Seamless Security on Mobile Devices Textual Password Quantification Model Based Usability Evaluation of Secure Rotary Entry Pad Authentication
DOI:
https://doi.org/10.30812/matrik.v22i2.2700Keywords:
JSON Web Token, Mobile Device, Rotary Entry Pad, Shoulder Surfing Attack, TQ-Model, Usability EvaluationAbstract
Mobile devices are vulnerable to shoulder surfing and smudge attacks, which should occur when a user enters a PIN for authentication purposes. This attack can be avoided by implementing a rotary entry pad mechanism. Despite this, several studies have found that using a rotary entry pad reduces user usability. This study uses a Design Research Methodology approach. It will implement a rotary entry pad authentication in the Android operating system as an authentication method to protect the device against Shoulder Surfing Attacks and Smudge Attacks. Furthermore, it combined JSON Web Token (JWT) to secure the authentication process from the client to the server. At the end of implementation, it compared with other studies in terms of usability and evaluated it using the TQ-Model, which showed that the usability aspect has improved. Regarding security, we conducted a shoulder surfing attack simulation to assess the efficacy of guessing PINs. The results showed that only a limited number of attempts were successful, with two out of five samples failing to guess any numbers and only one sample successfully guessing six 10-digit PIN combinations out of 10 to the power of 10. The security test results show that shoulder surfing attacks are more difficult to perform after implementing the rotary entry pad. The evaluation showed that the JSpinpad performed better, with seven parameters showing improvement, one parameter showing a decline, and ten parameters remaining unchanged.
Downloads
Download data is not yet available.
References
[1] C. Shen, T. Yu, H. Xu, G. Yang, and X. Guan, “User practice in password security: An empirical study of real-life passwords in the wild,†Comput. Secur., vol. 61, pp. 130–141, 2016, doi: 10.1016/j.cose.2016.05.007.
[2] A. Huang, S. Gao, J. Chen, L. Xu, and A. Nathan, “High Security User Authentication Enabled by Piezoelectric Keystroke Dynamics and Machine Learning,†IEEE Sens. J., vol. 20, no. 21, pp. 13037–13046, 2020, doi: 10.1109/JSEN.2020.3001382.
[3] T. M. Ibrahim et al., “Recent advances in mobile touch screen security authentication methods: A systematic literature review,†Comput. Secur., vol. 85, pp. 1–24, 2019, doi: 10.1016/j.cose.2019.04.008.
[4] P. Markert, D. V. Bailey, M. Golla, M. Dürmuth, and A. J. Aviv, “On the Security of Smartphone Unlock PINs,†ACM Trans. Priv. Secur., vol. 24, no. 4, 2021, doi: 10.1145/3473040.
[5] D. H. Nyang et al., “Two-Thumbs-Up: Physical protection for PIN entry secure against recording attacks,†Comput. Secur., vol. 78, pp. 1–15, 2018, doi: 10.1016/j.cose.2018.05.012.
[6] M. Shahzad, A. X. Liu, and A. Samuel, “Secure unlocking of mobile touch screen devices by simple gestures,†Proc. 19th Annu. Int. Conf. Mob. Comput. Netw. - MobiCom ’13, p. 39, 2013.
[7] A. Souza, Ã. Cunha, and L. B Oliveira, “NomadiKey: User authentication for smart devices based on nomadic keys,†Int. J. Netw. Manag., vol. 28, no. 1, pp. 1–19, 2018, doi: 10.1002/nem.1998.
[8] W. Z. Khan, M. Y. Aalsalem, and Y. Xiang, “A Graphical Password Based System for Small Mobile Devices,†vol. 8, no. 5, pp. 145–154, 2011.
[9] A. De Luca, K. Hertzschuch, and H. Hussmann, “ColorPIN - Securing PIN entry through indirect input,†Conf. Hum. Factors Comput. Syst. - Proc., vol. 2, no. January 2010, pp. 1103–1106, 2010, doi: 10.1145/1753326.1753490.
