Finger-drawn pin authentication on touch devices

Toan Van Nguyen, Napa Sae-Bae, Nasir Memon

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

PIN authentication is widely used thanks to its simplicity and usability, but it is known to be susceptible to shoulder surfing. In this paper, we propose a novel online finger-drawn PIN authentication technique that lets a user draw a PIN on a touch interface with her finger. The system provides some resilience to shoulder surfing without increasing authentication delay and complexity by using both the PIN as well as a behavioral biometric in user verification. Our approach adopts the Dynamic Time Warping (DTW) algorithm to compute dissimilarity scores between PIN samples. We evaluate our system in two shoulder surfing scenarios: 1) PIN attack where the attacker only knows the victim's PIN but has no information about it's drawing characteristic and 2) Imitation attack where an attacker has access to a dynamic drawing sequence of a victim's finger-drawn PIN in the form of multiple observations. Experimental results with a data set of 40 users and 2400 imitating samples from two attacks yield an Equal Error Rate (EER) of 6.7% and 9.9% respectively, indicating the need for further study on this promising authentication mechanism.

Original languageEnglish (US)
Title of host publication2014 IEEE International Conference on Image Processing, ICIP 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages5002-5006
Number of pages5
ISBN (Electronic)9781479957514
DOIs
StatePublished - Jan 28 2014

Publication series

Name2014 IEEE International Conference on Image Processing, ICIP 2014

Keywords

  • Finger-drawn PIN
  • behavioral biometric
  • mobile authentication
  • online signature
  • shoulder surfing

ASJC Scopus subject areas

  • Computer Vision and Pattern Recognition

Fingerprint

Dive into the research topics of 'Finger-drawn pin authentication on touch devices'. Together they form a unique fingerprint.

Cite this