Journal of the Korea Society of Computer and Information (한국컴퓨터정보학회논문지)

Korean Society of Computer Information (한국컴퓨터정보학회)
권호 표지
DOI QR코드

DOI QR Code

A study on User Authentication Technology of Numeric based Pattern Password

숫자기반의 패턴 형식 패스워드 사용자인증 기술

  • Ju, Seung-Hwan (Dept. of Computer Science Engineering, Korea University of Technology and Education) ;
  • Seo, Hee-Suk (Dept. of Computer Science Engineering, Korea University of Technology and Education)
  • 주승환 (한국기술교육대학교 컴퓨터공학과) ;
  • 서희석 (한국기술교육대학교 컴퓨터공학과)
  • Received : 2012.04.26
  • Accepted : 2012.08.02
  • Published : 2012.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

The traditional text-based password is vulnerable guessing, dictionary attacks, keyloggers, social engineering, stole view, etc. these vulnerability effect more serious problem in a mobile environment. In this study, By using the pattern number to enter the password of an existing four-digit numeric password, User easily use to new password system. The technology on pattern based numerical password authorization proposed in this paper would intensify the security of password which holds existing 10 numbers of cases by authorizing a user and would not invade convenience of use by providing high security and making users memorize only four numbers like old method. Making users not have inconvenience and raising complexity, it would have a strength to an shoulder surfing attack of an attacker. So I study password system that represents the shape-based of number. I propose the new password system to prevent peeking attacks and Brute-force attack, and this proposal is to review the security and usability.

기존의 텍스트 기반 패스워드들은 추측, 사전 공격, 키로거, 사회공학, 훔쳐 보기, 스파이웨어 등의 공격에 취약하고, 이는 모바일 환경에서 더욱 심각한 문제이다. 훔쳐보기 공격은 패스워드에 대한 대표적인 공격방법 중 하나로, 공격자는 로그인 과정을 직접 관찰하거나 사용자의 인증 과정을 녹화하는 방식으로 패스워드에 대한 정보를 얻을 수 있다. 이러한 취약점을 보완하기 위한 연구를 진행하였다. 본 논문에서 제안하는 패턴 기반의 숫자 패스워드 인증 기술에서는 길이가 긴 패턴 시퀀스로 사용자 인증함으로써 기존 패스워드의 보안성을 강화시키려 하였으며, 높은 보안성을 제공하면서 사용자로 하여금 4개의 숫자만을 기억하도록 하여 사용의 편의성은 침해하지 않으려 하였다. 그 결과로, 사용하기 편리하고 훔쳐보기 공격과 전사적 대입 공격을 방지하기 위한 새로운 패스워드 시스템을 제안하고 이에 대한 보안성과 유용성을 검토하고자 한다.

Keywords

References

  1. W. Jansen, "Authenticating mobile device users through image selection," The Internet Society: Advances in Learning, Commerce and Security, vol.1, pp.183-194, 2004.
  2. A. H. Lashkari, O. B. Zakaria, S. Farmand, and R. Saleh, "Shoulder surfing attack in graphical password authentication," International Journal of Computer Science and Information Security, vol.6, no.2, pp.145-154, 2009.
  3. X. Suo, Y. Zhu, and G. S. Owen, "Graphical passwords: A survey," Proc. of the 21st Annual Computer Security Applications Conference, pp.463-472, 2005.
  4. Hoanca, B. and K. Mock. Screen Oriented Technique for Reducing the Incidence of Shoulder Surfing. In Proceedings of International Conference on Security and Management (SAM). Las Vegas, Nevada, USA, 2005.
  5. RealUser, "www.realuser.com," last accessed in 2012.
  6. S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy, and N. Memon, "Authentication using graphical passwords: Basic results," in Human-Computer Interaction International (HCII 2005). Las Vegas, NV, 2005.
  7. S. Akula, V. Devisetty, "Image Based Registration and Authentication System," in Proceedings of Midwest Instruction and Computing Symposium, 2004.
  8. R. Dhamija and A. Perrig, "D'ej'a vu: a user study using images for authentication," in Proc. of the 9th conference on USENIX Security Symposium. Berkeley, CA, USA: USENIX Association, 2000.
  9. Gunyoung Moon, Jonguk Kim, Manpyo Hong, "A Graphical Password Scheme Resistant to Shoulder Surfing Attack in Mobile Environments", Korea Information Science Society, Journal of KISS: Computing Practices and Letters, No. 18 No. 1 page (s): 90-94, 2012.
  10. Seung-hwan Ju, Hee-suk Seo, "Password Based User Authentication Methodology Using Multi-Input on Multi-Touch Environment," Journal of the Korea Society for Simulation, Vol 20, No 1, 2011.

Cited by

  1. Suitable Health Pattern Type Mapping Techniques in Body Mass Index vol.21, pp.2, 2012, https://doi.org/10.9708/jksci.2016.21.2.105