Abstract—Peeping attack is becoming an issue in the present day world with Peeping Toms looking over someone’s shoulder while he/she is keying in personal data into a computer or punching password at an ATM kiosk. Also there could be the presence of any external device, which may be placed in order to trap the user and obtain valuable information, such as, his/her passwords or ATM card pin numbers, while the user types through. This form of attack is commonly known as Shoulder Surfing attack. Shoulder Surfing is a critical way to know any information, related to a person, who is doing any work in a system. It is relatively easy to stand next to someone and watch, what data the user types as an information to authenticate himself herself to enter into a particular system. This paper provides a solution to the problem of loss in pin numbers of ATM accounts which could be obtained either through direct observation by peeping toms or due to any external vision enhancing devices. The proposed solution also avoids eavesdropper from seeking information by tapping the pin number flowing over an interconnected ATM network. No encryption technique, for encrypting the pin numbers from ATM machines to database is required. The proposed solution is also resistant to reply attack in which a user observes the movement of a person who is keying any information and then repeats his/her actions to authenticate. Thus the proposed solution is very effective.
Index Terms—Authentication, Shoulder Surfing or Peeping attack, Pin Number, Cryptosystem
Cite: Divyans Mahansaria, "Secure Password Entry Scheme in ATM Network which Is Resistant to Peeping Attacks," International Journal of Engineering and Technology vol. 1, no. 2, pp. 142-145, 2009.