Title: On the adoption of scramble keypad for unlocking PIN-protected smartphones
Authors: Geetika Kovelamudi; Bryan Watson; Jun Zheng; Srinivas Mukkamala
Addresses: Department of Computer Science and Engineering, New Mexico Institute of Mining and Technology, Socorro, NM, 87801, USA ' Department of Computer Science and Engineering, New Mexico Institute of Mining and Technology, Socorro, NM, 87801, USA ' Department of Computer Science and Engineering, New Mexico Institute of Mining and Technology, Socorro, NM, 87801, USA ' The Institute of Complex Additive Systems Analysis, New Mexico Institute of Mining and Technology, Socorro, NM, 87801, USA; RiskSense, Inc., Albuquerque, NM, 87109, USA
Abstract: Personal identification number (PIN) is a simple and effective mechanism for screen unlocking but is susceptible to a number of attacks. Scramble keypad is a method that can improve the security of PIN by changing the keypad layout in each PIN-entry process. However, scramble keypad has not been provided as a standard feature in Android and iOS. In this work, we conducted a security and usability analysis of scramble keypad through theoretical analysis and user studies. The security analysis shows that scramble keypad can perfectly defend smudge attacks and greatly reduce the threats of side-channel attacks. It also has a significantly better chance to defend shoulder surfing attacks than standard keypad. The compromising of usability of scramble keypad for the improved security was also investigated. The results suggest that it is worthy to provide scramble keypad as a standard option of mobile operating systems for unlocking PIN-protected smartphones.
Keywords: scramble keypad; PIN unlock; mobile security; usability; attacks.
DOI: 10.1504/IJICS.2021.115345
International Journal of Information and Computer Security, 2021 Vol.15 No.1, pp.1 - 17
Received: 13 Jun 2017
Accepted: 20 Mar 2018
Published online: 01 Jun 2021 *