Prueba de concepto de interfaz touchless en teclado numérico aleatorio para mitigación de shoulder surfing en cajeros automáticos

Bruno Fabrizio Ríos Villegas; Carlos Martin Torres Paredes

doi:10.26439/interfases2023.n018.6557

Authors

Bruno Fabrizio Ríos Villegas Universidad de Lima, Peru https://orcid.org/0009-0009-7832-5589
Carlos Martin Torres Paredes Universidad de Lima, Peru https://orcid.org/0000-0002-7464-5392

DOI:

https://doi.org/10.26439/interfases2023.n018.6557

Keywords:

touchless interfaces, automated teller machines, shoulder surfing, random keypad

Abstract

Financial inclusion in Peru is on the rise, with 56% of adults already having financial products. This has increased the use of ATMs and the risks associated with them, such as shoulder surfing. To mitigate the risk of this attack, a proof of concept of a touchless interface that allows users to enter their PIN securely was developed, proposing an example for use by banking institutions or ATM manufacturers. For this purpose, randomly disordered sequences of numbers from 0 to 9 were generated without repeating them. Then, infrared sensors were implemented to enter the PIN numbers. Mitigation and usability tests were performed with a group of 16 people. The first test showed encouraging results, as the attackers found it difficult to identify the digits entered by the users and only managed to register 25% correctly. Likewise, in the usability tests, an usability average of 78.4375 was obtained, placing the interface in a B+ range, above the threshold of 68 points. Considering this, it is concluded that the proposal meets the objective of allowing the user to enter his PIN securely against shoulder surfing attacks.

Downloads

Download data is not yet available.

References

Abhishek, K., Verma Kumar, M., & Prasad Singh, M. (2019). Automated random colour keypad. International Journal of Information and Communication Technology, 15(2), 162-175. https://doi.org/10.1504/IJICT.2019.10018383

Adithya, P., Aishwarya, S., Megalai, S., Priyadharshini, S., & Kurinjimalar, R. (2018). Security enhancement in automated teller machine. Proceedings of 2017 International Conference on Intelligent Computing and Control, I2C2 2017, 2018-January. https://doi.org/10.1109/I2C2.2017.8321773

Agarwal, M., Mehra, M., Pawar, R., & Shah, D. (2011). Secure authentication using dynamic virtual keyboard layout. International Conference and Workshop on Emerging Trends in Technology 2011, ICWET 2011 - Conference Proceedings, Icwet, 288-291. https://doi.org/10.1145/1980022.1980087

Ahmad, A. G. (2013). Arduino as a learning tool. Sensing Technologies for Global Health, Military Medicine, and Environmental Monitoring III, 8723, 872313.

Alsuhibany, S. A. (2021). A Camouflage Text-Based Password Approach for Mobile Devices against Shoulder-Surfing Attack. Security and Communication Networks. https://doi.org/10.1155/2021/6653076

Borsci, S., Federici, S., Bacci, S., Gnaldi, M., & Bartolucci, F. (2015). Assessing user satisfaction in the era of user experience: Comparison of the SUS, UMUX, and UMUX-LITE as a function of product experience. International Journal of Human-Computer Interaction, 31(8), 484-495. https://doi.org/10.1080/10447318.2015.1064648

Bultel, X., Dreier, J., Giraud, M., Izaute, M., Kheyrkhah, T., Lafourcade, P., Lakhzoum, D., Marlin, V., & Motá, L. (2018). Security analysis and psychological study of authentication methods with PIN codes. Proceedings - International Conference on Research Challenges in Information Science, 2018-May, 1-11. https://doi.org/10.1109/RCIS.2018.8406648

Chakraborty, T., Nasim, M., Bin Malek, S. M., Sami, M. T. H. M., Saeef, M. S., & Al Islam, A. B. M. A. (2016). Sporshohin: A tale of devising visible light based low-cost robust touchless input device. Proceedings of the 7th Annual Symposium on Computing for Development, ACM DEV-7 2016. https://doi.org/10.1145/3001913.3001914

Edem Udo Udo, E., Abiso Kabir, A., Yusuff, A. M., & Bukola Simeon, A. (2017). Impact of automated teller machine on customer satisfaction and profitability of commercial banks. IIARD International Journal of Banking and Finance Research, 3(2). http://www.iiardpub.org

