Open AccessVulnerability of the Dynamic Array PIN Protocol
Author(s) -
Samir Chabbi,
Djalel Chefrour
Publication year - 2022
Publication title -
ingénierie des systèmes d'information/ingénierie des systèmes d'information
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.161
H-Index - 8
eISSN - 2116-7125
pISSN - 1633-1311
DOI - 10.18280/isi.270105
Subject(s) - eavesdropping , vulnerability (computing) , computer science , computer security , protocol (science) , code (set theory) , authentication (law) , embedded system , computer network , programming language , medicine , alternative medicine , set (abstract data type) , pathology
We recently proposed the Dynamic Array PIN protocol (DAP), which is a novel approach for user authentication on Automated Teller Machines. DAP replaces bank cards with smartphones that support Near Field Communication (NFC) and allows a user to enter his PIN code in a secure way. We showed that DAP is resistant to 13 different attacks and is therefore better and more cost effective than several other solutions from the literature. However, after carrying a deeper analysis we found that DAP is vulnerable to a complex attack that might lead to unauthorized transactions on ATMs if the user smartphone and his PIN code are both stolen. In this paper we expose how the user PIN code can be discretely discovered using multiple eavesdropping videos or camera records. We also propose several fixes for this vulnerability.