Researchers working through Carnegie Mellon University's CyLab have devised a new kind of security system that aims to block observation attacks and could be used to prevent snoopers from catching a glimpse of your PIN when you use an ATM. The researchers have published a paper (PDF) that describes their prototype system and reveals the results of usability study conducted on the machine with 38 participants.

When the researchers created their prototype, which is called Undercover and was built with a Lego Mindstorms robot, they attempted to come up with a system that would be easy to use but would limit vulnerability to common attacks. Unlike many conventional security systems which use some kind of secret response like a password, the Undercover system partially obfuscates the query instead. The Undercover system does this by making the query use both visual cues from images and tactile cues which are provided by a rotating and vibrating ball that the user covers with their hand.

"Our proposal is the first to rely on the human ability to simultaneously process multiple sensory inputs to authenticate, and is resilient to most observation attacks," the study explains. "Our results show that users can authenticate within times comparable to that of graphical password schemes, with relatively low error rates, while being considerably better protected against observation attacks. Our design and evaluation process allows us to outline design principles for observation-resilient authentication systems."

Prior to authentication, the users selects a series of images for their identity portfolio. These images are displayed to the user during authentication along with other images that are randomly selected as distractors. During the authentication process, the user will be presented with a selection of images and must hit one of a series of buttons to indicate if any of the images are from their identity portfolio. The response associated with each of the buttons is variable and is revealed to the user through tactile indicators from the rotating ball. Since the system changes the user's response parameters with the obscured ball's behavior, repeated viewing of multiple authentications will not enable the attacker to ascertain which images are part of the user's portfolio.





The Undercover prototype unit





The Lego Mindstorms robot inside of the Undercover prototype unit

During extensive testing, the researchers found that the Undercover prototype system was significantly less vulnerable than conventional PINs to over-the-shoulder snooping and other similar kinds of low-tech phishing. The researchers also discovered that the system provides adequate ease of use for general adoption.

The Undercover prototype was primarily created with the ATM use case in mind, but the researchers note that it could be adapted for use in any number of authentication input scenarios including computer login and unlocking a cell phone. The researchers also point out that an image-based system is less vulnerable to conventional phishing because it precludes the possibility of creating fake authentication sessions to entrap unwary users.

Further reading