A Graphical PIN Authentication Mechanism for Smart Cards and Low-Cost Devices
Source: University of Salerno
Passwords and PINs are still the most deployed authentication mechanism, although they suffer of relevant and well known weakness. The protection of passwords is a classical branch of research in computer security. Several important improvements to the old-fashioned alphanumeric passwords, according to the context of different applications, have been proposed in the last years. Indeed, literature on authentication and passwords is hug. Thus, two most important aspects in dealing with passwords include keeping of easy passwords but they should be strong enough in order to avoid guessing attacks. Secondly, the authentication mechanism should be resilient against classical threats, like shoulder surfing attacks, i.e., the capability of recording the interaction of the user and the terminal; moreover, it should be light enough to be used also on small computers. The majority of proposed schemes require costly hardware (e.g., medium or high resolution displays and graphic adapters, touch screen, data storage, high computational resources etc.). This makes some of the proposed schemes not suitable to be implemented on low cost equipments (e.g., current ATM terminals that are still the overwhelming majority). The generation of challenges and the verification of user's responses should be affordable also by computer with limited computational resources. Moreover, user responses should be composed as well by any sophisticated pointing device as by simple keypad.