한국컴퓨터정보학회논문지 (Journal of the Korea Society of Computer and Information)

  • 제20권1호
  • /
  • Pages.119-125
  • /
  • 2015
  • /
  • 1598-849X(pISSN)
  • /
  • 2383-9945(eISSN)
한국컴퓨터정보학회 (Korean Society of Computer Information)
권호 표지
DOI QR코드

DOI QR Code

이중 표시 방법을 이용한 패스워드 기반 사용자 인증 기법

Password-based user authentication scheme using a dual-display method

  • 용승림 (인하공업전문대학 컴퓨터시스템과)
  • Yong, Seung-Lim (Dept. of Computer systems and engineering, Inha technical college)
  • 투고 : 2015.01.03
  • 심사 : 2015.01.17
  • 발행 : 2015.01.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

본 논문에서는 모바일 환경에서 훔쳐보기 공격에 안전하면서도 사용자 편의성이 뛰어난 패스워드 입력 방식을 제안한다. 제안 기법은 기존의 PIN방식과 같은 숫자 패스워드 입력 방식이다. 하나의 버튼은 숫자와 색, 두가지의 정보를 이중으로 표시하도록 한다. 사용자는 한 버튼 내에 있는 색이나 숫자 정보 중 하나를 선택하여 패스워드로 입력하도록 한다. 제안한 기법에서 공격자는 사용자가 색과 숫자 어느 것을 입력한 것인지 모르기 때문에, 훔쳐보기 공격으로부터 안전할 수 있다. 또한 숫자와 색 정보의 무작위 변경을 통하여 스머지(Smudge) 공격과 패스워드 추측 공격에도 강인하도록 한다.

In this paper, we propose a user friendly password input method for mobile devices which is secure against SSA. The proposed method is a numeric password input method such as a conventional PIN method. One of the buttons, numbers and colors, so as to display the two pieces of information to double. The user can select one of the colors or numbers within one button to type in the password. Because an attacker does not know whether the user has entered any color and number, the proposed technique is safe from the SSA. Also to be secure for smudge attacks and password guessing attacks through random changes in the number and color information.

키워드

참고문헌

  1. Y. Berger, A. Wool, and A. Yeredor, "Dictionary attacks using keyboard acoustic emanations," Proceeding of the 13th ACM Conf. on Computer and Communications Security, pp.245-254, 2006.
  2. M. G. Kuhn, "Electromagnetic evesdropping risks of flat-panel displays," Proceeding of the 4th Workshop on Privacy Enhancing Technologies, pp.23-25, 2004.
  3. S. Wiedenbeck, J.Water, L.Sobrado, and J. Birget, " Design and evaluation of a shoulder-surfing resistant graphical password scheme," Proceeding of the Advanced Visual Interfaces, pp. 177-184, 2006.
  4. A. J. Aviv, et al., "Smudge Attacks on Smartphone Touch Screens," Proceedings of the 4th USENIX conference on Offensive technologies, 2010.
  5. F.Tari, A. Ozol and S.H.Holden, "A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords," Proceeding of the second symposium on usable privacy and security, 2006.
  6. V. Roth, K. Richter, and R. Freidinger, "A PIN-entry method resilient against shoulder surfing," Proceedings of ACM Conf. Computer Communication and Security, pp. 236-245, 2004.
  7. M-K. Lee, "Security notions and advanced method for human shoulder-surfing resistant PIN-entry," IEEE Transactions on Information Forensics and Security, vol. 9, no. 4, pp.695-708, Apr. 2014. https://doi.org/10.1109/TIFS.2014.2307671
  8. A. D. Luca, K. Hertzshuch, and H. Hussmann, "ColorPin-securing PIN Entry through indirect input", International Conference on Human Factors in Computing Systems, pp. 1103-1106, 2010.
  9. G. E. Blonder, "Graphical passwords", United States Patent 5559961, 1996.
  10. Paul Dunphy, James Nicholson and Patrick Olivier, Securing passfaces for description, Proceedings of the 4th symposium on Usable privacy and security, 2008.
  11. Jermyn, I., Mayer A., Monrose, F., Reiter, M., and Rubin, "The design and analysis of graphical passwords", Proceedings of USENIX Security Symposium, 1999.
  12. H. Zhao and X. Li, "S3PAS: A Scalable Shoulder-Surfing Resistant Textual-Graphical Password Authentication Scheme," Proceedings. of 21st international Conference on Advanced Information Networking and Applications Workshops, 2007

피인용 문헌

  1. A novel secure and efficient hash function with extra padding against rainbow table attacks pp.1573-7543, 2018, https://doi.org/10.1007/s10586-017-0886-4