C-24

Home / Research  / Publications / C-24

DynamicPIN: A Novel Approach towards Secure ATM Authentication

Jong-Hoon Kim ATR Lab, Dept. of Computer Science Kent State Univ., Kent, Ohio, USA jkim72@kent.edu
Gokarna Sharma Dept. of Computer Science Kent State Univ., Kent, Ohio, USA gsharma2@kent.edu
Irvin Steve Cardenas ATR Lab, Dept. of Computer Science Kent State Univ., Kent, Ohio, USA irvin@irvincardenas.com
Do Yeon Kim Dept. of Biomedical Engineering Hanyang Univ., Seoul, South Korea dkim9681@hanyang.ac.kr
Nagarajan Prabakar Discovery Lab, SCIS Florida International Univ. Miami, FL, USA prabakar@cis.fiu.edu
S.S. Iyengar Discovery Lab, SCIS Florida International Univ. Miami, FL, USA iyengar@cis.fiu.edu

 

Abstract—Along with the popularity and widespread use of automated teller machines (ATMs), ATM frauds are also increasingdrasticallythesedays.Shoulder-surfingattacks,such as card skimming, PIN capturing using fake machines or fake PINpads,arethemostcommonmethodsusedbyadversariesto capture data from the magnetic stripe on the back of the ATM card. The main problem lies in the existing static PIN-based authentication mechanism which does not provide any security measure (besides displaying asterisks when an user enters a preassigned PIN to the ATM). In this paper, we give a novel approach called DynamicPIN for secure ATM authentication, which is resilient to shoulder-surfing attacks. DynamicPIN is very simple, does not require any hardware changes, and does not pose any significant overhead to the system. A realtime experimental study showed that DynamicPIN improves significantly the ATM authentication compared to the existing static PIN-based authentication mechanism.