“…DAP is a solution that we proposed in [21] allowing to authenticate a user by entering a PIN code using a smartphone during an NFC communication with an ATM. In this technique, the PIN code is the only secret shared between the bank server and the user, the smartphone used integrates the SE and the ATM is equipped with a small touch pad covered with a shell to hide the user's finger movements.…”
Section: Dap Protocolmentioning
confidence: 99%
“…The digits in the upper array are fixed on the screen during the authentication session, but the digits in the lower array can slide horizontally following the movement of the user's finger on the ATM touchpad, and can rotate in a circular manner so that cells that disappear on one side immediately appear on the opposite side in the same order. The user authentication in the DAP protocol requires the following steps [21]: PIN code in the upper array and reads the corresponding digit in the lower array. The user then finds the position of the digit read in the upper array and takes it as a reference to be used as explained in the other steps of the session.…”
Section: Dap Protocolmentioning
confidence: 99%
“…In our previous paper [21], we proposed a new PIN entry protocol on a smartphone to authenticate a user during an NFC communication with an ATM. We proved that this protocol, called Dynamic Array PIN (DAP), is more cost effective and secure than several protocols proposed in existing literature.…”
In order to authenticate a user on an Automated Teller Machine (ATM) using Near Field Communication (NFC) technology embedded on smartphones, we recently proposed a new approach called Dynamic Array PIN Protocol (DAP) that allows a user to enter his PIN code in a secure manner. We proved that the DAP protocol is resistant to 13 different attacks. Furthermore, by comparing it to several existing solutions, we demonstrated that DAP is much better and more cost effective. However, after a thorough analysis, we discovered that the DAP protocol is vulnerable to multiple eavesdropping video or camera records attack. Consequently, in this paper, we aim to address this vulnerability by proposing a new security solution that improves the DAP protocol.
“…DAP is a solution that we proposed in [21] allowing to authenticate a user by entering a PIN code using a smartphone during an NFC communication with an ATM. In this technique, the PIN code is the only secret shared between the bank server and the user, the smartphone used integrates the SE and the ATM is equipped with a small touch pad covered with a shell to hide the user's finger movements.…”
Section: Dap Protocolmentioning
confidence: 99%
“…The digits in the upper array are fixed on the screen during the authentication session, but the digits in the lower array can slide horizontally following the movement of the user's finger on the ATM touchpad, and can rotate in a circular manner so that cells that disappear on one side immediately appear on the opposite side in the same order. The user authentication in the DAP protocol requires the following steps [21]: PIN code in the upper array and reads the corresponding digit in the lower array. The user then finds the position of the digit read in the upper array and takes it as a reference to be used as explained in the other steps of the session.…”
Section: Dap Protocolmentioning
confidence: 99%
“…In our previous paper [21], we proposed a new PIN entry protocol on a smartphone to authenticate a user during an NFC communication with an ATM. We proved that this protocol, called Dynamic Array PIN (DAP), is more cost effective and secure than several protocols proposed in existing literature.…”
In order to authenticate a user on an Automated Teller Machine (ATM) using Near Field Communication (NFC) technology embedded on smartphones, we recently proposed a new approach called Dynamic Array PIN Protocol (DAP) that allows a user to enter his PIN code in a secure manner. We proved that the DAP protocol is resistant to 13 different attacks. Furthermore, by comparing it to several existing solutions, we demonstrated that DAP is much better and more cost effective. However, after a thorough analysis, we discovered that the DAP protocol is vulnerable to multiple eavesdropping video or camera records attack. Consequently, in this paper, we aim to address this vulnerability by proposing a new security solution that improves the DAP protocol.
“…In fact, a Personal Identification Number (PIN) is normally produced and saved to be used as numerical passwords for user authentication and numerous unlocking functions. Because current touch screens make it easier to integrate a PIN entry interface on a range of commodity equipment and devices, such as Automated Teller Machines (ATMs) and point-of-sale terminals, their use is growing [4,5]. The most common way to enter a PIN is to use the traditional keypad in ATM.…”
The security of a PIN is largely supported by the authentication process in ATM. Most authentication methods like traditional are based on using PIN as direct entry and this technique has been shown lots of drawbacks such as vulnerability to password space, and shoulder-surfing. In this paper, a new approach is proposed called RoundPIN depends on the appearance of the numerical password through one of the buttons after selecting it by the user and it is done through a number of rounds, the numbers are arranged randomly on the keypad. Due to the variable aspect of the chosen button and the random appearance of the numbers in each connection session and also the selection process will take place through three buttons three auxiliary, the proposed approach can maintain high secure session to enter the PIN to resist shoulder surfing, which is difficult for attackers to observe a user's PIN. The performance evaluation of the proposed approach is achieved in two parts, the first one is based on security analysis. Then a pilot study of thirty users is conducted to evaluate the useability of the proposed approach. It is noticed that the proposed approach can maintain a high level of security as well as acceptable level of useability and user satisfaction compared the conventional keypad system.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
