Proof of Concept of Touchless Interface on Random Keypad for ATM Shoulder Surfing Mitigation

Descripción del Articulo

Financial inclusion in Peru is on the rise, with 56% of adults already having financial products. This has increased the use of ATMs and the risks associated with them, such as shoulder surfing. To mitigate the risk of this attack, a proof of concept of a touchless interface that allows users to ent...

Descripción completa

Detalles Bibliográficos
Autores: Ríos Villegas, Bruno Fabrizio, Torres Paredes, Carlos Martin
Formato: artículo
Fecha de Publicación:2023
Institución:Universidad de Lima
Repositorio:Revistas - Universidad de Lima
Lenguaje:español
OAI Identifier:oai:revistas.ulima.edu.pe:article/6557
Enlace del recurso:https://revistas.ulima.edu.pe/index.php/Interfases/article/view/6557
Nivel de acceso:acceso abierto
Materia:touchless interfaces
automated teller machines
shoulder surfing
random keypad
interfaces touchless
cajeros automáticos
teclado numérico aleatorio
id REVULIMA_c76702c345cff8bf04e88105f6806d78
oai_identifier_str oai:revistas.ulima.edu.pe:article/6557
network_acronym_str REVULIMA
network_name_str Revistas - Universidad de Lima
repository_id_str
spelling Proof of Concept of Touchless Interface on Random Keypad for ATM Shoulder Surfing MitigationPrueba de concepto de interfaz touchless en teclado numérico aleatorio para mitigación de shoulder surfing en cajeros automáticosRíos Villegas, Bruno FabrizioTorres Paredes, Carlos Martintouchless interfacesautomated teller machinesshoulder surfingrandom keypadinterfaces touchlesscajeros automáticosshoulder surfingteclado numérico aleatorioFinancial inclusion in Peru is on the rise, with 56% of adults already having financial products. This has increased the use of ATMs and the risks associated with them, such as shoulder surfing. To mitigate the risk of this attack, a proof of concept of a touchless interface that allows users to enter their PIN securely was developed, proposing an example for use by banking institutions or ATM manufacturers. For this purpose, randomly disordered sequences of numbers from 0 to 9 were generated without repeating them. Then, infrared sensors were implemented to enter the PIN numbers. Mitigation and usability tests were performed with a group of 16 people. The first test showed encouraging results, as the attackers found it difficult to identify the digits entered by the users and only managed to register 25% correctly. Likewise, in the usability tests, an usability average of 78.4375 was obtained, placing the interface in a B+ range, above the threshold of 68 points. Considering this, it is concluded that the proposal meets the objective of allowing the user to enter his PIN securely against shoulder surfing attacks.La inclusión financiera en el Perú está en aumento, pues ya el 56 % de los adultos tiene productos financieros. Esto ha incrementado el uso de cajeros automáticos y los riesgos asociados a ellos, como el shoulder surfing. Buscando mitigar el riesgo de este ataque, se hizo una prueba de concepto de interfaz touchless que permite a los usuarios ingresar su PIN de manera segura, proponiendo un ejemplo para que sea usado por entidades bancarias o fabricantes de cajeros automáticos. Para esto, se generaron secuencias desordenadas aleatoriamente con los números del 0 al 9 sin que estos se repitan. Luego, se implementan sensores infrarrojos para ingresar los números del PIN. Se realizaron pruebas de mitigación y usabilidad con un grupo de 16 personas. La primera prueba mostró resultados alentadores, pues a los atacantes se le dificulta identificar los dígitos ingresados por los usuarios y solo lograron registrar el 25 % correctamente. Asimismo, en las pruebas de usabilidad se obtuvo un promedio general de usabilidad de 78.4375, situando a la interfaz en un rango B +, por encima del umbral de 68 puntos. Considerando esto, se concluye que la propuesta cumple con el objetivo de permitir al usuario ingresar su PIN de manera segura ante ataques de shoulder surfing.Universidad de Lima2023-12-29info:eu-repo/semantics/articleinfo:eu-repo/semantics/publishedVersionapplication/pdftext/htmlhttps://revistas.ulima.edu.pe/index.php/Interfases/article/view/655710.26439/interfases2023.n018.6557Interfases; No. 018 (2023); 207-233Interfases; Núm. 018 (2023); 207-233Interfases; n. 018 (2023); 207-2331993-491210.26439/interfases2023.n018reponame:Revistas - Universidad de Limainstname:Universidad de Limainstacron:ULIMAspahttps://revistas.ulima.edu.pe/index.php/Interfases/article/view/6557/6679https://revistas.ulima.edu.pe/index.php/Interfases/article/view/6557/6883https://creativecommons.org/licenses/by/4.0info:eu-repo/semantics/openAccessoai:revistas.ulima.edu.pe:article/65572024-05-24T00:26:28Z
dc.title.none.fl_str_mv Proof of Concept of Touchless Interface on Random Keypad for ATM Shoulder Surfing Mitigation
