Farid Binbeshr , Lip Yee Por , Muhammad Imam , M.L. Mat Kiah , Mohammad Hammoudeh
{"title":"挑战-响应PIN认证系统,以抵御肩冲浪和记录攻击","authors":"Farid Binbeshr , Lip Yee Por , Muhammad Imam , M.L. Mat Kiah , Mohammad Hammoudeh","doi":"10.1016/j.array.2025.100505","DOIUrl":null,"url":null,"abstract":"<div><div>Personal Identification Number (PIN) authentication remains widely used despite its vulnerability to shoulder surfing and recording attacks, due to the repeated exposure of static PINs in traditional systems. To address this, we propose a novel visual challenge-response PIN authentication system that generates a one-time PIN (OTP) for each session using a lightweight addition modulo 10 operation. Unlike prior approaches, our system requires no extra hardware, completes authentication in a single round, and maintains compatibility with regular PIN entry. We evaluate two design variants, TablePIN and RegularPIN, in a controlled user study with 30 participants. The results show 100% resistance to shoulder surfing attacks and over 80% resistance to recording attacks for hard PINs, with usability metrics including average login times under 15 s and success rates above 90%. User feedback indicates a strong preference for using the system in high-security contexts. We also introduce a PIN strength checker, which complements the system by helping prevent the use of weak, easily guessable PINs. Overall, the proposed system achieves a strong balance between usability and enhanced security, making it a viable alternative to traditional PIN authentication methods.</div></div>","PeriodicalId":8417,"journal":{"name":"Array","volume":"27 ","pages":"Article 100505"},"PeriodicalIF":4.5000,"publicationDate":"2025-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Challenge-response PIN authentication system to withstand shoulder surfing and recording attacks\",\"authors\":\"Farid Binbeshr , Lip Yee Por , Muhammad Imam , M.L. Mat Kiah , Mohammad Hammoudeh\",\"doi\":\"10.1016/j.array.2025.100505\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Personal Identification Number (PIN) authentication remains widely used despite its vulnerability to shoulder surfing and recording attacks, due to the repeated exposure of static PINs in traditional systems. To address this, we propose a novel visual challenge-response PIN authentication system that generates a one-time PIN (OTP) for each session using a lightweight addition modulo 10 operation. Unlike prior approaches, our system requires no extra hardware, completes authentication in a single round, and maintains compatibility with regular PIN entry. We evaluate two design variants, TablePIN and RegularPIN, in a controlled user study with 30 participants. The results show 100% resistance to shoulder surfing attacks and over 80% resistance to recording attacks for hard PINs, with usability metrics including average login times under 15 s and success rates above 90%. User feedback indicates a strong preference for using the system in high-security contexts. We also introduce a PIN strength checker, which complements the system by helping prevent the use of weak, easily guessable PINs. Overall, the proposed system achieves a strong balance between usability and enhanced security, making it a viable alternative to traditional PIN authentication methods.</div></div>\",\"PeriodicalId\":8417,\"journal\":{\"name\":\"Array\",\"volume\":\"27 \",\"pages\":\"Article 100505\"},\"PeriodicalIF\":4.5000,\"publicationDate\":\"2025-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Array\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2590005625001328\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Array","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2590005625001328","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
Challenge-response PIN authentication system to withstand shoulder surfing and recording attacks
Personal Identification Number (PIN) authentication remains widely used despite its vulnerability to shoulder surfing and recording attacks, due to the repeated exposure of static PINs in traditional systems. To address this, we propose a novel visual challenge-response PIN authentication system that generates a one-time PIN (OTP) for each session using a lightweight addition modulo 10 operation. Unlike prior approaches, our system requires no extra hardware, completes authentication in a single round, and maintains compatibility with regular PIN entry. We evaluate two design variants, TablePIN and RegularPIN, in a controlled user study with 30 participants. The results show 100% resistance to shoulder surfing attacks and over 80% resistance to recording attacks for hard PINs, with usability metrics including average login times under 15 s and success rates above 90%. User feedback indicates a strong preference for using the system in high-security contexts. We also introduce a PIN strength checker, which complements the system by helping prevent the use of weak, easily guessable PINs. Overall, the proposed system achieves a strong balance between usability and enhanced security, making it a viable alternative to traditional PIN authentication methods.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
