Analysis and Improvement on a Unimodal Haptic PIN-Entry Method

Mun Kyu Lee; Jin Yoo; Hyeonjin Nam

doi:10.1155/2017/6047312

Analysis and Improvement on a Unimodal Haptic PIN-Entry Method

Mun Kyu Lee, Jin Yoo, Hyeonjin Nam

Research output: Contribution to journal › Article › peer-review

3 Scopus citations

Abstract

User authentication is a process in which a user of a system proves his/her identity to acquire access permission. An effective user authentication method should be both secure and usable. In an attempt to achieve these two objectives, Bianchi et al. recently proposed novel unimodal PIN-entry methods that use either audio or vibration cues. This paper analyzes the security of their method, in particular, the vibration version of one of their proposals, Timelock. A probabilistic analysis and real attack experiment reveal that the security level guaranteed by Timelock is lower than that claimed in Bianchi et al.'s paper. As countermeasures to this problem, three PIN-entry methods are proposed and a usability study is performed. According to the result of this study, a simple modification may improve the security significantly while retaining the design philosophy of unimodal systems. In addition, the proposed methods address the PIN compatibility issue of Timelock and they can be used to enter a legacy numerical PIN without any change in the PIN.

Original language	English
Article number	6047312
Journal	Mobile Information Systems
Volume	2017
DOIs	https://doi.org/10.1155/2017/6047312
State	Published - 2017

Bibliographical note

Publisher Copyright:
© 2017 Mun-Kyu Lee et al.

Access to Document

10.1155/2017/6047312

Cite this

@article{6f6c5c255bc240bca396759e33ec8001,

title = "Analysis and Improvement on a Unimodal Haptic PIN-Entry Method",

abstract = "User authentication is a process in which a user of a system proves his/her identity to acquire access permission. An effective user authentication method should be both secure and usable. In an attempt to achieve these two objectives, Bianchi et al. recently proposed novel unimodal PIN-entry methods that use either audio or vibration cues. This paper analyzes the security of their method, in particular, the vibration version of one of their proposals, Timelock. A probabilistic analysis and real attack experiment reveal that the security level guaranteed by Timelock is lower than that claimed in Bianchi et al.'s paper. As countermeasures to this problem, three PIN-entry methods are proposed and a usability study is performed. According to the result of this study, a simple modification may improve the security significantly while retaining the design philosophy of unimodal systems. In addition, the proposed methods address the PIN compatibility issue of Timelock and they can be used to enter a legacy numerical PIN without any change in the PIN.",

author = "Lee, {Mun Kyu} and Jin Yoo and Hyeonjin Nam",

note = "Publisher Copyright: {\textcopyright} 2017 Mun-Kyu Lee et al.",

year = "2017",

doi = "10.1155/2017/6047312",

language = "English",

volume = "2017",

journal = "Mobile Information Systems",

issn = "1574-017X",

publisher = "Hindawi Limited",

}

TY - JOUR

T1 - Analysis and Improvement on a Unimodal Haptic PIN-Entry Method

AU - Lee, Mun Kyu

AU - Yoo, Jin

AU - Nam, Hyeonjin

PY - 2017

Y1 - 2017

N2 - User authentication is a process in which a user of a system proves his/her identity to acquire access permission. An effective user authentication method should be both secure and usable. In an attempt to achieve these two objectives, Bianchi et al. recently proposed novel unimodal PIN-entry methods that use either audio or vibration cues. This paper analyzes the security of their method, in particular, the vibration version of one of their proposals, Timelock. A probabilistic analysis and real attack experiment reveal that the security level guaranteed by Timelock is lower than that claimed in Bianchi et al.'s paper. As countermeasures to this problem, three PIN-entry methods are proposed and a usability study is performed. According to the result of this study, a simple modification may improve the security significantly while retaining the design philosophy of unimodal systems. In addition, the proposed methods address the PIN compatibility issue of Timelock and they can be used to enter a legacy numerical PIN without any change in the PIN.

AB - User authentication is a process in which a user of a system proves his/her identity to acquire access permission. An effective user authentication method should be both secure and usable. In an attempt to achieve these two objectives, Bianchi et al. recently proposed novel unimodal PIN-entry methods that use either audio or vibration cues. This paper analyzes the security of their method, in particular, the vibration version of one of their proposals, Timelock. A probabilistic analysis and real attack experiment reveal that the security level guaranteed by Timelock is lower than that claimed in Bianchi et al.'s paper. As countermeasures to this problem, three PIN-entry methods are proposed and a usability study is performed. According to the result of this study, a simple modification may improve the security significantly while retaining the design philosophy of unimodal systems. In addition, the proposed methods address the PIN compatibility issue of Timelock and they can be used to enter a legacy numerical PIN without any change in the PIN.

UR - http://www.scopus.com/inward/record.url?scp=85031927034&partnerID=8YFLogxK

U2 - 10.1155/2017/6047312

DO - 10.1155/2017/6047312

M3 - Article

AN - SCOPUS:85031927034

SN - 1574-017X

VL - 2017

JO - Mobile Information Systems

JF - Mobile Information Systems

M1 - 6047312

ER -

Analysis and Improvement on a Unimodal Haptic PIN-Entry Method

Abstract

Bibliographical note

Access to Document

Other files and links

Fingerprint

Cite this