[10] F. Binbeshr, M. L. Mat Kiah, L. Y. Por, and A. A. Zaidan, “A systematic review of PIN-entry methods resistant to shoulder-surfing attacks,†Comput. Secur., vol. 101, p. 102116, 2021, doi: 10.1016/j.cose.2020.102116.
[11] D. K. Yadav, B. Ionascu, S. V. K. Ongole, A. Roy, and N. Memon, “Design and analysis of shoulder surfing resistant PIN based authentication mechanisms on google glass,†Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 8976, pp. 281–297, 2015, doi: 10.1007/978-3-662-48051-9_21.
[12] S. Rajarajan, R. Kalita, T. Gayatri, and P. Priyadarsini, “SpinPad: A Secured PIN Number Based User Authentication Scheme,†2018 Int. Conf. Recent Trends Adv. Comput., pp. 53–59, 2018.
[13] S. Ahmed and Q. Mahmood, “An authentication based scheme for applications using JSON web token,†IEEE Sens. J., vol. 16, no. 1, pp. 254–264, 2016, doi: 10.1109/JSEN.2015.2475298.
[14] S. Z. Nizamani, S. R. Hassan, and R. A. Shaikh, “TQ-Model: A New Evaluation Model for Knowledge-Based Authentication Schemes,†Arab. J. Sci. Eng., vol. 45, no. 4, pp. 2763–2778, 2020, doi: 10.1007/s13369-019-04137-6.
[15] S. Dalimunthe, J. Reza, and A. Marzuki, “View of The Model for Storing Tokens in Local Storage (Cookies) Using JSON Web Token (JWT) with HMAC (Hash-based Message Authentication Code) in E-Learning Systems,†vol. 3, no. 2, pp. 149–155, 2022.
[16] S. Sciancalepore, G. Piro, D. Caldarola, G. Boggia, and G. Bianchi, “On the Design of a Decentralized and Multiauthority Access Control Scheme in Federated and Cloud-Assisted Cyber-Physical Systems,†IEEE Internet Things J., vol. 5, no. 6, pp. 5190–5204, 2018, doi: 10.1109/JIOT.2018.2864300.
[17] L. T. M. Blessing and A. Chakrabarti, DRM, a Design Research Methodology. 20189.
[18] I. Khairunisa and H. Kabetta, “PHP Source Code Protection Using Layout Obfuscation and AES-256 Encryption Algorithm,†Proc. - IWBIS 2021 6th Int. Work. Big Data Inf. Secur., pp. 133–138, 2021, doi: 10.1109/IWBIS53353.2021.9631842.
[19] M. L. Kambanou and T. Sakao, “Using Lifecycle Costing (Lcc) To Select Circular Measures: A discussion and practical approach,†no. Lcc, 2020.
[20] Y. Rosmansyah, M. Achiruzaman, and A. B. Hardi, “A 3D multiuser virtual learning environment for online training of agriculture surveyors,†J. Inf. Technol. Educ. Res., vol. 18, pp. 481–507, 2019, doi: 10.28945/4455.
[21] D. H. Nyang, A. Mohaisen, and J. Kang, “Keylogging-resistant visual authentication protocols,†IEEE Trans. Mob. Comput., vol. 13, no. 11, pp. 2566–2579, 2014, doi: 10.1109/TMC.2014.2307331.
[2] A. Huang, S. Gao, J. Chen, L. Xu, and A. Nathan, “High Security User Authentication Enabled by Piezoelectric Keystroke Dynamics and Machine Learning,†IEEE Sens. J., vol. 20, no. 21, pp. 13037–13046, 2020, doi: 10.1109/JSEN.2020.3001382.
[3] T. M. Ibrahim et al., “Recent advances in mobile touch screen security authentication methods: A systematic literature review,†Comput. Secur., vol. 85, pp. 1–24, 2019, doi: 10.1016/j.cose.2019.04.008.
