Observation Attacks Resistant PIN Authentication Schemes Based on Combinations of Visual-Audio-Haptic Interfaces

• Main Authors: LIN,CHANG-CHIH, 林昌志
• Other Authors: KU,WEI-CHI
• Format: Others
• Language: zh-TW
• Published: 2019
• Online Access: http://ndltd.ncl.edu.tw/handle/58mzm6

碩士 === 國立臺中教育大學 === 資訊工程學系 === 107 === Personal Identification Number (PIN) is a numeric password that can be used for user authentication. The major advantage of using PIN is low memory burden and low operation burden. In particular, PIN authentication usually will not cause the problems of privacy violation and non-replacement, which cannot be fully avoided in authentication methods based on biometrics. So far, PIN is still widely used in many application systems for authenticating users. However, since common PIN authentication schemes cannot resist observation attacks, in which the adversary can obtain the user’s PIN by using shoulder-surfing attacks and/or camera recording attacks, many observation attacks resistant PIN authentication schemes have been proposed. However, none of existing observation attacks resistant PIN authentication schemes can achieve both high security and good usability. To improve the resistance to observation attacks, we propose an earphones free audio based observation attacks resistant PIN authentication scheme — A-PAS, which uses a dual-tone mechanism to speed up the login process to improve usability, using mobile devices. Next, for environments with high security requirements, we propose another earphones free audio based observation attacks resistant PIN authentication scheme — A-PASPLUS, based on our improved dual-tone mechanism. Although the login time of A-PASPLUS may be slightly longer, its resistance to accidental login is strengthened. Furthermore, to reduce the user’s login time, we propose an earphones free visual-audio based observation attacks resistant PIN authentication scheme — VA-PAS, in which the mobile device’s receiver and touchscreen are used to speed up the user’s login process. However, VA-PAS is not suitable for noisy environments. Considering most current mobile devices provide multiple sensory interfaces and mechanisms, we propose an earphones free visual-audio-haptic based observation attacks resistant PIN authentication scheme — VAH-PAS, which uses the haptic feedback mechanism to reduce the possibility of leaking secret voice prompts in the situation that the mobile device’s receiver does not fit snugly to the user’s ear. Compared with VA-PAS, VAH-PAS is more suitable for noisy environments and for mild hearing-impaired users. Finally, we compare the proposed schemes with some existing representative observation attacks resistant PIN authentication schemes. The system designers and the users can choose the suitable observation attacks resistant PIN authentication schemes according to the security and usability requirements for their application environments.