PIN码认证方法的安全性分析与心理学研究

2018 12th International Conference on Research Challenges in Information Science (RCIS) Pub Date : 2018-05-29 DOI:10.1109/RCIS.2018.8406648

Xavier Bultel, Jannik Dreier, Matthieu Giraud, M. Izaute, Timothée Kheyrkhah, P. Lafourcade, Dounia Lakhzoum, Vincent Marlin, L. Moták

{"title":"PIN码认证方法的安全性分析与心理学研究","authors":"Xavier Bultel, Jannik Dreier, Matthieu Giraud, M. Izaute, Timothée Kheyrkhah, P. Lafourcade, Dounia Lakhzoum, Vincent Marlin, L. Moták","doi":"10.1109/RCIS.2018.8406648","DOIUrl":null,"url":null,"abstract":"Touch screens have become ubiquitous in the past few years, like for instance in smartphones and tablets. These devices are often the entry door to numerous information systems, hence having a secure and practical authentication mechanism is crucial. In this paper, we examine the complexity of different authentication methods specifically designed for such devices. We study the widely spread technology to authenticate a user using a Personal Identifier Number code (PIN code). Entering the code is a critical moment where there are several possibilities for an attacker to discover the secret. We consider the three attack models: a Bruteforce Attack (BA) model, a Smudge Attack (SA) model, and an Observation Attack (OA) model where the attacker sees the user logging in on his device. The aim of the intruder is to learn the secret code. Our goal is to propose alternative methods to enter a PIN code. We compare such different methods in terms of security. Some methods require more intentional resources than other, this is why we performed a psychological study on the different methods to evaluate the users' perception of the different methods and their usage.","PeriodicalId":408651,"journal":{"name":"2018 12th International Conference on Research Challenges in Information Science (RCIS)","volume":"85 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"Security analysis and psychological study of authentication methods with PIN codes\",\"authors\":\"Xavier Bultel, Jannik Dreier, Matthieu Giraud, M. Izaute, Timothée Kheyrkhah, P. Lafourcade, Dounia Lakhzoum, Vincent Marlin, L. Moták\",\"doi\":\"10.1109/RCIS.2018.8406648\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Touch screens have become ubiquitous in the past few years, like for instance in smartphones and tablets. These devices are often the entry door to numerous information systems, hence having a secure and practical authentication mechanism is crucial. In this paper, we examine the complexity of different authentication methods specifically designed for such devices. We study the widely spread technology to authenticate a user using a Personal Identifier Number code (PIN code). Entering the code is a critical moment where there are several possibilities for an attacker to discover the secret. We consider the three attack models: a Bruteforce Attack (BA) model, a Smudge Attack (SA) model, and an Observation Attack (OA) model where the attacker sees the user logging in on his device. The aim of the intruder is to learn the secret code. Our goal is to propose alternative methods to enter a PIN code. We compare such different methods in terms of security. Some methods require more intentional resources than other, this is why we performed a psychological study on the different methods to evaluate the users' perception of the different methods and their usage.\",\"PeriodicalId\":408651,\"journal\":{\"name\":\"2018 12th International Conference on Research Challenges in Information Science (RCIS)\",\"volume\":\"85 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-05-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 12th International Conference on Research Challenges in Information Science (RCIS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/RCIS.2018.8406648\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 12th International Conference on Research Challenges in Information Science (RCIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RCIS.2018.8406648","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 13

摘要

在过去的几年里，触摸屏已经变得无处不在，比如在智能手机和平板电脑上。这些设备通常是许多信息系统的入口，因此具有安全实用的身份验证机制至关重要。在本文中，我们研究了专门为此类设备设计的不同身份验证方法的复杂性。我们研究了使用个人识别码(PIN码)来验证用户身份的广泛传播的技术。输入代码是一个关键时刻，攻击者有多种可能发现这个秘密。我们考虑三种攻击模型:暴力攻击(BA)模型、涂抹攻击(SA)模型和观察攻击(OA)模型，攻击者看到用户登录到他的设备上。入侵者的目的是要知道密码。我们的目标是提出输入PIN码的替代方法。我们从安全性的角度对这些不同的方法进行比较。有些方法比其他方法需要更多的意向资源，这就是为什么我们对不同的方法进行了心理学研究，以评估用户对不同方法及其使用的感知。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Security analysis and psychological study of authentication methods with PIN codes

Touch screens have become ubiquitous in the past few years, like for instance in smartphones and tablets. These devices are often the entry door to numerous information systems, hence having a secure and practical authentication mechanism is crucial. In this paper, we examine the complexity of different authentication methods specifically designed for such devices. We study the widely spread technology to authenticate a user using a Personal Identifier Number code (PIN code). Entering the code is a critical moment where there are several possibilities for an attacker to discover the secret. We consider the three attack models: a Bruteforce Attack (BA) model, a Smudge Attack (SA) model, and an Observation Attack (OA) model where the attacker sees the user logging in on his device. The aim of the intruder is to learn the secret code. Our goal is to propose alternative methods to enter a PIN code. We compare such different methods in terms of security. Some methods require more intentional resources than other, this is why we performed a psychological study on the different methods to evaluate the users' perception of the different methods and their usage.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2018 12th International Conference on Research Challenges in Information Science (RCIS)

自引率

0.00%

发文量