[4] P. Markert, D. V. Bailey, M. Golla, M. Dürmuth, and A. J. Aviv, “On the Security of Smartphone Unlock PINs,†ACM Trans. Priv. Secur., vol. 24, no. 4, 2021, doi: 10.1145/3473040.
[5] D. H. Nyang et al., “Two-Thumbs-Up: Physical protection for PIN entry secure against recording attacks,†Comput. Secur., vol. 78, pp. 1–15, 2018, doi: 10.1016/j.cose.2018.05.012.
[6] M. Shahzad, A. X. Liu, and A. Samuel, “Secure unlocking of mobile touch screen devices by simple gestures,†Proc. 19th Annu. Int. Conf. Mob. Comput. Netw. - MobiCom ’13, p. 39, 2013.
[7] A. Souza, Ã. Cunha, and L. B Oliveira, “NomadiKey: User authentication for smart devices based on nomadic keys,†Int. J. Netw. Manag., vol. 28, no. 1, pp. 1–19, 2018, doi: 10.1002/nem.1998.
[8] W. Z. Khan, M. Y. Aalsalem, and Y. Xiang, “A Graphical Password Based System for Small Mobile Devices,†vol. 8, no. 5, pp. 145–154, 2011.
[9] A. De Luca, K. Hertzschuch, and H. Hussmann, “ColorPIN - Securing PIN entry through indirect input,†Conf. Hum. Factors Comput. Syst. - Proc., vol. 2, no. January 2010, pp. 1103–1106, 2010, doi: 10.1145/1753326.1753490.
[10] F. Binbeshr, M. L. Mat Kiah, L. Y. Por, and A. A. Zaidan, “A systematic review of PIN-entry methods resistant to shoulder-surfing attacks,†Comput. Secur., vol. 101, p. 102116, 2021, doi: 10.1016/j.cose.2020.102116.
[11] D. K. Yadav, B. Ionascu, S. V. K. Ongole, A. Roy, and N. Memon, “Design and analysis of shoulder surfing resistant PIN based authentication mechanisms on google glass,†Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 8976, pp. 281–297, 2015, doi: 10.1007/978-3-662-48051-9_21.
[12] S. Rajarajan, R. Kalita, T. Gayatri, and P. Priyadarsini, “SpinPad: A Secured PIN Number Based User Authentication Scheme,†2018 Int. Conf. Recent Trends Adv. Comput., pp. 53–59, 2018.
[13] S. Ahmed and Q. Mahmood, “An authentication based scheme for applications using JSON web token,†IEEE Sens. J., vol. 16, no. 1, pp. 254–264, 2016, doi: 10.1109/JSEN.2015.2475298.
[14] S. Z. Nizamani, S. R. Hassan, and R. A. Shaikh, “TQ-Model: A New Evaluation Model for Knowledge-Based Authentication Schemes,†Arab. J. Sci. Eng., vol. 45, no. 4, pp. 2763–2778, 2020, doi: 10.1007/s13369-019-04137-6.
[15] S. Dalimunthe, J. Reza, and A. Marzuki, “View of The Model for Storing Tokens in Local Storage (Cookies) Using JSON Web Token (JWT) with HMAC (Hash-based Message Authentication Code) in E-Learning Systems,†vol. 3, no. 2, pp. 149–155, 2022.
[16] S. Sciancalepore, G. Piro, D. Caldarola, G. Boggia, and G. Bianchi, “On the Design of a Decentralized and Multiauthority Access Control Scheme in Federated and Cloud-Assisted Cyber-Physical Systems,†IEEE Internet Things J., vol. 5, no. 6, pp. 5190–5204, 2018, doi: 10.1109/JIOT.2018.2864300.
[17] L. T. M. Blessing and A. Chakrabarti, DRM, a Design Research Methodology. 20189.
[18] I. Khairunisa and H. Kabetta, “PHP Source Code Protection Using Layout Obfuscation and AES-256 Encryption Algorithm,†Proc. - IWBIS 2021 6th Int. Work. Big Data Inf. Secur., pp. 133–138, 2021, doi: 10.1109/IWBIS53353.2021.9631842.
