Logo image
Back
A Secure Augmented Reality (AR)-Based Authentication Mechanism for Automated Teller Machines
Journal article   Open access   Peer reviewed

A Secure Augmented Reality (AR)-Based Authentication Mechanism for Automated Teller Machines

Md. Touhid Islam, Md Yeasin Ali, Md. Ishmam Tasin, Md. Masum Alam Nahid, Fairuz Rahaman Chowdhury, Hossain Shahriar, Farida Chowdhury, S. M. Taiabul Haque and Md Sadek Ferdous
IEEE access, Vol.14, pp.39926-39948
03/04/2026
DOI: https://doi.org/10.1109/ACCESS.2026.3670319
Web of Science ID: WOS:001717581500029

Metrics

1 Record Views

Abstract

Personal Identification Numbers (PINs) are widely used for authentication in systems like ATMs due to their simplicity. However, in public or monitored environments, they remain highly vulnerable to shoulder-surfing attacks via direct observation, CCTV recording, or eavesdropping. This research proposes an Augmented Reality (AR) solution that overlays a randomized PIN layout on the user's smartphone, creating an additional visual security layer without requiring hardware modifications to existing ATMs. Using the Design Science Research Methodology, we define system requirements and a comprehensive threat model based on STRIDE, extended with ATM-specific scenarios. To ensure real-world applicability, the system is designed to comply with the ISO-8583 financial messaging standard, marking the first academic effort to do so in this context. A secure PIN layout is generated using the Mersenne Twister PRNG combined with the Fisher-Yates shuffle algorithm, ensuring unpredictability in the augmented PIN pads. Despite the introduction of virtual pinpad, the system does not replace the use of physical pinpad and maintains compliance with the logical security requirements of Electronic Pinpads (EPP) as defined by the PCI Security Standards Council. We perform a formal security analysis using $ProVerif$ , and represent the adversary's state progression using a Markov Chain model and use Monte Carlo simulations to quantify the attacker's success probability, showing that the proposed system significantly outperforms traditional ATMs, with resistance increasing quadratically as: Y = 0.25x(2) + 0.91x + 0.22 . Finally, a user study confirms a positive attitude toward adoption of this user-centric approach, where users have increased control over the interface while entering PIN.
url
A Secure Augmented Reality (AR)-Based Authentication Mechanism for Automated Teller MachinesView
Published (Version of record) link to article Open CC BY V4.0

Related links

Details

Logo image