Adapting User Interface Design to Mitigate Shoulder Surfing Attacks in USSD Channel

The most widely accepted authentication method involves the use of a personal identification number (PIN). This method is applicable across many technologies, of which one of them is Unstructured Supplementary Service Data (USSD). USSD is a capability built into the Global System for Mobile Communication (GSM). In some developing countries like Nigeria, USSD is used in carrying out financial transactions. It has been observed that while carrying out banking transactions using this technology, users' personal identification number (PIN) entered for authentication appears in plain text on the mobile interface, thereby subjecting it to shoulder surfing attacks. Findings revealed that users' PIN appears in plain text because USSD technology is designed to convey only textual data. That is why many existing authentication methods against Human shoulder surfing attacks which contain features like images, colors, or graphical password, that can provide security to users' PIN on mobile interface are not implemented on the USSD channel. This is one of the reasons why many existing authentication methods, which are designed with features such as images, colors or graphical passwords to prevent shoulder surfing attack, are not implemented on the USSD channel. This research is, therefore, on the design of a new authentication method that can provide security to users’ PIN at the mobile interface of the USSD channel and secure the users’ transaction against shoulder surfing attacks. In this method, the challenge response approach is adopted to provide a secure PIN entry method in the presence of a human shoulder surfer, using the randomization obfuscation method that randomly places the user's chosen PIN within randomly generated 10-digit numbers, in Left to Right order. For further security, the designed model includes features like Bag of Soft Biometrics (BoSB) details and one-time password (OTP).