Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

IFTT-PIN: A Self-Calibrating PIN-Entry Method

Kathryn McConkey, Talha Enes Ayranci, Mohamed Khamis, Jonathan Grizou

TL;DR

This paper introduces self-calibration as a paradigm to personalize interfaces without explicit calibration, using IFTT-PIN as a case study. IFTT-PIN lets users assign meanings to on-screen buttons on the fly and infers both the PIN digits and the button mappings. A user study (N=24) against shoulder-surfing attacks shows significantly reduced decoding rates (about 8.5x) with a modest 1.4x decrease in entry rate, yielding a favorable security-usability trade-off. The findings suggest self-calibrating interfaces can be memorable and have potential for broader, more inclusive interactive devices, with future work proposed to expand applications and refine usability.

Abstract

Personalising an interface to the needs and preferences of a user often incurs additional interaction steps. In this paper, we demonstrate a novel method that enables the personalising of an interface without the need for explicit calibration procedures, via a process we call self-calibration. A second-order effect of self-calibration is that an outside observer cannot easily infer what a user is trying to achieve because they cannot interpret the user's actions. To explore this security angle, we developed IFTT-PIN (If This Then PIN) as the first self-calibrating PIN-entry method. When using IFTT-PIN, users are free to choose any button for any meaning without ever explicitly communicating their choice to the machine. IFTT-PIN infers both the user's PIN and their preferred button mapping at the same time. This paper presents the concept, implementation, and interactive demonstrations of IFTT-PIN, as well as an evaluation against shoulder surfing attacks. Our study (N=24) shows that by adding self-calibration to an existing PIN entry method, IFTT-PIN statistically significantly decreased PIN attack decoding rate by ca. 8.5 times (p=1.1e-9), while only decreasing the PIN entry encoding rate by ca. 1.4 times (p=0.02), leading to a positive security-usability trade-off. IFTT-PIN's entry rate significantly improved 21 days after first exposure (p=3.6e-6) to the method, suggesting self-calibrating interfaces are memorable despite using an initially undefined user interface. Self-calibration methods might lead to novel opportunities for interaction that are more inclusive and versatile, a potentially interesting challenge for the community. A short introductory video is available at https://youtu.be/pP5sfniNRns.

IFTT-PIN: A Self-Calibrating PIN-Entry Method

TL;DR

This paper introduces self-calibration as a paradigm to personalize interfaces without explicit calibration, using IFTT-PIN as a case study. IFTT-PIN lets users assign meanings to on-screen buttons on the fly and infers both the PIN digits and the button mappings. A user study (N=24) against shoulder-surfing attacks shows significantly reduced decoding rates (about 8.5x) with a modest 1.4x decrease in entry rate, yielding a favorable security-usability trade-off. The findings suggest self-calibrating interfaces can be memorable and have potential for broader, more inclusive interactive devices, with future work proposed to expand applications and refine usability.

Abstract

Personalising an interface to the needs and preferences of a user often incurs additional interaction steps. In this paper, we demonstrate a novel method that enables the personalising of an interface without the need for explicit calibration procedures, via a process we call self-calibration. A second-order effect of self-calibration is that an outside observer cannot easily infer what a user is trying to achieve because they cannot interpret the user's actions. To explore this security angle, we developed IFTT-PIN (If This Then PIN) as the first self-calibrating PIN-entry method. When using IFTT-PIN, users are free to choose any button for any meaning without ever explicitly communicating their choice to the machine. IFTT-PIN infers both the user's PIN and their preferred button mapping at the same time. This paper presents the concept, implementation, and interactive demonstrations of IFTT-PIN, as well as an evaluation against shoulder surfing attacks. Our study (N=24) shows that by adding self-calibration to an existing PIN entry method, IFTT-PIN statistically significantly decreased PIN attack decoding rate by ca. 8.5 times (p=1.1e-9), while only decreasing the PIN entry encoding rate by ca. 1.4 times (p=0.02), leading to a positive security-usability trade-off. IFTT-PIN's entry rate significantly improved 21 days after first exposure (p=3.6e-6) to the method, suggesting self-calibrating interfaces are memorable despite using an initially undefined user interface. Self-calibration methods might lead to novel opportunities for interaction that are more inclusive and versatile, a potentially interesting challenge for the community. A short introductory video is available at https://youtu.be/pP5sfniNRns.
Paper Structure (38 sections, 1 equation, 5 figures, 5 tables)

This paper contains 38 sections, 1 equation, 5 figures, 5 tables.

Table of Contents

  1. Introduction
  2. Contributions
  3. Understanding ROTH
  4. Interface Design
  5. Interaction Vocabulary
  6. Decision Principle
  7. ROTH Interactive Demonstration
  8. Understanding IFTT-PIN
  9. Interface Design
  10. Assumptions
  11. Self-calibration Principle
  12. IFTT-PIN Interactive Demonstration
  13. Evaluating IFTT-PIN
  14. Shoulder surfing attacks
  15. Evaluation Framework
  16. ...and 23 more sections

Figures (5)

  • Figure 1: Breakdown of our ROTH interface.
  • Figure 2: Elements of language. An action conveys a meaning that is used to infer an intent.
  • Figure 3: One step of the inference process in ROTH where the action-to-meaning mapping is known.
  • Figure 4: Top: Changes between ROTH and IFTT-PIN. We increased the number of buttons from 2 to 9 to increase the possible color patterns from 2 to 510, and buttons are now undefined (black). Bottom: Examples of choice of button-to-color mapping. At least one button should be assigned to yellow and one to gray.
  • Figure 5: Illustration of inconsistency detection for digits 0 to 3 after one, four, and eight clicks from a typical interaction. After each iteration, a dot is placed on the button pressed by the user and is colored of the same color as was the color of the digit when the button was pressed. Green squares highlight buttons of interest for which hypothesis is consistent. Red ones highlight inconsistencies, meaning the same button would have been used to mean two different colors. Notice how none of the hypotheses share the same button-to-color mapping, yet several mappings can remain consistent for many steps. For example, after 4 clicks, hypothesis 1 and 3 disagree on the color to assign to the middle button. Yet, in both cases, the usage of the button is consistent and thus both hypotheses remain valid.