Analysis and improvement of a PIN-Entry method resilient to shoulder-surfing and recording attacks

Taekyoung Kwon, Jin Hong

Research output: Contribution to journalArticlepeer-review

37 Citations (Scopus)


Devising a user authentication scheme based on personal identification numbers (PINs) that is both secure and practically usable is a challenging problem. The greatest difficulty lies with the susceptibility of the PIN entry process to direct observational attacks, such as human shoulder-surfing and camera-based recording. This paper starts with an examination of a previous attempt at solving the PIN entry problem, which was based on an elegant adaptive black-And-white coloring of the 10-digit keypad in the standard layout. Even though the method required uncomfortably many user inputs, it had the merit of being easy to understand and use. Our analysis that takes both the experimental and theoretical approaches reveals multiple serious shortcomings of the previous method, including round redundancy, unbalanced key presses, highly frequent system errors, and insufficient resilience to recording attacks. The lessons learned through our analysis are then used to improve the black-And-white PIN entry scheme. The new scheme has the remarkable property of resisting camera-based recording attacks over an unlimited number of authentication sessions without leaking any of the PIN digits.

Original languageEnglish
Article numberA6
Pages (from-to)278-292
Number of pages15
JournalIEEE Transactions on Information Forensics and Security
Issue number2
Publication statusPublished - 2015 Feb 1

Bibliographical note

Publisher Copyright:
© 2005-2012 IEEE.

All Science Journal Classification (ASJC) codes

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications


Dive into the research topics of 'Analysis and improvement of a PIN-Entry method resilient to shoulder-surfing and recording attacks'. Together they form a unique fingerprint.

Cite this