Journal Title : International Journal of Modern Trends in Engineering and Science


Author’s Name : V Tamilarasan | J Keerthika

Volume 04 Issue 06 2017

ISSN no:  2348-3121

Page no: 95-96

Abstract – The principal idea is to present the user the PIN digits as two distinct sets e.g., by randomly coloring three by forth of the keys green, red and blue respectively. The user must enter in which set the digit is by pressing either a separate green, red or blue key. Multiple rounds of this game are played to enter a single digit and it is repeatedly played until all digits are entered. The verifier e.g., the automatic teller machine, determines the entered PIN digits by intersecting the chosen sets. However, no individual round uniquely identifies the entered PIN digit. Any observer must quickly perceive and note, or memorize and process information from all rounds to derive the entered PIN. The hypothesis is that this task can be designed so that it exceeds the cognitive capabilities of a human observer who does not know the genuine PIN whereas a human who knows the PIN can perform the task easily. In order to verify our hypothesis, this conducted two user studies: one study investigates the security of our methods whereas the second investigates their usability. In the end, the usability of a mechanism determines to a large degree its practicality.


  1. H. J. Asghar, S. Li, J. Pieprzyk, and H. Wang, “Cryptoanalysis of the convex hull click human identification protocol,” in Proc. 13th Int. Conf. Inf. Secur., 2011, pp. 24–30.
  2. H. J. Asghar, S. Li, R. Steinfeld, and J. Pieprzyk, “Does counting stil count? Revisiting the security of counting based user authentication protocols against statistical attacks,” in Proc. 20th Symp. Internet Soc. Netw. Distrib. Syst. Secur. (NDSS), Apr. 2013, pp. 1–18.
  3. X. Bai, W. Gu, S. Chellappan, X. Wang, D. Xuan, and B. Ma, “PAS: Predicate-based authentication services against powerful passive adversaries,” in Proc. IEEE Annu. Comput. Secur. Appl. Conf., Dec. 2008,pp. 433–442.
  4. A. Bianchi, I. Oakley, and D. S. Kwon, “Counting clicks and beeps:Exploring numerosity based haptic and audio PIN entry,” Interact.Comput., vol. 24, no. 5, pp. 409–422, Sep. 2012.
  5. A. De Luca, K. Hertzschuch, and H. Hussmann, “ColorPIN—Securing PIN entry through indirect input,” in Proc. ACM CHI Conf. Human Factors Comput. Syst., 2010, pp. 1103–1106.
  6. A. De Luca, E. von Zezschwitz, and H. Hußmann, “VibraPass-secure authentication based on shared lies,” in Proc. ACM CHI Conf. Human Factors Comput. Syst., 2009, pp. 913–916.
  7. P. Dunphy, A. P. Heiner, and N. Asokan, “A closer look at recognition based graphical passwords on mobile devices,” in Proc. 6th Symp. Usable Privacy Secur., 2010, pp. 1–12.
  8. P. Golle and D. Wagner, “Cryptanalysis of a cognitive authentication scheme,” in Proc. IEEE Symp. Secur. Privacy, May 2007, pp. 66–70.
  9. N. J. Hopper and M. Blum, “Secure human identification protocols,” in Advances in Cryptology—ASIACRYPT. Berlin, Germany: Springer Verlag, 2001, pp. 52–66.
  10. D. Kim et al., “Multi-touch authentication on tabletops,” in Proc. ACM SIGCHI Conf. Human Factors Comput. Syst. (CHI), 2010,pp. 1093–1102.
  11. T. Kwon, S. Shin, and S. Na, “Covert attentional shoulder surfing: Human adversaries are more powerful than expected,” IEEE Trans. Syst., Man, Cybern., Syst., vol. 44, no. 6, pp. 716–727, Jan. 2014.
  12. S. Li, H. J. Asghar, J. Pieprzyk, A. Sadeghi, R. Schmitz, and H. Wang, “On the security of PAS (predicate-based authentication service),” in Proc. Annu. Comput. Secur. Appl. Conf., Dec. 2009, pp. 209–218.
  13. J. Long, No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing. Boston, MA, USA: Syngress, 2008.
  14. T. Matsumoto and H. Imai, “Human identification through insecure channel,” in Advances in Cryptology—EUROCRYPT. Berlin, Germany: Springer-Verlag, 1991, pp. 409–421.
  15. Y. Michalevsky, D. Boneh, and G. Nakibly, “Gyrophone: Recognizing speech from gyroscope signals,” in Proc. USENIX Secur. Symp., Aug. 2014, pp. 1053–1067.