The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Este artigo apresenta uma série de métodos seguros de entrada de PIN/senha resistentes a hackers de ombro. Quando uma pessoa insere um PIN ou senha em um smartphone, tablet, terminal bancário, etc., existe o risco de invasão do PIN ou de roubo da senha. Para diminuir o risco, propomos um método que apaga os rótulos da parte superior das teclas, move-os de maneira suave e simultânea e permite ao usuário tocar na tecla alvo após parar. O usuário só precisa rastrear uma única chave, mas os observadores precisam rastrear os movimentos de todas as teclas ao mesmo tempo. Estendemos o método atribuindo diferentes cores, formas e/ou tamanhos às teclas para melhorar a distinção, o que permite que todas as teclas sejam movidas instantaneamente após os rótulos da parte superior da tecla serem apagados e o usuário tocar na tecla alvo. Também introduzimos uma função “mover para trás/para frente” que permite ao usuário reproduzir os movimentos. Esta série de métodos não possui a mais alta segurança, mas é fácil de usar e não requer nenhuma alteração no servidor. Os resultados de uma avaliação de desempenho demonstram que este método possui alta resistência a ataques de ombro, ao mesmo tempo que fornece usabilidade satisfatória sem grandes erros de entrada.
Kokoro KOBAYASHI
Tokyo University of Agriculture and Technology
Tsuyoshi OGUNI
NTT DATA
Masaki NAKAGAWA
Tokyo University of Agriculture and Technology
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Kokoro KOBAYASHI, Tsuyoshi OGUNI, Masaki NAKAGAWA, "A Series of PIN/Password Input Methods Resilient to Shoulder Hacking Based on Cognitive Difficulty of Tracing Multiple Key Movements" in IEICE TRANSACTIONS on Information,
vol. E103-D, no. 7, pp. 1623-1632, July 2020, doi: 10.1587/transinf.2019EDP7181.
Abstract: This paper presents a series of secure PIN/password input methods resilient to shoulder hacking. When a person inputs a PIN or password to a smartphone, tablet, banking terminal, etc., there is a risk of shoulder hacking of the PIN or the password being stolen. To decrease the risk, we propose a method that erases key-top labels, moves them smoothly and simultaneously, and lets the user touch the target key after they stopped. The user only needs to trace a single key, but peepers have to trace the movements of all the keys at the same time. We extend the method by assigning different colors, shapes, and/or sizes to keys for enhancing distinguishability, which allows all the keys to be moved instantaneously after key-top labels are erased and the user to touch the target key. We also introduce a “move backward/forward” function that allows the user to play back the movements. This series of methods does not have the highest security, but it is easy to use and does not require any changes to the server side. Results of a performance evaluation demonstrate that this method has high resistance to shoulder hacking while providing satisfactory usability without large input errors.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2019EDP7181/_p
Copiar
@ARTICLE{e103-d_7_1623,
author={Kokoro KOBAYASHI, Tsuyoshi OGUNI, Masaki NAKAGAWA, },
journal={IEICE TRANSACTIONS on Information},
title={A Series of PIN/Password Input Methods Resilient to Shoulder Hacking Based on Cognitive Difficulty of Tracing Multiple Key Movements},
year={2020},
volume={E103-D},
number={7},
pages={1623-1632},
abstract={This paper presents a series of secure PIN/password input methods resilient to shoulder hacking. When a person inputs a PIN or password to a smartphone, tablet, banking terminal, etc., there is a risk of shoulder hacking of the PIN or the password being stolen. To decrease the risk, we propose a method that erases key-top labels, moves them smoothly and simultaneously, and lets the user touch the target key after they stopped. The user only needs to trace a single key, but peepers have to trace the movements of all the keys at the same time. We extend the method by assigning different colors, shapes, and/or sizes to keys for enhancing distinguishability, which allows all the keys to be moved instantaneously after key-top labels are erased and the user to touch the target key. We also introduce a “move backward/forward” function that allows the user to play back the movements. This series of methods does not have the highest security, but it is easy to use and does not require any changes to the server side. Results of a performance evaluation demonstrate that this method has high resistance to shoulder hacking while providing satisfactory usability without large input errors.},
keywords={},
doi={10.1587/transinf.2019EDP7181},
ISSN={1745-1361},
month={July},}
Copiar
TY - JOUR
TI - A Series of PIN/Password Input Methods Resilient to Shoulder Hacking Based on Cognitive Difficulty of Tracing Multiple Key Movements
T2 - IEICE TRANSACTIONS on Information
SP - 1623
EP - 1632
AU - Kokoro KOBAYASHI
AU - Tsuyoshi OGUNI
AU - Masaki NAKAGAWA
PY - 2020
DO - 10.1587/transinf.2019EDP7181
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E103-D
IS - 7
JA - IEICE TRANSACTIONS on Information
Y1 - July 2020
AB - This paper presents a series of secure PIN/password input methods resilient to shoulder hacking. When a person inputs a PIN or password to a smartphone, tablet, banking terminal, etc., there is a risk of shoulder hacking of the PIN or the password being stolen. To decrease the risk, we propose a method that erases key-top labels, moves them smoothly and simultaneously, and lets the user touch the target key after they stopped. The user only needs to trace a single key, but peepers have to trace the movements of all the keys at the same time. We extend the method by assigning different colors, shapes, and/or sizes to keys for enhancing distinguishability, which allows all the keys to be moved instantaneously after key-top labels are erased and the user to touch the target key. We also introduce a “move backward/forward” function that allows the user to play back the movements. This series of methods does not have the highest security, but it is easy to use and does not require any changes to the server side. Results of a performance evaluation demonstrate that this method has high resistance to shoulder hacking while providing satisfactory usability without large input errors.
ER -