A systematic review of PIN-entry methods resistant to shoulder-surfing attacks

Binbeshr, Farid and Kiah, Miss Laiha. Mat and Por, Lip Yee and Zaidan, A. A. (2021) A systematic review of PIN-entry methods resistant to shoulder-surfing attacks. Computers & Security, 101. ISSN 0167-4048, DOI https://doi.org/10.1016/j.cose.2020.102116.

Full text not available from this repository.

Abstract

Although conventional PIN-entry methods are widely used in many daily authentication procedures, they are highly susceptible to shoulder-surfing attacks. A plethora of PIN-entry methods have been proposed in the literature to mitigate such attacks. Unfortunately, none of these methods is capable of replacing the conventional PIN-entry method. This study presents the results of a systematic review of PIN-entry methods resistant to shoulder-surfing attacks so that the main challenges that impede their adoption can be provided along with opportunities for future research. A systematic search was conducted on seven databases using predefined criteria. A test-retest approach was performed by a single author to extract data. A total of 55 articles were included in this review. The review results manifest that PIN-entry methods are classified mainly into direct and indirect inputs. The user study was the standard research method, and error rate and PIN-entry time were the most frequently adopted usability measures. The review argues that a recording-based shoulder-surfing attack is a major threat to PIN-entry methods. Error rate and PIN-entry time are widely adopted criteria for usability. The review indicates that most PIN-entry methods require a high error rate and PIN-entry time than the conventional method. Moreover, the lack of a standard evaluation framework should be addressed. (C) 2020 Elsevier Ltd. All rights reserved.

Item Type: Article
Funders: Fundamental Research Grant Scheme from the Ministry of Higher Education, Malaysia[FP114-2018A]
Uncontrolled Keywords: PIN; Password; Shoulder surfing; Recording attack; Observation attack; Authentication
Subjects: T Technology > TK Electrical engineering. Electronics Nuclear engineering
Divisions: Faculty of Computer Science & Information Technology
Depositing User: Ms. Juhaida Abd Rahim
Date Deposited: 14 Apr 2022 06:26
Last Modified: 14 Apr 2022 06:26
URI: http://eprints.um.edu.my/id/eprint/26787

Actions (login required)

View Item View Item