Finger-drawn PIN Authentication on Touch Devices


PIN authentication is widely used thanks to its simplicity and usability, but it is known to be susceptible to shoulder surfing. In this paper, we propose a novel online finger-drawn PIN authentication technique that lets a user draw a PIN on a touch interface with her finger. The system provides some resilience to shoulder surfing without increasing authentication delay and complexity by using both the PIN as well as a behavioral biometric in user verification. Our approach adopts the Dynamic Time Warping (DTW) algorithm to compute dissimilarity scores between PIN samples. We evaluate our system in two shoulder surfing scenarios: 1) PIN attack where the attacker only knows the victim’s PIN but has no information about it’s drawing characteristic and 2) Imitation attack where an attacker has access to a dynamic drawing sequence of a victim’s finger-drawn PIN in the form of multiple observations. Experimental results with a data set of 40 users and 2400 imitating samples from two attacks yield an Equal Error Rate (EER) of 6.7% and 9.9% respectively, indicating the need for further study on this promising authentication mechanism.

in Proceedings of International Conference on Image Processing (ICIP), pp. 5002 - 5006, Paris, France, October 2014