Vulnerability of the Dynamic Array PIN Protocol

Samir Chabbi; Djalel Chefrour

Vulnerability of the Dynamic Array PIN Protocol

Files

2022-489-9f245.pdf (1.29 MB)

Date

2022-02-28

Authors

Samir Chabbi

Djalel Chefrour

Publisher

Ingénierie des Systèmes d’Information

Abstract

We recently proposed the Dynamic Array PIN protocol (DAP), which is a novel approach for user authentication on Automated Teller Machines. DAP replaces bank cards with smartphones that support Near Field Communication (NFC) and allows a user to enter his PIN code in a secure way. We showed that DAP is resistant to 13 different attacks and is therefore better and more cost effective than several other solutions from the literature. However, after carrying a deeper analysis we found that DAP is vulnerable to a complex attack that might lead to unauthorized transactions on ATMs if the user smartphone and his PIN code are both stolen. In this paper we expose how the user PIN code can be discretely discovered using multiple eavesdropping videos or camera records. We also propose several fixes for this vulnerability.

Citation

Chabbi, S., Chefrour, D. (2022). Vulnerability of the dynamic array PIN protocol. Ingénierie des Systèmes d’Information, Vol. 27, No. 1, pp. 41-47. https://doi.org/10.18280/isi.270105

URI

https://dspace.univ-soukahras.dz/handle/123456789/3590

Collections

Journal Articles

Full item page