DOI QR코드

DOI QR Code

핀테크 환경에서 그룹핑을 이용한 이중 터치 기반의 위치 차단이 가능한 보안 키패드 설계

Design for Position Protection Secure Keypads based on Double-Touch using Grouping in the Fintech

  • 문형진 (성결대학교 정보통신공학부)
  • Mun, Hyung-Jin (Dept. of Information & Communication Engineering, Sungkyul University)
  • 투고 : 2022.02.14
  • 심사 : 2022.03.20
  • 발행 : 2022.03.28

초록

핀테크 기술의 발전으로 인해 스마트폰을 이용한 금융거래가 활성화되고 있다. 금융거래시 사용자 인증을 위한 비밀번호는 스마트 폰의 터치 스크린 상에 보여지는 가상 키패드를 통해 입력된다. 비밀번호를 터치할 때 공격자가 높은 해상도를 가진 카메라로 촬영하거나 어깨 너머로 훔쳐보는 방식으로 사용자가 입력한 비밀번호를 알아낼 수 있다. 이런 공격을 막기 위해 보안이 적용된 가상 키패드는 크기가 작은 터치 스크린에 입력하기 어렵고, 훔쳐보기 공격에 취약점이 여전히 존재한다. 본 논문에서는 전체 키패드를 몇 개의 그룹으로 나누고 작은 화면에 표시하여 입력할 문자가 속해 있는 그룹을 터치하고, 그룹 내에서 해당 문자를 터치하는 방식으로 입력할 문자를 쉽게 찾을 수 있다. 제안기법은 입력할 문자가 속한 그룹을 선택하며 해당 그룹에 키패드를 10개 이내로 작은 스크린에 보여주기 때문에 키패드의 크기를 기존 방법보다 2배 이상 확대가 가능하고, 위치를 랜덤하게 배치하여 터치한 위치를 통한 공격을 차단할 수 있다.

Due to the development of fintech technology, financial transactions using smart phones are being activated. The password for user authentication during financial transactions is entered through the virtual keypad displayed on the screen of the smart phone. When the password is entered, the attacker can find out the password by capturing it with a high-resolution camera or spying over the shoulder. A virtual keypad with security applied to prevent such an attack is difficult to input on a small touch-screen, and there is still a vulnerability in peeping attacks. In this paper, the entire keypad is divided into several groups and displayed on a small screen, touching the group to which the character to be input belongs, and then touching the corresponding character within the group. The proposed method selects the group to which the character to be input belongs, and displays the keypad in the group on a small screen with no more than 10 keypads, so that the size of the keypad can be enlarged more than twice compared to the existing method, and the location is randomly placed, hence location of the touch attacks can be blocked.