Ipsos. (2019, 14 de octubre). Hay 400,000 que sufrieron algún tipo de robo o fraude financiero. Ipsos. https://www.ipsos.com/sites/default/files/ct/publication/documents/2019-10/hay_400000_que_sufrieron_algun_tipo_de_robo_o_fraude_financiero.pdf

Lewis, J. R. (2018). Measuring perceived usability: The CSUQ, SUS, and UMUX. International Journal of Human-Computer Interaction, 34(12), 1148-1156. https://doi.org/10.1080/10447318.2017.1418805

Lewis, J. R., Utesch, B. S., & Maher, D. E. (2013). UMUX-LITE - When there’s no time for the SUS. Conference on Human Factors in Computing Systems - Proceedings, October, 2099-2102. https://doi.org/10.1145/2470654.2481287

Maiti, A., Jadliwala, M., & Weber, C. (2017). Preventing shoulder surfing using randomized augmented reality keyboards. 2017 IEEE International Conference on Pervasive Computing and Communications Workshops, PerCom Workshops 2017, 630-635. https://doi.org/10.1109/PERCOMW.2017.7917636

Montanaro, L., Sernani, P., Dragoni, A. F., & Calvaresi, D. (2016). A touchless human-machine interface for the control of an elevator. CEUR Workshop Proceedings, 1746, 58-65.

Rajarajan, S., Maheswari, K., Hemapriya, R., & Sriharilakshmi, S. (2014). Shoulder surfing resistant virtual keyboard for internet banking. World Applied Sciences Journal, 31(7), 1297-1304. https://doi.org/10.5829/idosi.wasj.2014.31.07.378

Roth, V., Richter, K., & Freidinger, R. (2004). A PIN-entry method resilient against shoulder surfing. Proceedings of the ACM Conference on Computer and Communications Security, 236-245. https://doi.org/10.1145/1030083.1030116

Sevilla-Gonzalez, M. D. R., Moreno Loaeza, L., Lazaro-Carrera, L. S., Bourguet Ramirez, B., Vázquez Rodríguez, A., Peralta-Pedrero, M. L., & Almeda-Valdes, P. (2020). Spanish version of the system usability scale for the assessment of electronic tools: Development and validation. JMIR Human Factors, 7(4), e21161. https://doi.org/10.2196/21161

Shukla, S., Helonde, A., Raut, S., Salode, S., & Zade, J. (2018). Random keypad and face recognition authentication mechanism. IRJET, 5(3), 3685–3688.

Statista. (2023a). Number of automated teller machines (ATMs) per 100,000 adults in Peru from 2005 to 2021. https://www.statista.com/statistics/1079224/peru-automated-teller-machines-atm-penetration/

Statista. (2023b). Number of ATM transactions in selected countries in Latin America in 2019. https://www.statista.com/statistics/823923/number-atm-transactions-latin-america-country/

Still, J. D., & Bell, J. (2018). Incognito: Shoulder-surfing resistant selection method. Journal of Information Security and Applications, 40, 1-8. https://doi.org/10.1016/j.jisa.2018.02.006

Superintendencia de Banca y Seguros y AFP. (2020). Perú: indicadores de inclusión financiera de los sistemas financieros, de seguros y de pensiones - junio 2020. https://intranet2.sbs.gob.pe/estadistica/financiera/2020/Junio/CIIF-0001-jn2020.PDF

Toledo Concha, E., & León Reyes, V. (2023). Financial inclusion in Peru: Appraisal and perspectives. Quipukamayoc, 31(65), 73-84. https://doi.org/10.15381/quipu.v31i65.25882

Yu, M., Zhuge, J., Cao, M., Shi, Z., & Jiang, L. (2020). A survey of security vulnerability analysis, discovery, detection, and mitigation on IoT devices. Future Internet, 12(2), 1-23. https://doi.org/10.3390/fi12020027

Proof of Concept of Touchless Interface on Random Keypad for ATM Shoulder Surfing Mitigation

Authors

DOI:

Keywords:

Abstract

Downloads

References

Downloads

Published

Issue

Section

License

How to Cite

Language

Make a Submission

estadisticas

redesociales

indexacion

etica

normas

equipo

proceso

tutoriales

Latest publications