Journal Articles

Permanent URI for this collectionhttps://dspace.univ-soukahras.dz/handle/123456789/25

Browse

Filters

2020 - 20243

Settings

Author: search.filters.author.Samir ChabbiEnd date: 2024

Search Results

Now showing 1 - 3 of 3
  • Thumbnail Image
    Item
    Vulnerability of the Dynamic Array PIN Protocol
    (Ingénierie des Systèmes d’Information, 2022-02-28) Samir Chabbi; Djalel Chefrour
    We recently proposed the Dynamic Array PIN protocol (DAP), which is a novel approach for user authentication on Automated Teller Machines. DAP replaces bank cards with smartphones that support Near Field Communication (NFC) and allows a user to enter his PIN code in a secure way. We showed that DAP is resistant to 13 different attacks and is therefore better and more cost effective than several other solutions from the literature. However, after carrying a deeper analysis we found that DAP is vulnerable to a complex attack that might lead to unauthorized transactions on ATMs if the user smartphone and his PIN code are both stolen. In this paper we expose how the user PIN code can be discretely discovered using multiple eavesdropping videos or camera records. We also propose several fixes for this vulnerability.
  • Thumbnail Image
    Item
    An Intersection Attack on the CirclePIN Smartwatch Authentication Mechanism
    (IEEE Internet of Things Journal, 2024-04-01) Djalel Chefrour; Yasser Sedira; Samir Chabbi
    We present a thorough security analysis of a recent smartwatch authentication mechanism called CirclePIN, which was considered resilient to several attacks, including shoulder surfing and video recording. This mechanism avoids the direct entry of the personal identification number (PIN) by using consecutive screens of random colors that fool the attacker. We disclose a vulnerability in CirclePIN inherent to the way in which the users match the random colors to their PINs’ digits and we illustrate how to exploit it with an intersection attack. This attack uses the information extracted from multiple video recordings of legitimate authentication sessions. We prove that it has a high probability of revealing the user PIN with only three video recordings and always succeeds with five. Our proof is twofold. We formulate the theoretical probability of success for the attack as a function of the number of available video recordings. Then, we validate this formula with a simulation of a large number of attacks to compute their experimental probability of success. In our estimation, manual information extraction takes around 1 min per exploitable video recording. So, a complete intersection attack is cost effective in terms of time, as it lasts 5 min or less.
  • Thumbnail Image
    Item
    Dynamic array PIN: A novel approach to secure NFC electronic payment between ATM and smartphone
    (Taylor & Francis, 2020-06-04) Samir Chabbi; Rachid Boudour; Fouzi Semchedine; Djalel Chefrour
    Near Field Communication (NFC) technology has been used recently for electronic payment between an Automated Teller Machine (ATM) and a Smartphone. It is threatened by several attacks that can steal the user personal data like the password or the Personal Identification Number (PIN). In this paper, we present Dynamic Array PIN (DAP), a novel approach for user authentication on a Smartphone that uses NFC electronic payment with an ATM. Our analysis and experimentation prove that this technique protects against thirteen different attacks and is cost-effective in terms of required hardware, authentication time, computing power and storage space.