Optical illusion protects PIN from shoulder-surfing attackers
- 7 years ago
NEW YORK — A technology developed by researchers at New York University could defeat shoulder-surfing attackers by displaying an optical illusion.
A shoulder surfing attack is when an attacker obtains another person's PIN by directly looking over the victim's shoulder, or by recording the process.
The IllusionPIN system, developed by the team at NYU, generates an onscreen keypad with number keys in a certain configuration for the intended user, but someone viewing the same screen from a distance will see a completely different configuration of number keys. For added security, the system generates different keypad configuration for the intended user for every login attempt.
"PIN authentication is popular for good reasons, namely that it is easy to use and to remember," Nasir Memon, NYU Tandon professor of computer science and engineering said in a press release. "Our goal was to increase the resilience of PIN authentication without straining the device or compromising user experience."
Previous studies show about 73 percent of mobile devices users surveyed reported that they had observed someone else's PIN, but not necessarily with malicious intent. Meanwhile, the majority of the victims sai they were not aware that they were being watched.
The research was published in the journal IEEE Transactions on Information Forensics & Security.
A shoulder surfing attack is when an attacker obtains another person's PIN by directly looking over the victim's shoulder, or by recording the process.
The IllusionPIN system, developed by the team at NYU, generates an onscreen keypad with number keys in a certain configuration for the intended user, but someone viewing the same screen from a distance will see a completely different configuration of number keys. For added security, the system generates different keypad configuration for the intended user for every login attempt.
"PIN authentication is popular for good reasons, namely that it is easy to use and to remember," Nasir Memon, NYU Tandon professor of computer science and engineering said in a press release. "Our goal was to increase the resilience of PIN authentication without straining the device or compromising user experience."
Previous studies show about 73 percent of mobile devices users surveyed reported that they had observed someone else's PIN, but not necessarily with malicious intent. Meanwhile, the majority of the victims sai they were not aware that they were being watched.
The research was published in the journal IEEE Transactions on Information Forensics & Security.