DOI QR코드

DOI QR Code

스마트폰에서 가속도 센서와 진동 센서를 이용한 PIN 입력 기법

Technique for PIN Entry Using an Accelerometer Sensor and a Vibration Sensor on Smartphone

  • 투고 : 2017.07.20
  • 심사 : 2017.08.16
  • 발행 : 2017.12.31

초록

스마트폰의 가속도 센서로 사용자의 걸음이나 행동을 분석하여 사용자 인증을 하는 연구는 이전에도 있었으나, PIN 입력에 적용하기에는 사용자 편의성이 낮아서 부족한 면이 있었다. 이 논문에서는 스마트폰의 스크린을 직접 터치하는 것이 아니라, 스마트폰의 진동 센서와 가속도 센서를 이용하여 PIN을 입력하는 기법을 제안한다. 우리는 제안한 기법을 이용하여 사용성 실험을 진행하였고 사용자가 이 기법에 익숙해짐에 따라 사용성이 높아진다는 것과 그로인해 평균 12.9초, 100%의 확률로 PIN을 입력할 수 있다는 것을 확인하였다. 또한 보안성 실험을 통해 공격자가 촬영 공격을 이용하여 사용자를 공격했을 때 공격 성공률이 0%이였다는 것과 그로인해 기존에 존재하는 PIN 입력 기법보다 안전하다는 것을 확인하였다. 결과적으로 충분히 사용될 수 있는 기법이라는 것을 확인하였다.

There have been previous researches about user authentication by analyzing the user's gait or behavior or action using the accelerometer sensor of smartphone, but there was a lack of user convenience to apply PIN entry. In this paper, we propose the technique for PIN entry without a touch on smartphone, the technique uses an accelerometer sensor and a vibration sensor built in the smartphone to enter the PIN. We conducted a usability experiment using the proposed technique and confirmed that the usability can be increased according to users become accustomed to this technique and that the users can enter PIN with 12.9 seconds and a probability of 100% on average. Also we conducted a security experiment and confirmed that an attack success rate is 0% when an attacker attacked the user using the recording attack and that it is more secure than the previous PIN entry technique. As a result, we was able to confirm that this technique can be used sufficiently.

키워드

참고문헌

  1. C. Adams, "Personal Identification Number (PIN)," Encyclopedia of Cryptography and Security, pp.927, 2011.
  2. S. B. Lee, "Simple Payment Market, still in Warring States period," Industry Report on Kyobo Securities Co., Ltd. Research Center, 2016.
  3. A. Aviv, K. Gibson, E. Mossop, M. Blaze, and J. Smith, "Smudge Attacks on Smartphone Touch Screens," WOOT '10 Proceedings of the 4th USENIX Conference on Offensive Technologies, Washington, 2010.
  4. F. Mohsen and M. Shehab, "Android Keylogging Threat," 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, Texas, 2013.
  5. W. Goucher "Look behind you: the dangers of shoulder surfing," Computer Fraud & Security, Vol.2011, Iss.11, pp.17-20. 2011. https://doi.org/10.1016/S1361-3723(11)70116-6
  6. Q. Yue, Z. Ling, X. Fu, B. Liu, W. Yu, and W. Zhao, "My google glass sees your passwords!," in Proceedings of the Black Hat USA 2014, Las Vegas, 2014.
  7. D. Gafurov, E. Snekkenes, and P. Bours, "Gait Authentication and Identification Using Wearable Accelerometer Sensor," 2007 IEEE Workshop on Automatic Identification Advanced Technologies, Alghero, 2007.
  8. J. S. Seo and J. S. Moon, "A Study on User Authentication with Smartphone Accelerometer Sensor," Journal of the Korea Institute of Information Security & Cryptology, Vol.25, No.6, pp.1477-1484, 2015. https://doi.org/10.13089/JKIISC.2015.25.6.1477
  9. Y. K. Kim and J. S. Moon, "User Authentication Using Accelerometer Sensor in Wrist-Type Wearable Device," KIPS Transactions on Computer and Communication Systems, Vol.6, No.2, pp.67-74, 2017. https://doi.org/10.3745/KTCCS.2017.6.2.67
  10. B. Shakirov, H. J. Kim, K. H. Lee, and D. H. Nyang, "Analysis on Vulnerability of Password Entry Using Virtual Onscreen Keyboard," Journal of the Korea Institute of Information Security & Cryptology, Vol.26, No.4, pp.857-869, 2016. https://doi.org/10.13089/JKIISC.2016.26.4.857
  11. V. Roth, K. Richter, and R. Freidinger, "A PIN-Entry Method Resilient Against Shoulder Surfing," CCS '04 Proceedings of the 11th ACM conference on Computer and Communications Security, Washington, pp.236-245, 2004.
  12. A. Bianchi, I. Oakley, V. Kostakos, and D. Kwon, "The phone lock: audio and haptic shoulder-surfing resistant PIN entry methods for mobile devices," TEI '11 Proceedings of the Fifth International Conference on Tangible, Embedded, and Embodied Interaction, Funchal, pp.197-200, 2011.