A systematic review of PIN-entry methods resistant to shoulder-surfing attacks

Highlights

• First systematic review on PIN-entry methods resistant to shoulder-surfing attack.

• A taxonomy of PIN-entry methods resistant to shoulder-surfing attack is presented.

• Evaluation metrics, limitations, and recommendations of PIN methods are discussed.

• PIN-entry methods are prone to recording-based shoulder-surfing attack.

• Error rate and PIN-entry time are widely adopted as criteria for usability.

Abstract

Although conventional PIN-entry methods are widely used in many daily authentication procedures, they are highly susceptible to shoulder-surfing attacks. A plethora of PIN-entry methods have been proposed in the literature to mitigate such attacks. Unfortunately, none of these methods is capable of replacing the conventional PIN-entry method. This study presents the results of a systematic review of PIN-entry methods resistant to shoulder-surfing attacks so that the main challenges that impede their adoption can be provided along with opportunities for future research. A systematic search was conducted on seven databases using predefined criteria. A test–retest approach was performed by a single author to extract data. A total of 55 articles were included in this review. The review results manifest that PIN-entry methods are classified mainly into direct and indirect inputs. The user study was the standard research method, and error rate and PIN-entry time were the most frequently adopted usability measures. The review argues that a recording-based shoulder-surfing attack is a major threat to PIN-entry methods. Error rate and PIN-entry time are widely adopted criteria for usability. The review indicates that most PIN-entry methods require a high error rate and PIN-entry time than the conventional method. Moreover, the lack of a standard evaluation framework should be addressed.

Introduction

The entry method of using a conventional personal identification number (PIN) is widely used in daily authentication of many services and systems, including automatic teller machines, mobile screen locks, and electronic doors. Widespread adoption of the PIN-entry method is due to the ease of remembering the PIN and entering the system (Greene et al., 2016). PIN is an example of textual passwords (text, digits, and/or symbols) that is composed only of digits and is typically 4-6 characters. Shen et al. (2016) conducted a study on 6 million textual passwords and found that most of them consist of only digits/numbers.

However, the conventional PIN-entry method is highly susceptible to shoulder-surfing attacks. The problem of shoulder surfing arises when an attacker observes the login PIN directly or by using a recording tool, and later reproduces the PIN (Ku, Cheng, Yeh, Chang, 2016, Nyang, Kim, Lee, Kang, Cho, Lee, Mohaisen, 2018). The reason for this problem is that users reveal their real PINs at each authentication session (Still and Bell, 2018). It could be argued that physiological biometric authentication methods, such as fingerprints, can solve this problem. Besides, users are favoring biometric authentication methods over the PIN entry method (Breitinger et al., 2020). Nonetheless, biometric methods are still error-prone, costly, and unchangeable once leaked (Yadav et al., 2015). Furthermore, the PIN-entry method is used by most devices for fallback authentication when biometric fails. Consequently, an attacker can resort to the fallback authentication method to detour biometric verification (Van Nguyen et al., 2017). Thus, a worthwhile task is to review and analyse the current PIN-entry methods resistant to shoulder-surfing attacks.

Shoulder-surfing attacks are classified into human-based and recording-based, according to the selected articles. Human-based shoulder surfing is the act of obtaining a user’s PIN through direct observation. In recording based shoulder-surfing, the attacker records the authentication session using a camera device to identify the PIN. This systematic review (SR) shows a considerable body of literature on PIN-entry methods resistant to shoulder-surfing attacks.

In general, shoulder-surfing resistant PIN-entry methods are classified into either direct or indirect input. Direct input methods aim to disguise the observer from known the PIN through gaze input, visual distraction and other methods. In gaze-based methods (e.g., Carneiro, Elmadjian, Gonzales, Coutinho, Morimoto, 2019, Ibrahim, Ambreen, 2019, Kumar, Akbari, Menges, MacKenzie, Staab, 2019), people use their eyes to enter the PIN to reduce the shoulder-surfing effect caused by direct input. Visual distraction methods provide only additional actions to disguise the observer through cursor camouflage (Still, Bell, 2018, Sugumar, Soundararajan, 2017, Watanabe, Higuchi, Inami, Igarashi, 2012), input distraction (Guerar, Migliardi, Palmieri, Verderame, Merlo, 2019, Shi, Zhu, Youssef, 2009), and keypad distraction (Adithya, Aishwarya, Megalai, Priyadharshini, Kurinjimalar, 2017, Kabir, Hasan, Tahmid, Ovi, Rozario, 2020, Nandhini, Jayanthy, 2019, Papadopoulos, Nguyen, Durmus, Memon, 2017). Other direct input methods used a pressure-based mechanism (Krombholz et al., 2016), multi-touch key input (Takada and Kokubun, 2014), and tapping PIN digits using fingers (Leftheriotis, 2013), to resist shoulder-surfing attacks.

Indirect input methods prevent users from revealing the actual PIN during the authentication process. They can also be classified into challenge-response methods and others. Most indirect input methods belong to the challenge-response category in which a user is given a challenge and s/he needs to compute and input the response. Current studies use various channels to send or receive the challenge such as audio (e.g., Dan, Ku, 2017, Hirakawa, Kurihara, Ohzeki, 2017, Rajarajan, Kalita, Gayatri, Priyadarsini, 2018), haptic (e.g., Ku, Xu, 2019, Souza, Cunha, B Oliveira, 2018, Xu, Ku, Dan, 2016), and visual (e.g., Chakraborty, Li, Mondal, Chen, Pan, 2019, Kasat, Bhadade, 2018, Vijai, Kottayam, Joseph). The other indirect input method (Alsuhibany and Almutairi, 2016) imposes additional decoy digits to resist shoulder surfing.

The review and analysis of these methods have identified several limitations. To date, no compatible PIN-entry method provides high resistance against recording-based shoulder-surfing attack. Moreover, the current work on PIN-entry methods resistant to shoulder-surfing lacks a standard evaluation framework. For usability, most of the current methods require high PIN entry time, and their error rate is high.

To the best of knowledge, no prior systematic review has focused on PIN-entry methods resistant to shoulder-surfing attacks. Aris and Yaakob (2018) conducted the most relevant review on non-biometric lock screen methods resistant to shoulder-surfing attacks. That is, the review was limited only to screen lock methods and excluded other authentication login methods. It also covered few real PIN-entry methods because it focused generally on knowledge-based and token-based authentication methods. The objective of this SR is to review the existent PIN-entry authentication methods resistant to shoulder-surfing attacks to identify the main challenges that impede their acceptance and adoption and provide a pledge to appropriately conduct further research activities. To meet this objective, we present the following research question and sub-questions:

• What are the existent PIN-entry methods resistant to shoulder-surfing attack in the literature?

  • - What evaluation metrics were used to evaluate the PIN-entry methods?

  • - What are the limitations and open solutions/recommendations of the current PIN-entry methods?

This SR is valuable to researchers and practitioners who are interested in exploring and developing a secure and usable PIN-entry method. To ensure transparent steps for reporting this SR, we have followed PRISM (Hutton et al., 2015), which has been adopted by many computer science studies, and none of the existing guides employs a standard methodology for reporting systematic reviews in computer science. The rest of this review is organised as follows. Section 2 describes the review methodology. The results are presented in Section 3. Section 4 discusses the answers to the research questions. Section 5 concludes this review.