| Summary: | 碩士 === 國立臺中教育大學 === 資訊工程學系 === 105 === Common PIN-entry schemes are vulnerable to observation attacks, in which the adversary can obtain the user’s PIN by using shoulder-surfing attacks or camera recording attacks. Therefore, some observation attacks resistant PIN-entry schemes have been proposed. However, none of these observation attacks resistant PIN-entry schemes can achieve both sufficient security and high usability. To solve this problem, audios have been used by some observation attacks resistant PIN-entry schemes as secondary channels for sending secret information from the system to the user. In this thesis, we analyze the security and usability of three representative audio-based observation attacks resistant PIN-entry schemes for mobile devices, including Phone Lock, ColorLock, and LinA. However, as the user has to carry an earphone with him in existing audio-based observation attacks resistant PIN-entry schemes, the usability of existing audio-based observation attacks resistant PIN-entry schemes is not ideal. Thus, we propose a simple audio-based observation attacks resistant PIN-Entry scheme, Audio-PES (Audio PIN Entry Scheme), in which the device’s receiver is used by the system to covertly transmit secret information to the user at low volume so that earphones are not required. However, the usability of Audio-PES is still unsatisfactory for some high-efficiency applications. Thus, we propose another audio-based observation attacks resistant PIN-Entry scheme, O-Audio-PES (Overlapping Audio PIN Entry Scheme), in which earphones are also not required. By using the technique of overlapping the user’s responses, the login time can be reduced. On the other hand, in existing audio-based observation attacks resistant PIN-entry schemes, the transmission efficiency of secret information is insufficient. Therefore, we propose the third audio-based observation attacks resistant PIN-entry scheme, D-Audio-PES (Dual Tone Audio PIN Entry Scheme), in which earphones are also not required. By using the technology of dual tone, the usability can be improved. Finally, we compare the security and usability of the proposed three schemes and three existing representative schemes. The application developers can choose the audio-based observation attacks resistant PIN-entry scheme suitable for the application environments.
|
|---|
