In the public key cryptosystem, each user owns a private key and a corresponding public key. When two parties want to communicate with each other, the message is encrypted with recipient's public key such that only the recipient can decrypt the ...
A Secure and Robust Password-Based Remote User Authentication Scheme Using Smart Cards for the Integrated EPR Information System
An integrated EPR (Electronic Patient Record) information system of all the patients provides the medical institutions and the academia with most of the patients' information in details for them to make corrective decisions and clinical decisions in ...
Comments