Prueba de concepto de interfaz touchless en teclado numérico aleatorio para mitigación de shoulder surfing en cajeros automáticos
title Proof of Concept of Touchless Interface on Random Keypad for ATM Shoulder Surfing Mitigation
spellingShingle Proof of Concept of Touchless Interface on Random Keypad for ATM Shoulder Surfing Mitigation
Ríos Villegas, Bruno Fabrizio
touchless interfaces
automated teller machines
shoulder surfing
random keypad
interfaces touchless
cajeros automáticos
shoulder surfing
teclado numérico aleatorio
title_short Proof of Concept of Touchless Interface on Random Keypad for ATM Shoulder Surfing Mitigation
title_full Proof of Concept of Touchless Interface on Random Keypad for ATM Shoulder Surfing Mitigation
title_fullStr Proof of Concept of Touchless Interface on Random Keypad for ATM Shoulder Surfing Mitigation
title_full_unstemmed Proof of Concept of Touchless Interface on Random Keypad for ATM Shoulder Surfing Mitigation
title_sort Proof of Concept of Touchless Interface on Random Keypad for ATM Shoulder Surfing Mitigation
dc.creator.none.fl_str_mv Ríos Villegas, Bruno Fabrizio
Torres Paredes, Carlos Martin
author Ríos Villegas, Bruno Fabrizio
author_facet Ríos Villegas, Bruno Fabrizio
Torres Paredes, Carlos Martin
author_role author
author2 Torres Paredes, Carlos Martin
author2_role author
dc.subject.none.fl_str_mv touchless interfaces
automated teller machines
shoulder surfing
random keypad
interfaces touchless
cajeros automáticos
shoulder surfing
teclado numérico aleatorio
topic touchless interfaces
automated teller machines
shoulder surfing
random keypad
interfaces touchless
cajeros automáticos
shoulder surfing
teclado numérico aleatorio
description Financial inclusion in Peru is on the rise, with 56% of adults already having financial products. This has increased the use of ATMs and the risks associated with them, such as shoulder surfing. To mitigate the risk of this attack, a proof of concept of a touchless interface that allows users to enter their PIN securely was developed, proposing an example for use by banking institutions or ATM manufacturers. For this purpose, randomly disordered sequences of numbers from 0 to 9 were generated without repeating them. Then, infrared sensors were implemented to enter the PIN numbers. Mitigation and usability tests were performed with a group of 16 people. The first test showed encouraging results, as the attackers found it difficult to identify the digits entered by the users and only managed to register 25% correctly. Likewise, in the usability tests, an usability average of 78.4375 was obtained, placing the interface in a B+ range, above the threshold of 68 points. Considering this, it is concluded that the proposal meets the objective of allowing the user to enter his PIN securely against shoulder surfing attacks.
publishDate 2023
dc.date.none.fl_str_mv 2023-12-29
dc.type.none.fl_str_mv info:eu-repo/semantics/article
info:eu-repo/semantics/publishedVersion
format article
status_str publishedVersion
dc.identifier.none.fl_str_mv https://revistas.ulima.edu.pe/index.php/Interfases/article/view/6557
10.26439/interfases2023.n018.6557
url https://revistas.ulima.edu.pe/index.php/Interfases/article/view/6557
identifier_str_mv 10.26439/interfases2023.n018.6557
dc.language.none.fl_str_mv spa
language spa
dc.relation.none.fl_str_mv https://revistas.ulima.edu.pe/index.php/Interfases/article/view/6557/6679
https://revistas.ulima.edu.pe/index.php/Interfases/article/view/6557/6883
dc.rights.none.fl_str_mv https://creativecommons.org/licenses/by/4.0
info:eu-repo/semantics/openAccess
rights_invalid_str_mv https://creativecommons.org/licenses/by/4.0
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
text/html
dc.publisher.none.fl_str_mv Universidad de Lima
publisher.none.fl_str_mv Universidad de Lima
dc.source.none.fl_str_mv Interfases; No. 018 (2023); 207-233
Interfases; Núm. 018 (2023); 207-233
Interfases; n. 018 (2023); 207-233
1993-4912
10.26439/interfases2023.n018
reponame:Revistas - Universidad de Lima
instname:Universidad de Lima
instacron:ULIMA
instname_str Universidad de Lima
instacron_str ULIMA
institution ULIMA
reponame_str Revistas - Universidad de Lima
collection Revistas - Universidad de Lima
repository.name.fl_str_mv
repository.mail.fl_str_mv
_version_ 1841719313130586112
score 13.023852
Proof of Concept of Touchless Interface on Random Keypad for ATM Shoulder Surfing Mitigation
Nota importante:
La información contenida en este registro es de entera responsabilidad de la institución que gestiona el repositorio institucional donde esta contenido este documento o set de datos. El CONCYTEC no se hace responsable por los contenidos (publicaciones y/o datos) accesibles a través del Repositorio Nacional Digital de Ciencia, Tecnología e Innovación de Acceso Abierto (ALICIA).

Ejemplares Similares