A birthday present every eleven wallets? The security of customer-chosen banking PINs

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 7397 LNCS, Issue , 2012, Pages 25-40

  Bonneau, Joseph ^a   Preibusch, Sören ^a   Anderson, Ross ^a  

^a UNIVERSITY OF CAMBRIDGE   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

ATM CARDS; BANKING CUSTOMERS; DOMINANT FACTOR; REGRESSION MODEL;

CRYPTOGRAPHY; REGRESSION ANALYSIS; SALES;

SECURITY OF DATA;

EID: 84865812253     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-32946-3_3     Document Type: Conference Paper

References (21)

1. EMV Integrated Circuit Card Standard for Payment Systems version 4.2. EMVco (2008)
2. Issuer PIN Security Guidelines. Technical report, VISA (November 2010)
3. ISO 9564:2011 Financial services - Personal Identification Number (PIN) management and security. International Organisation for Standardisation (2011)
4. Bátiz-Lazo, B., Reid, R.J.: The Development of Cash-Dispensing Technology in the UK. IEEE Annals of the History of Computing 33, 32-45 (2011)
5. Bond, M., Zieliński, P.: Decimalisation table attacks for PIN cracking. Technical Report UCAM-CL-TR-560, University of Cambridge (January 2003)
6. Bonneau, J., Just, M., Matthews, G.: What's in a Name? Evaluating Statistical Attacks against Personal Knowledge Questions. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 98-113. Springer, Heidelberg (2010)
7. Boztas, S.: Entropies, Guessing, and Cryptography. Technical Report 6, Department of Mathematics, Royal Melbourne Institute of Technology (1999)
8. Burr, W.E., Dodson, D.F., Polk, W.T.: Electronic Authentication Guideline. NIST Special Publication 800-63 (April 2006)
9. Cachin, C.: Entropy measures and unconditional security in cryptography. PhD thesis, ETH Zürich (1997)
10. Drimer, S., Murdoch, S.J., Anderson, R.: Optimised to Fail: Card Readers for Online Banking. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 184-200. Springer, Heidelberg (2009)
11. Florêncio, D., Herley, C.: A large-scale study of web password habits. In: WWW 2007: Proceedings of the 16th International Conference on World Wide Web, pp. 657-666. ACM, New York (2007)
12. Ivan, A., Goodfellow, J.: Improvements in or relating to Customer-Operated Dispensing Systems. UK Patent #GB1197183 (1966)
13. Kuhn, M.: Probability Theory for Pickpockets-ec-PIN Guessing. Technical report, Purdue University (1997)
14. Massey, J.L.: Guessing and Entropy. In: Proceedings of the 1994 IEEE International Symposium on Information Theory, p. 204 (1994)
15. Morris, R., Thompson, K.: Password security: a case history. Commun. ACM 22(11), 594-597 (1979)
16. Murdoch, S.J., Drimer, S., Anderson, R., Bond, M.: Chip and PIN is Broken. In: IEEE Symposium on Security and Privacy, pp. 433-446 (2010)
17. Pliam, J.O.: On the Incomparability of Entropy and Marginal Guesswork in Brute-Force Attacks. In: Roy, B., Okamoto, E. (eds.) INDOCRYPT 2000. LNCS, vol. 1977, pp. 67-79. Springer, Heidelberg (2000)
18. Singh, S., Cabraal, A., Demosthenous, C., Astbrink, G., Furlong, M.: Password Sharing: Implications for Security Design Based on Social Practice. In: CHI 2007: Proceedings of the SIGCHI Conference on Human factors in Computing Systems, pp. 895-904. ACM, New York (2007)
19. Spafford, E.: Observations on Reusable Password Choices. In: Proceedings of the 3rd USENIX Security Workshop (1992)
20. van Oorschot, P.C., Thorpe, J.: On Predictive Models and User-Drawn Graphical Passwords. ACM Trans. Inf. Syst. Secur. 10(4), 1-33 (2008)
21. Weir, M., Aggarwal, S., Collins, M., Stern, H.: Testing metrics for password creation policies by attacking large sets of revealed passwords. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 162-175. ACM, New York (2010)