키워드

참고문헌

  1. E. J. Choi, W. C. Jung. & S. Y. Kim. (2015). Attacks and Defenses for Vulnerability of Cross Site Scripting. Journal of Digital Convergence, 13(2), 177-183. DOI :10.14400/JDC.2015.13.2.177
  2. C. Nayak, M. Parhi & S. Ghosal. (2014). Robust virtual keyboard for online banking. International Journal of Computer Applications, 107(21), 36-38. DOI : 10.5120/19142-0530
  3. B. S. Yu & S. H. Yun. (2011). The Design and Implementation of Messenger Authentication Protocol to Prevent Smartphone Phishing. Journal of the Korea Convergence Society, 2(4), 9-14. DOI : 10.15207/JKCS.2011.2.4.009
  4. D. Y. Kim & S. M. Cho. (2015). A Proposal of Smart Phone App for Preventing Smishing Attack. Journal of Security Engineering, 12(3), 207-220. https://doi.org/10.14257/jse.2015.06.08
  5. J. H. Kim, J. Y. Go. & K. H. Lee. (2015). A Scheme of Social Engineering Attacks and Countermeasures Using Big Data based Conversion Voice Phishing. Journal of the Korea Convergence Society, 6(1), 85-91. DOI : 10.15207/JKCS.2015.6.1.085
  6. S. H. Kim, M. S. Park. & S. J. Kim. (2014). Shoulder Surfing Attack Modeling and Security Analysis on Commercial Keypad Schemes. Journal of the Korea Institute of Information Security & Cryptology, 24(6), 1159-1174. DOI : 10.13089/JKIISC.2014.24.6.1159
  7. G. O. Baik, C. H. Lim & J. G. Shon. (2010). A Virtual Keyboard System for Preventing Keylogging. Journal of Security Engineering, 7(4), 319-334.
  8. S. W. Choi & Y.J. Shin. (2015). Economy Effects of IT Industry on Financial and Insurance Services. Journal of Digital Convergence, 13(1), 191-203. DOI : 10.14400/JDC.2015.13.1.191
  9. J. O. Park & B. W. Jin. (2015). A Study on Authentication Method for Secure Payment in Fintech Environment. The Journal of the Institute of Internet, Broadcasting and Communication, 15(4), 25-31. https://doi.org/10.7236/JIIBC.2015.15.4.25
  10. C. J. Chae, H. J. Cho & H. M. Jung. (2018). Authentication Method using Multiple Biometric Information in FIDO Environment. Journal of Digital Convergence, 16(1), 159-164. DOI : 10.14400/JDC.2018.16.1.159
  11. Q. Yue, Z. Ling, X. Fu, B. Liu, W. Yu & W. Zhao. (2014). My google glass sees your passwords!. Proceedings of the Black Hat USA.
  12. H. J. Seo & H. W. Kim. (2016). Design of Security Keypad Against Key Stroke Inference Attack. Journal of the Korea Institute of Information Security & Cryptology, 26(1), 41-47. DOI : 10.13089/JKIISC.2016.26.1.41
  13. Y. H. Lee. (2013). An Analysis on the Vulnerability of Secure Keypads for Mobile Devices. Journal of Korean Society for Internet Information, 14(3), 15-21. DOI : 10.7472/jksii.2013.14.3.15
  14. J. S. Song, M. W. Chung, S. H. Seo & S. H. Lee. (2015). Security vulnerability analysis of Simple Mobile Payments Services. The Korea Information Processing Society Fall Conference, 22(2), 817-820.
  15. D. H. Lee, D. H. Bae, S. L Yoo, J. Y. Chae, Y. Lee & H. G. Yang. (2011). Analysis of safety in secure keypads for smartphone. REVIEW of The Korea Institute of Information Security and Cryptology, 21(7), 30-37. DOI : KIISC.2011.21.7.30.
  16. W. G. Pak, S. Yeo, Y. R. Cha. (2015). A Secure Virtual Keypad for Mobile devices. Proceeding of KOREA INFORMATION SCIENCE SOCIETY, 875-876.
  17. H. J. Mun. (2017). Virtual Keypads based on Tetris with Resistance for Attack using Location Information. Journal of the Korea Convergence Society, 8(6), 37-44. DOI : 10.15207/JKCS.2017.8.6.037
  18. H. J. Mun & K. H. Han. (2018). Tetris security keypads design with higher security using alignment and padding. International Journal of Engineering & Technology, 7(2.33), 11-14. DOI : 10.14419/ijet.v7i2.33.13838
  19. H. J. Mun, S. Y. Kang & C. Shin. (2020). Implementation of Secure Keypads based on Tetris-Form Protection for Touch Position in the Fintech. Journal of Convergence for Information Technology, 10(8), 144-151. DOI: 10.22156/CS4SMB.2020.10.08.144
  20. J. Song, M. W. Jung, J. I. Choi & S. H. Seo. (2018). Proposal and Implementation of Security Keypad with Dual Touch. KIPS Transactions on Computer and Communication Systems, 7(3), 73-80. DOI : 10.3745/KTCCS.2018.7.3.73
  21. H. J. Kim, H. J. Seo, Y. C. Lee, T. H. Park & H.W. Kim. (2013). Implementation of virtual finace keypads with resistance for shoulder surfing attack. REVIEW The Korea Institute of Information Security and Cryptology(KIISC), 23(6), 21-29. DOI : KIISC.2013.23.6.21.
  22. H. J. Seo & H. W. Kim. (2014). Secure Keypad with Encrypted Input Message. Journal of the Korea Institute of Information and Communication Engineering, 18(12), 2899-2910. DOI : 10.6109/jkiice.2014.18.12.2899