'Undercover' looks to replace PINs

Carnegie researchers develop alternative authentication system that no onlooker can observe

Security researchers have tested the first prototypes of a secure authentication system that could one day replace PIN entry at cash points.

Called Undercover, the system was developed by Carnegie Mellon University researcher Nicolas Christin and two graduate students, one associated with Sharp and the other with Mitsubishi. The researchers detailed the scheme in a recently published study.

The challenge was to get around the factors that make PIN entry so vulnerable - for instance, the fact that anyone with sharp eyes or a set of concealed cameras can easily observe what keys a user is tapping.

To deal with such "observation attacks," Undercover conceals not the user's response, but the challenge to which they are responding, or at least part of it.

The prototype entry system Christin decided upon uses a motor-controlled trackball and a keypad with five color-coded keys. The user places his left hand on the trackball, concealing it.

The system's challenge is to display on a screen a set of five images, one of which may be an image from a portfolio that the user has previously provided - for instance, a photo of a pet or a holiday snap. The user is asked to identify their own image, or to press a key signalling that none of the images are theirs.

The motor rotates the concealed trackball in a particular direction, which indicates the values assigned to the color-coded keys - something that, in theory, no onlooker would be able to observe. The user then enters their response on the keypad.

The advantage of this system is that it makes an observation attack drastically more difficult, the researchers said. "We have reduced the problem from hiding the complete challenge to hiding one (or a few) bit(s) of information," they wrote.

The researchers carried out tests on 38 users, using both a standard PIN system and Undercover, where cameras recorded the users' movements. This allowed the researchers to discover all 38 PINs, even those of the more security-conscious users who covered one hand with the other.

On the other hand, the observation attack was only able to crack the Undercover system in a few cases, due to users involuntarily revealing the motion of the trackball for instance.

On the other hand, Undercover's style of authentication is undoubtedly more cumbersome to use - authentication took 25 seconds at a minimum, compared to a median time of 3.2 seconds for PIN entry.

Overall, the researchers found that the system proved usable, with some aspects looking particularly promising for future authentication systems.

"Our results show that users can authenticate within times comparable to that of graphical password schemes, with relatively low error rates, while being considerably better protected against observation attacks," they wrote. "The degree of complexity that two independent sensory signals can present while being successfully reassembled by a majority of people comes a bit as a surprise."

The researchers will present their work at a Computer Human Interaction (CHI) conference in Florence, Italy in April.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma

Techworld.com
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?