Design of a Resilient System against Shoulder Surfing Attack: Adaptable to USSD Channel

Abstract

Abstract The most widely accepted authentication method involves the use of a personal identification number (PIN). This method is applicable across many technologies, of which one of which is Unstructured Supplementary service data (USSD). USSD is a capability built into Global System for Mobile Communication (GSM) mobile phones. In some third-world countries like Nigeria, this technology is used in carrying out financial transactions. It has been observed that while carrying out banking transactions using this technology, users' PIN entered for authentication appears in plain text on the mobile interface, thereby subjecting it to shoulder surfing attacks. Findings revealed that users' PIN appears in plain text because USSD technology is designed to convey only textual data. That is why many existing authentication methods against Human shoulder surfing attack which contains features like images, colors, or graphical password, that can provide security to users' PIN on mobile interface are not implemented on the USSD channel. This research is, therefore, on the design of a new authentication method that can provide security to users’ PIN at the mobile interface, against shoulder surfing attacks which can be implemented on the USSD channel. In this method, the challenge response approach is adopted to provide a secure PIN entry method in the presence of a human shoulder surfer, using the Randomization obfuscation method that randomly places the user's chosen PIN within randomly generated 10-digit numbers, in Left to Right order. For further security, the model designed named “Mobisafe” include features like; Bag of Soft Biometrics (BoSB) details and one-time password (OTP).