[19] M. L. Kambanou and T. Sakao, “Using Lifecycle Costing (Lcc) To Select Circular Measures: A discussion and practical approach,†no. Lcc, 2020.
[20] Y. Rosmansyah, M. Achiruzaman, and A. B. Hardi, “A 3D multiuser virtual learning environment for online training of agriculture surveyors,†J. Inf. Technol. Educ. Res., vol. 18, pp. 481–507, 2019, doi: 10.28945/4455.
[21] D. H. Nyang, A. Mohaisen, and J. Kang, “Keylogging-resistant visual authentication protocols,†IEEE Trans. Mob. Comput., vol. 13, no. 11, pp. 2566–2579, 2014, doi: 10.1109/TMC.2014.2307331.
Downloads
Published
2023-03-24
Issue
Section
Articles
How to Cite
[1]
H. Kabetta, H. Setiawan, F. Amelia, and M. Q. Fawzan, “Seamless Security on Mobile Devices Textual Password Quantification Model Based Usability Evaluation of Secure Rotary Entry Pad Authentication”, MATRIK, vol. 22, no. 2, pp. 299–308, Mar. 2023, doi: 10.30812/matrik.v22i2.2700.
Similar Articles
- Luh Kesuma Wardhani, Nenny Anggraini, Nashrul Hakiem, M. Tabah Rosyadi, Amin Rois, IoT-based Integrated System Portable Prayer Mat and DailyWorship Monitoring System , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 22 No. 3 (2023)
- Susandri Susandri, Ahmad Zamsuri, Nurliana Nasution, Yoyon Efendi, Hiba Basim Alwan, The Mitigating Overfitting in Sentiment Analysis Insights from CNN-LSTM Hybrid Models , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 24 No. 2 (2025)
- Muhammad Furqan Nazuli, Muhammad Fachrurrozi, Muhammad Qurhanul Rizqie, Abdiansah Abdiansah, Muhammad Ikhsan, A Image Classification of Poisonous Plants Using the MobileNetV2 Convolutional Neural Network Model Method , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 24 No. 2 (2025)
- Anthony Anggrawan, Raisul Azhar, Bambang Krismono Triwijoyo, Mayadi Mayadi, Developing Application in Anticipating DDoS Attacks on Server Computer Machines , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 20 No. 2 (2021)
- Siti Sauda, Eka Puji Agustini, Implementasi Prototype Model dalam Pengembangan Aplikasi Smart Cleaning Sebagai Pendukung Aplikasi Smart City , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 20 No. 1 (2020)
- Edi Ismanto, Januar Al Amien, Vitriani Vitriani, A Comparison of Enhanced Ensemble Learning Techniques for Internet of Things Network Attack Detection , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 23 No. 3 (2024)
- Dinny Komalasari, Maria Ulfa, Pengujian Usability Heuristic Terhadap Perangkat Lunak Pembelajaran Matematika , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 19 No. 2 (2020)
- Agung Yoga Pangestu, Rahmat Safe'i, Arief Darmawan, Hari Kaskoyo, Evaluasi Usability pada Web GIS Pemantauan Kesehatan Hutan Menggunakan Metode System Usability Scale (SUS) , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 20 No. 1 (2020)
- Suyanto Suyanto, Usman Ependi, Pengujian Usability dengan Teknik System Usability Scale pada Test Engine Try Out Sertifikasi , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 19 No. 1 (2019)
- Dewa Ayu Kadek Pramita, Ni Wayan Sumartini Saraswati, I Putu Dedy Sandana, Poria Pirozmand, I Kadek Agus Bisena, Optimizing Hotel Room Occupancy Prediction Using an Enhanced Linear Regression Algorithms , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 24 No. 1 (2024)
1-10 of 232
Next
You may also start an advanced similarity search for this article.
.png)
