This research investigates the use of a multi-threaded framework as a software countermeasure mechanism to prevent attacks on the verifypin process in a pin-acceptance program. The implementation comprises of using various mathematical operations along side a pin-acceptance program in a multi-threaded environment. These threads are inserted randomly on each execution of the program to create confusion for the attacker. Moreover, the research proposes a more improved version of the pin-acceptance program by segmenting the pro-gram. The conventional approach is to check each character one at a time. This research takes the verifying process and separates each character check into its individual thread. Furthermore, the order of each verified thread is randomised. This further assists in the obfuscation of the process where the system checks for a correct character. Finally, the research demonstrates it is able to be more secure than the conventional countermeasures of random time delays and insertion of dummy code.
Reference:
Frieslaar, I. and Irwin, B. 2016. A multi-threading approach to secure VERIFYPIN. 2016 2nd International Conference on Frontiers of Signal Processing (ICFSP), 15-17 October 2016, Warsaw, Poland, p. 32-37. DOI: 10.1109/ICFSP.2016.7802952
Frieslaar, I., & Irwin, B. (2016). A multi-threading approach to secure VERIFYPIN. IEEE. http://hdl.handle.net/10204/9117
Frieslaar, Ibraheem, and B Irwin. "A multi-threading approach to secure VERIFYPIN." (2016): http://hdl.handle.net/10204/9117
Frieslaar I, Irwin B, A multi-threading approach to secure VERIFYPIN; IEEE; 2016. http://hdl.handle.net/10204/9117 .
Copyright: 2016 IEEE. Due to copyright restrictions, the attached PDF file only contains the abstract of the full text item. For access to the full text item, please consult the publisher's website.