The Journal of the Korea Contents Association (한국콘텐츠학회논문지)

The Korea Contents Association (한국콘텐츠학회)
권호 표지
DOI QR코드

DOI QR Code

Hangul Password System for Preventing Shoulder-Surfing

훔쳐보기 방지를 위한 한글 패스워드 시스템

  • 김종우 (부산대학교 U-Port정보기술산학공동사업단) ;
  • 김성환 (부산대학교 컴퓨터공학과) ;
  • 박선영 (부산대학교 컴퓨터공학과) ;
  • 조환규 (부산대학교 컴퓨터공학과)
  • Received : 2010.11.09
  • Accepted : 2011.01.19
  • Published : 2011.04.28
Download PDF
⟨ Previous Next ⟩

Abstract

Although conventional text-based passwords are used as the most common authentication method, they have significant drawbacks such as guess attacks, dictionary attacks, key loggers, and shoulder-surfing. To address the vulnerabilities of traditional text-based passwords, graphical password schemes have been developed as possible alternative solutions, but they have a potential drawback that they are more vulnerable to shoulder-surfing than conventional text-based passwords. In this paper, we present a new Hangul password input method to prevent shoulder-surfing attacks. Our approach uses Hangul as a password, and it requires the users to locate their password in the given wheeling password grid instead of entering the password. Our approach makes it difficult for attackers to observe a user's password since the system shows the users' passwords with decoy characters as the noise on the screen. Also, we provide security analysis for random attacks, dictionary attacks, and shoulder-surfing attacks, and it shows that our password system is robust against these attacks.

전통적인 텍스트 기반 패스워드들은 가장 일반적인 인증 방법으로 사용되고 있음에도 불구하고, 추측, 사전공격, 키 로거, 훔쳐보기와 같은 심각한 문제점을 가지고 있다. 이러한 문제점을 개선하기 위한 대안으로 그래피컬 패스워드에 대한 연구 및 개발이 이루어져 왔다. 하지만 그래피컬 패스워드는 전통적인 텍스트 기반 패스워드에 비해 오히려 훔쳐보기 공격에 더 취약하다는 문제점을 가지고 있다. 본 논문에서는 훔쳐보기 방지를 위한 한글 기반의 새로운 패스워드 입력 방법을 제안한다. 제안 방법은 패스워드로 한글을 사용하고, 사용자가 패스워드를 직접 입력하는 대신 회전하는 그리드 상에 패스워드를 위치시키도록 한다. 제안 방법은 로그인 화면에서 사용자의 패스워드를 유인 문자와 함께 보여줌으로써 공격자가 패스워드를 훔쳐보는 것을 어렵게 만든다. 본 논문에서는 제안 방법에 대한 무작위 공격, 사전공격 및 훔쳐보기 공격에 대한 안전성을 분석하였으며, 분석 결과는 이들 공격에 대해 안전하다는 것을 보여준다.

Keywords

References

  1. A. H. Lashkari, O. B. Zakaria, S. Farmand, and R. Saleh, "Shoulder surfing attack in graphical password authentication," International Journal of Computer Science and Information Security, Vol.6, No.2, pp.145-154, 2009.
  2. I. Jermyn, A. Mayer, F. Monrose, M. Reiter, and A. Rubin, "The design and analysis of graphical passwords," Proc. of the 8th USENIX Security Symposium, 1999.
  3. http://www.gridsure.com/
  4. http://www.passfaces.com/
  5. X. Suo, Y. Zhu, and G. S, Owen, "Graphical passwords: A survey," Proc. of the 21st Annual Computer Security Applications Conference, pp.463-472, 2005.
  6. S. Chiasson, P. C. van Oorschot, and R. Biddle, "Graphical password authentication using cued click points," Proc. of ESORICS 2007, pp.359-374, 2007.
  7. H. Tao and C. Adams, "Pass-go: A proposal to improve the usability of graphical passwords," International Journal of Network Security, Vol.7, No.2, pp.273-292, 2008.
  8. D. Weinshall, "Cognitive authentication schemes safe against spyware," Proc. of IEEE Symposium on Security and Privacy, pp.295-300, 2006. https://doi.org/10.1109/SP.2006.10
  9. Y. Berger, A. Wool, and A. Yeredor, "Dictionary attacks using keyboard acoustic emanations," Proc. of the 13th ACM Conf. on Computer and Communications Security, pp.245-254, 2006.
  10. M. G. Kuhn, "Electromagnetic evaesdropping risks of flat-panel displays," Proc. of the 4th Workshop on Privacy Enhancing Technologies, pp.23-25, 2004.
  11. B. Hoanca and K. Mock, "Screen oriented technique for reducing the incidence of shoulder surfing," Proc. of the Int. Conf. on Security and Management 2005, pp.334-340, 2005.
  12. S. Wiedenbeck, J. Waters, L. Sobrado, and J.-C. Birget, "Design and evaluation of a shoulder-surfing resistant graphical password scheme," Proc. of AVI 2006, pp.177-184, 2006.
  13. M. Kumar, T. Garfinkel, D. Boneh, and T. Winograd, "Reducing shoulder-surfing by using gaze-based password entry," Proc. of the Symposium On Usable Privacy and Security, pp.13-19, 2007.
  14. D. S. Tan, P. Keyani, and M. Czerwinski, "Spy-resistant keyboard: More secure password entry on public touch screen displays," Proc. of 17th Australia Conf. on Computer-Human Interaction, pp.1-10, 2005.