Skip to main content
SpringerLink
Log in

Distributed PIN Verification Scheme for Improving Security of Mobile Devices

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

The main driving force for the rapid acceptance rate of small sized mobile devices is the capability to perform e-commerce transactions at any time and at any place, especially while on the move. There are, however, also weaknesses of this type of e-commerce, often called mobile e-commerce, or m-commerce. Due to their small size and easy portability mobile devices can easily be lost or stolen. Whereas the economic values and privacy threats protected with Personal Identification Numbers (PIN) are not particularly high for normal voice-enabled mobile phones, this is not true any more when phones have developed to Personal Trusted Devices (PTDs). Still, PINs are used also in this new context for authorization and identification purposes. PINs are currently used both for protection of the devices and for authentication, as well as authorization of the users. It is commonly recognized that not many techniques of storing the PINs into the memory of the device or on the SIM card are safe. Even less sophisticated thieves might uncover the PIN inside the stolen mobile devices and for sophisticated thieves uncovering the PIN stored “safely” might be possible. In this paper we propose a new scheme to cope with the problem of uncovering the PIN that reduces the risks of m-commerce. The basic idea is that instead of storing the entire PIN digits (or some hash value) in the mobile device, we store part of the PIN in a remote machine in the network. The PIN verification then involves both the mobile device and the remote machine, which must verify their respective parts of the PIN. Also, the improvements of the security over the existing schemes are shown using a probabilistic model. In the best case, where the probability of discovering the PIN irrespective of the storage scheme is negligible in relation to directly uncovering it, the increase in security is over 1000%.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. T. Brooks and M. Davis, Are your phone bills fraud free?, Security Management 38(4) (1994) 67–68.

    Google Scholar 

  2. A. Devine and S. Holmqvist, Mobile Internet content providers and their business models, Masters Thesis, Stockholm Kungl Tekniska Högskolan (January 2001) http: //www.japaninc.net/online/sc/master/_thesis/_as1.pdf

  3. A.K. Gosh and T.M. Swaminatha, Software security and privacy risks in mobile e-commerce, Communications of the ACM 44(2) (2001) 51–57.

    Google Scholar 

  4. B. Humphreys, PIN code hackers rip off Moscow, The St. Petersburg Times 511 (October 22, 1999) http://www.sptimes.ru/ archive/times/511/pin.htm

  5. Mobile telephone crime, United Kingdom, Parliamentary Office of Science and Technology, Science in Parliament 52(6) (1995) 27–30.

    Google Scholar 

  6. Nokia 9210 Communicator, http: //www.nokia.com

  7. S. Philippsohn, Trends in cybercrime ‐ An overview of current financial crimes on the Internet, Computers & Security 20 (2001) 53–69.

    Google Scholar 

  8. R. Pond1, J. Podd, J. Bunnell and Henderson, Word association computer passwords: The effect of formulation techniques on recall and guessing rates, Computers & Security 19(7) (2000) 645–656.

    Google Scholar 

  9. Radiccio, http: //www.radicchio.org

  10. R.G. Smith, Preventing mobile telephone crime, in: Communications Research Forum, Melbourne (1996) http://www.aic.gov.au/conferences/other/smith.html

  11. Sonera Smartrust, http: //www.smarttrust.com

  12. D.V. Thanh, Security issues in mobile commerce, in: Proceedings of the First International Conference on Electronic Commerce and Web Technologies (EC-Web 2000), London (2000) pp. 412–425.

  13. The Biometric Industry report (December 2000) http://www.biometrics-today.com/report.htm

  14. A. Turner, Internet contributes to increase in identity theft, Fairfax IT (September 1, 2000) http://www.it.fairfax.com.au/breaking/20000901/A41152-2000Sep1.html#top

  15. J. Veijalainen, Transactions in Mobile Electronic Commerce, Lecture Notes in Computer Science, Vol. 1773 (Springer, 1999) pp. 208–229.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Memorial University of Newfoundland, St. John's, Newfoundland, A1B 3X5, Canada

    Jian Tang

  2. Department of Mathematical Information Technology, University of Jyväskylä, P.O. Box 35, FIN-, 40351, Jyväskylä, Finland

    Vagan Terziyan

  3. Department of Computer Science and Information Systems, University of Jyväskylä, P.O. Box 35, FIN-, 40351, Jyväskylä, Finland

    Jari Veijalainen

Authors
  1. Jian Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vagan Terziyan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jari Veijalainen
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

About this article

Cite this article

Tang, J., Terziyan, V. & Veijalainen, J. Distributed PIN Verification Scheme for Improving Security of Mobile Devices. Mobile Networks and Applications 8, 159–175 (2003). https://doi.org/10.1023/A:1022289231864

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1023/A:1022289231864

Search

Navigation