Skimming Smartphone PINs Under Restrictive Conditions

dc.contributor.advisorKhan, Hassan
dc.contributor.authorAbulibdeh, Rawan
dc.date.accessioned2021-08-30T20:06:32Z
dc.date.available2021-08-30T20:06:32Z
dc.date.copyright2021-08
dc.date.created2021-08-11
dc.degree.departmentSchool of Computer Scienceen_US
dc.degree.grantorUniversity of Guelphen_US
dc.degree.nameMaster of Scienceen_US
dc.degree.programmeComputer Scienceen_US
dc.description.abstractPersonal Identification Number (PIN) authentication is not only used to authenticate mobile devices but also used in bank security (e.g., ATM cards), and security of physical assets (e.g., homes). Attacks on PINs have become more widespread. Mobile phones store nearly every aspect of personal data on them. Therefore, securing the PIN entry is an important consideration in this technological era. The use of a mobile device in any public area opens up the possibility of an attack. In our work, we introduce a new video-based attack on a mobile device to decipher the PINs used for authentication on smartphones. Our approach varies from the previous works as it does not require any visibility of the device's screen or the hand of the person entering the PIN. By using just the tilt of the corners of the screen when a person enters their PIN, we identify the areas where the victim's hand touched the screen and as a result, predict the PIN entered. This strategy enables us to reduce the search space compared to an exhaustive search method by obtaining an average of 2-4 candidate keys for each key-press in a PIN. Our method resulted in a 75% accuracy rate of predicting which cluster group out of four cluster groups each key in the PIN belongs. Therefore, we are able to highlight the threat users face when entering their PIN in a public setting and show that hiding the screen during authentication provides no safety to the user.en_US
dc.identifier.urihttps://hdl.handle.net/10214/26322
dc.language.isoenen_US
dc.publisherUniversity of Guelphen_US
dc.rights.licenseAll items in the Atrium are protected by copyright with all rights reserved unless otherwise indicated.
dc.subjectauthenticationen_US
dc.subjectside channel attacken_US
dc.subjectsmartphone securityen_US
dc.subjecttilt movementen_US
dc.subjectmachine learningen_US
dc.subjectsecurityen_US
dc.subjectcomputer visionen_US
dc.subjectPIN skimmingen_US
dc.titleSkimming Smartphone PINs Under Restrictive Conditionsen_US
dc.typeThesisen_US

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Abulibdeh_Rawan_202108_MSc.pdf
Size:
9.48 MB
Format:
Adobe Portable Document Format
Description: