The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Kertas kerja ini membentangkan satu siri kaedah input PIN/kata laluan selamat yang berdaya tahan terhadap penggodaman bahu. Apabila seseorang memasukkan PIN atau kata laluan ke telefon pintar, tablet, terminal perbankan, dsb., terdapat risiko penggodaman bahu PIN atau kata laluan dicuri. Untuk mengurangkan risiko, kami mencadangkan kaedah yang memadamkan label atas kekunci, menggerakkannya dengan lancar dan serentak, dan membenarkan pengguna menyentuh kekunci sasaran selepas ia berhenti. Pengguna hanya perlu mengesan satu kekunci, tetapi pengintip perlu mengesan pergerakan semua kekunci pada masa yang sama. Kami melanjutkan kaedah dengan memberikan warna, bentuk dan/atau saiz yang berbeza kepada kekunci untuk meningkatkan kebolehbezaan, yang membolehkan semua kekunci dialihkan serta-merta selepas label atas kekunci dipadamkan dan pengguna menyentuh kekunci sasaran. Kami juga memperkenalkan fungsi "bergerak ke belakang/ke hadapan" yang membolehkan pengguna memainkan semula pergerakan. Siri kaedah ini tidak mempunyai keselamatan tertinggi, tetapi ia mudah digunakan dan tidak memerlukan sebarang perubahan pada bahagian pelayan. Keputusan penilaian prestasi menunjukkan bahawa kaedah ini mempunyai rintangan yang tinggi terhadap penggodaman bahu sambil memberikan kebolehgunaan yang memuaskan tanpa ralat input yang besar.
Kokoro KOBAYASHI
Tokyo University of Agriculture and Technology
Tsuyoshi OGUNI
NTT DATA
Masaki NAKAGAWA
Tokyo University of Agriculture and Technology
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Salinan
Kokoro KOBAYASHI, Tsuyoshi OGUNI, Masaki NAKAGAWA, "A Series of PIN/Password Input Methods Resilient to Shoulder Hacking Based on Cognitive Difficulty of Tracing Multiple Key Movements" in IEICE TRANSACTIONS on Information,
vol. E103-D, no. 7, pp. 1623-1632, July 2020, doi: 10.1587/transinf.2019EDP7181.
Abstract: This paper presents a series of secure PIN/password input methods resilient to shoulder hacking. When a person inputs a PIN or password to a smartphone, tablet, banking terminal, etc., there is a risk of shoulder hacking of the PIN or the password being stolen. To decrease the risk, we propose a method that erases key-top labels, moves them smoothly and simultaneously, and lets the user touch the target key after they stopped. The user only needs to trace a single key, but peepers have to trace the movements of all the keys at the same time. We extend the method by assigning different colors, shapes, and/or sizes to keys for enhancing distinguishability, which allows all the keys to be moved instantaneously after key-top labels are erased and the user to touch the target key. We also introduce a “move backward/forward” function that allows the user to play back the movements. This series of methods does not have the highest security, but it is easy to use and does not require any changes to the server side. Results of a performance evaluation demonstrate that this method has high resistance to shoulder hacking while providing satisfactory usability without large input errors.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2019EDP7181/_p
Salinan
@ARTICLE{e103-d_7_1623,
author={Kokoro KOBAYASHI, Tsuyoshi OGUNI, Masaki NAKAGAWA, },
journal={IEICE TRANSACTIONS on Information},
title={A Series of PIN/Password Input Methods Resilient to Shoulder Hacking Based on Cognitive Difficulty of Tracing Multiple Key Movements},
year={2020},
volume={E103-D},
number={7},
pages={1623-1632},
abstract={This paper presents a series of secure PIN/password input methods resilient to shoulder hacking. When a person inputs a PIN or password to a smartphone, tablet, banking terminal, etc., there is a risk of shoulder hacking of the PIN or the password being stolen. To decrease the risk, we propose a method that erases key-top labels, moves them smoothly and simultaneously, and lets the user touch the target key after they stopped. The user only needs to trace a single key, but peepers have to trace the movements of all the keys at the same time. We extend the method by assigning different colors, shapes, and/or sizes to keys for enhancing distinguishability, which allows all the keys to be moved instantaneously after key-top labels are erased and the user to touch the target key. We also introduce a “move backward/forward” function that allows the user to play back the movements. This series of methods does not have the highest security, but it is easy to use and does not require any changes to the server side. Results of a performance evaluation demonstrate that this method has high resistance to shoulder hacking while providing satisfactory usability without large input errors.},
keywords={},
doi={10.1587/transinf.2019EDP7181},
ISSN={1745-1361},
month={July},}
Salinan
TY - JOUR
TI - A Series of PIN/Password Input Methods Resilient to Shoulder Hacking Based on Cognitive Difficulty of Tracing Multiple Key Movements
T2 - IEICE TRANSACTIONS on Information
SP - 1623
EP - 1632
AU - Kokoro KOBAYASHI
AU - Tsuyoshi OGUNI
AU - Masaki NAKAGAWA
PY - 2020
DO - 10.1587/transinf.2019EDP7181
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E103-D
IS - 7
JA - IEICE TRANSACTIONS on Information
Y1 - July 2020
AB - This paper presents a series of secure PIN/password input methods resilient to shoulder hacking. When a person inputs a PIN or password to a smartphone, tablet, banking terminal, etc., there is a risk of shoulder hacking of the PIN or the password being stolen. To decrease the risk, we propose a method that erases key-top labels, moves them smoothly and simultaneously, and lets the user touch the target key after they stopped. The user only needs to trace a single key, but peepers have to trace the movements of all the keys at the same time. We extend the method by assigning different colors, shapes, and/or sizes to keys for enhancing distinguishability, which allows all the keys to be moved instantaneously after key-top labels are erased and the user to touch the target key. We also introduce a “move backward/forward” function that allows the user to play back the movements. This series of methods does not have the highest security, but it is easy to use and does not require any changes to the server side. Results of a performance evaluation demonstrate that this method has high resistance to shoulder hacking while providing satisfactory usability without large input errors.
ER -