Welcome to the InfoSci Platform
Scrambling Keypad for Secure Pin Entry to Defeat Shoulder Surfing and Inference Attacks

Scrambling Keypad for Secure Pin Entry to Defeat Shoulder Surfing and Inference Attacks

Samuel Selassie Yakohene, Winfred Yaokumah, Ernest Barfo Boadi Gyebi
Copyright: © 2021 |Volume: 13 |Issue: 3 |Pages: 22
ISSN: 2643-7937|EISSN: 2643-7945|EISBN13: 9781799863960|DOI: 10.4018/IJSPPC.2021070102
Cite Article Cite Article

MLA

Yakohene, Samuel Selassie, et al. "Scrambling Keypad for Secure Pin Entry to Defeat Shoulder Surfing and Inference Attacks." IJSPPC vol.13, no.3 2021: pp.12-33. http://doi.org/10.4018/IJSPPC.2021070102

APA

Yakohene, S. S., Yaokumah, W., & Gyebi, E. B. (2021). Scrambling Keypad for Secure Pin Entry to Defeat Shoulder Surfing and Inference Attacks. International Journal of Security and Privacy in Pervasive Computing (IJSPPC), 13(3), 12-33. http://doi.org/10.4018/IJSPPC.2021070102

Chicago

Yakohene, Samuel Selassie, Winfred Yaokumah, and Ernest Barfo Boadi Gyebi. "Scrambling Keypad for Secure Pin Entry to Defeat Shoulder Surfing and Inference Attacks," International Journal of Security and Privacy in Pervasive Computing (IJSPPC) 13, no.3: 12-33. http://doi.org/10.4018/IJSPPC.2021070102

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

Personal identification number (PIN) is a common user authentication method widely used especially for automated teller machines and point-of-sales devices. The user's PIN entry is susceptible to shoulder-surfing and inference attacks, where the attacker can obtain the PIN by looking over the user's shoulder. The conventional keypad with a fixed layout makes it easy for the attacker to infer the PIN entered by casual observation. This paper proposes a method of authentication to address these challenges. The paper develops a prototype numeric keypad with a layout akin to the conventional keypad, with the keys randomized for each PIN entry. The shuffle algorithm, Durstenfeld shuffle algorithm, is implemented in an application developed using JavaScript, which is a prototype-based object-oriented programming application that conforms to the ECMAScript specification. The prototype is implemented on three computing platforms for evaluation. The test proves the effectiveness of the system to mitigate shoulder-surfing and inference attacks.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.