An Intersection Attack on the CirclePIN Smartwatch Authentication Mechanism
| dc.contributor.author | Djalel Chefrour | |
| dc.contributor.author | Yasser Sedira | |
| dc.contributor.author | Samir Chabbi | |
| dc.date.accessioned | 2024-03-29T14:22:33Z | |
| dc.date.available | 2024-03-29T14:22:33Z | |
| dc.date.issued | 2024-04-01 | |
| dc.description.abstract | We present a thorough security analysis of a recent smartwatch authentication mechanism called CirclePIN, which was considered resilient to several attacks, including shoulder surfing and video recording. This mechanism avoids the direct entry of the personal identification number (PIN) by using consecutive screens of random colors that fool the attacker. We disclose a vulnerability in CirclePIN inherent to the way in which the users match the random colors to their PINs’ digits and we illustrate how to exploit it with an intersection attack. This attack uses the information extracted from multiple video recordings of legitimate authentication sessions. We prove that it has a high probability of revealing the user PIN with only three video recordings and always succeeds with five. Our proof is twofold. We formulate the theoretical probability of success for the attack as a function of the number of available video recordings. Then, we validate this formula with a simulation of a large number of attacks to compute their experimental probability of success. In our estimation, manual information extraction takes around 1 min per exploitable video recording. So, a complete intersection attack is cost effective in terms of time, as it lasts 5 min or less. | |
| dc.description.sponsorship | Algerian Ministry of Higher Education and Scientific Research (Grant Number: PRFU C00L07UN410120230002) | |
| dc.identifier.citation | D. Chefrour, Y. Sedira and S. Chabbi, "An Intersection Attack on the CirclePIN Smartwatch Authentication Mechanism," in IEEE Internet of Things Journal, vol. 11, no. 7, pp. 12485-12494, 1 April1, 2024, doi: 10.1109/JIOT.2023.3333964. | |
| dc.identifier.issn | 2327-4662 | |
| dc.identifier.uri | https://dspace.univ-soukahras.dz/handle/123456789/3589 | |
| dc.language.iso | en_US | |
| dc.publisher | IEEE Internet of Things Journal | |
| dc.relation.ispartofseries | 11; 7 | |
| dc.title | An Intersection Attack on the CirclePIN Smartwatch Authentication Mechanism | |
| dc.type | Article |