TY - GEN
T1 - LightDefender
T2 - 18th Annual IEEE International Conference on Pervasive Computing and Communications, PerCom 2020
AU - Shang, Jiacheng
AU - Wu, Jie
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/3
Y1 - 2020/3
N2 - Nowadays, personal identification number (PIN) is one of the most popular methods for identity verification. However, recent researches show that attackers can easily recover victims' PINs in spite of the large number of combinations PIN provides. Existing protection approaches require alteration of the original interaction between the user and PIN-based authentication systems, or still fail if the attacker can observe and mimic the victim's input behavior. Considering these limitations, we propose a defense system called LightDefender to protect current PIN-based systems from PIN replay attacks using a single ambient light sensor. Specifically, we protect the PIN input by leveraging the biometrics in the received light intensity that is influenced by input behaviors and biological features. To our best knowledge, our work is the first one to protect PIN input using the light intensity. Different from existing approaches, LightDefender does not change the original interaction methods between the user and PIN-based authentication systems, and the extra hardware cost is low. In addition, by leveraging biological differences (e.g. finger length) among different users, LightDefender still claims high-security protection against strong attackers who can mimic the victim's input behaviors. Experiments with 10 volunteers show that LightDefender can achieve an average true acceptance rate of 95% for normal users. More importantly, LightDefender can correctly reject two types attackers with an average true rejection rate of at least 93.6% without data of new attackers.
AB - Nowadays, personal identification number (PIN) is one of the most popular methods for identity verification. However, recent researches show that attackers can easily recover victims' PINs in spite of the large number of combinations PIN provides. Existing protection approaches require alteration of the original interaction between the user and PIN-based authentication systems, or still fail if the attacker can observe and mimic the victim's input behavior. Considering these limitations, we propose a defense system called LightDefender to protect current PIN-based systems from PIN replay attacks using a single ambient light sensor. Specifically, we protect the PIN input by leveraging the biometrics in the received light intensity that is influenced by input behaviors and biological features. To our best knowledge, our work is the first one to protect PIN input using the light intensity. Different from existing approaches, LightDefender does not change the original interaction methods between the user and PIN-based authentication systems, and the extra hardware cost is low. In addition, by leveraging biological differences (e.g. finger length) among different users, LightDefender still claims high-security protection against strong attackers who can mimic the victim's input behaviors. Experiments with 10 volunteers show that LightDefender can achieve an average true acceptance rate of 95% for normal users. More importantly, LightDefender can correctly reject two types attackers with an average true rejection rate of at least 93.6% without data of new attackers.
KW - PIN input protection
KW - Personal identification number
KW - ambient light
UR - http://www.scopus.com/inward/record.url?scp=85088703817&partnerID=8YFLogxK
U2 - 10.1109/PerCom45495.2020.9127361
DO - 10.1109/PerCom45495.2020.9127361
M3 - Conference contribution
AN - SCOPUS:85088703817
T3 - 18th Annual IEEE International Conference on Pervasive Computing and Communications, PerCom 2020
BT - 18th Annual IEEE International Conference on Pervasive Computing and Communications, PerCom 2020
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 23 March 2020 through 27 March 2020
ER -