A systematic review of PIN-entry methods resistant to shoulder-surfing attacks. Issue 101 (February 2021)
- Record Type:
- Journal Article
- Title:
- A systematic review of PIN-entry methods resistant to shoulder-surfing attacks. Issue 101 (February 2021)
- Main Title:
- A systematic review of PIN-entry methods resistant to shoulder-surfing attacks
- Authors:
- Binbeshr, Farid
Mat Kiah, M.L.
Por, Lip Yee
Zaidan, A.A. - Abstract:
- Highlights: First systematic review on PIN-entry methods resistant to shoulder-surfing attack. A taxonomy of PIN-entry methods resistant to shoulder-surfing attack is presented. Evaluation metrics, limitations, and recommendations of PIN methods are discussed. PIN-entry methods are prone to recording-based shoulder-surfing attack. Error rate and PIN-entry time are widely adopted as criteria for usability. Abstract: Although conventional PIN-entry methods are widely used in many daily authentication procedures, they are highly susceptible to shoulder-surfing attacks. A plethora of PIN-entry methods have been proposed in the literature to mitigate such attacks. Unfortunately, none of these methods is capable of replacing the conventional PIN-entry method. This study presents the results of a systematic review of PIN-entry methods resistant to shoulder-surfing attacks so that the main challenges that impede their adoption can be provided along with opportunities for future research. A systematic search was conducted on seven databases using predefined criteria. A test–retest approach was performed by a single author to extract data. A total of 55 articles were included in this review. The review results manifest that PIN-entry methods are classified mainly into direct and indirect inputs. The user study was the standard research method, and error rate and PIN-entry time were the most frequently adopted usability measures. The review argues that a recording-basedHighlights: First systematic review on PIN-entry methods resistant to shoulder-surfing attack. A taxonomy of PIN-entry methods resistant to shoulder-surfing attack is presented. Evaluation metrics, limitations, and recommendations of PIN methods are discussed. PIN-entry methods are prone to recording-based shoulder-surfing attack. Error rate and PIN-entry time are widely adopted as criteria for usability. Abstract: Although conventional PIN-entry methods are widely used in many daily authentication procedures, they are highly susceptible to shoulder-surfing attacks. A plethora of PIN-entry methods have been proposed in the literature to mitigate such attacks. Unfortunately, none of these methods is capable of replacing the conventional PIN-entry method. This study presents the results of a systematic review of PIN-entry methods resistant to shoulder-surfing attacks so that the main challenges that impede their adoption can be provided along with opportunities for future research. A systematic search was conducted on seven databases using predefined criteria. A test–retest approach was performed by a single author to extract data. A total of 55 articles were included in this review. The review results manifest that PIN-entry methods are classified mainly into direct and indirect inputs. The user study was the standard research method, and error rate and PIN-entry time were the most frequently adopted usability measures. The review argues that a recording-based shoulder-surfing attack is a major threat to PIN-entry methods. Error rate and PIN-entry time are widely adopted criteria for usability. The review indicates that most PIN-entry methods require a high error rate and PIN-entry time than the conventional method. Moreover, the lack of a standard evaluation framework should be addressed. … (more)
- Is Part Of:
- Computers & security. Issue 101(2021)
- Journal:
- Computers & security
- Issue:
- Issue 101(2021)
- Issue Display:
- Volume 101, Issue 101 (2021)
- Year:
- 2021
- Volume:
- 101
- Issue:
- 101
- Issue Sort Value:
- 2021-0101-0101-0000
- Page Start:
- Page End:
- Publication Date:
- 2021-02
- Subjects:
- PIN -- Password -- Shoulder surfing -- Recording attack -- Observation attack -- Authentication
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2020.102116 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 15398.xml