Vulnerability of the Dynamic Array PIN Protocol

Abstract: We recently proposed the Dynamic Array PIN protocol (DAP), which is a novel approach for user authentication on Automated Teller Machines. DAP replaces bank cards with smartphones that support Near Field Communication (NFC) and allows a user to enter his PIN code in a secure way. We showed that DAP is resistant to 13 different attacks and is therefore better and more cost effective than several other solutions from the literature. However, after carrying a deeper analysis we found that DAP is vulnerable to a c… Show more

“…To complete this operation, the user presses the "Validate" button. However, in our previous paper [23], we discovered that the DAP protocol is vulnerable to the intersection of multiple records (video eavesdropping or camera recording) attack where the attacker can steal the user's PIN code [22]. This attack is usually applied to discover the PIN entered by the user when using a smart technique (PIN digits are not entered directly).…”

“…However, we later discovered that the DAP protocol is vulnerable to the intersection of multiple records (video eavesdropping or camera recording) attack, where the attacker can steal the user's PIN code [22]. This vulnerability is illustrated in our previous paper [23]. Consequently, our objective in this paper is to solve this vulnerability by proposing a new security solution that improves the DAP protocol.…”

A New Security Solution Enhancing the Dynamic Array PIN Protocol

“…To complete this operation, the user presses the "Validate" button. However, in our previous paper [23], we discovered that the DAP protocol is vulnerable to the intersection of multiple records (video eavesdropping or camera recording) attack where the attacker can steal the user's PIN code [22]. This attack is usually applied to discover the PIN entered by the user when using a smart technique (PIN digits are not entered directly).…”

“…However, we later discovered that the DAP protocol is vulnerable to the intersection of multiple records (video eavesdropping or camera recording) attack, where the attacker can steal the user's PIN code [22]. This vulnerability is illustrated in our previous paper [23]. Consequently, our objective in this paper is to solve this vulnerability by proposing a new security solution that improves the DAP protocol.…”

A New Security Solution Enhancing the Dynamic Array PIN Protocol