Article: On the adoption of scramble keypad for unlocking PIN-protected smartphones Journal: International Journal of Information and Computer Security (IJICS) 2021 Vol.15 No.1 pp.1 - 17 Abstract: Personal identification number (PIN) is a simple and effective mechanism for screen unlocking but is susceptible to a number of attacks. Scramble keypad is a method that can improve the security of PIN by changing the keypad layout in each PIN-entry process. However, scramble keypad has not been provided as a standard feature in Android and iOS. In this work, we conducted a security and usability analysis of scramble keypad through theoretical analysis and user studies. The security analysis shows that scramble keypad can perfectly defend smudge attacks and greatly reduce the threats of side-channel attacks. It also has a significantly better chance to defend shoulder surfing attacks than standard keypad. The compromising of usability of scramble keypad for the improved security was also investigated. The results suggest that it is worthy to provide scramble keypad as a standard option of mobile operating systems for unlocking PIN-protected smartphones. Inderscience Publishers - linking academia, business and industry through research

Title: On the adoption of scramble keypad for unlocking PIN-protected smartphones

Authors: Geetika Kovelamudi; Bryan Watson; Jun Zheng; Srinivas Mukkamala

Addresses: Department of Computer Science and Engineering, New Mexico Institute of Mining and Technology, Socorro, NM, 87801, USA ' Department of Computer Science and Engineering, New Mexico Institute of Mining and Technology, Socorro, NM, 87801, USA ' Department of Computer Science and Engineering, New Mexico Institute of Mining and Technology, Socorro, NM, 87801, USA ' The Institute of Complex Additive Systems Analysis, New Mexico Institute of Mining and Technology, Socorro, NM, 87801, USA; RiskSense, Inc., Albuquerque, NM, 87109, USA

Abstract: Personal identification number (PIN) is a simple and effective mechanism for screen unlocking but is susceptible to a number of attacks. Scramble keypad is a method that can improve the security of PIN by changing the keypad layout in each PIN-entry process. However, scramble keypad has not been provided as a standard feature in Android and iOS. In this work, we conducted a security and usability analysis of scramble keypad through theoretical analysis and user studies. The security analysis shows that scramble keypad can perfectly defend smudge attacks and greatly reduce the threats of side-channel attacks. It also has a significantly better chance to defend shoulder surfing attacks than standard keypad. The compromising of usability of scramble keypad for the improved security was also investigated. The results suggest that it is worthy to provide scramble keypad as a standard option of mobile operating systems for unlocking PIN-protected smartphones.

Keywords: scramble keypad; PIN unlock; mobile security; usability; attacks.

DOI: 10.1504/IJICS.2021.115345

International Journal of Information and Computer Security, 2021 Vol.15 No.1, pp.1 - 17

Received: 13 Jun 2017
Accepted: 20 Mar 2018
Published online: 01 Jun 2021 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: On the adoption of scramble keypad for unlocking PIN-protected smartphones

Keep up-to-date