DragPIN: A Secured PIN Entry Scheme to Avert Attacks

Personal Identification Numbers (PIN) are widely used for authenticating users for financial transactions. PIN numbers are entered at Automatic Teller Machine (ATMs), card payments at Point of Sale (POS) counters and for e-banking services. When PIN numbers are keyed in by the users, they are vulnerable to shoulder surfing and keylogging attacks. By entering PIN numbers through virtual keyboards, the keylogging attacks can be mitigated, but it elevates the risk of shoulder surfing. A number of shoulder surfing resistive keyboard schemes have been proposed. But many of them offer inadequate security and are poor in usability. They also demand substantial user intelligence, training, user memory and additional devices for entering the PIN numbers. Keeping in mind that securing PIN number should not be done at the cost of user inconvenience, a new scheme based on key sliding is proposed in this paper. Two variations of the scheme are presented. They are based on manual and automatic sliding of keys and indirect user entry of PIN numbers. Our proposed schemes are simple and easy to adopt. They are sufficiently stronger against attacks. Our extensive analysis and user study of the schemes have proved their security and usability.