• 제목/요약/키워드: Graphical Authentication

검색결과 14건 처리시간 0.02초

Development Status and Prospects of Graphical Password Authentication System in Korea

  • Yang, Gi-Chul
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • 제13권11호
    • /
    • pp.5755-5772
    • /
    • 2019
  • Security is becoming more important as society changes rapidly. In addition, today's ICT environment demands changes in existing security technologies. As a result, password authentication methods are also changing. The authentication method most often used for security is password authentication. The most-commonly used passwords are text-based. Security enhancement requires longer and more complex passwords, but long, complex, text-based passwords are hard to remember and inconvenient to use. Therefore, authentication techniques that can replace text-based passwords are required today. Graphical passwords are more difficult to steal than text-based passwords and are easier for users to remember. In recent years, researches into graphical passwords that can replace existing text-based passwords are being actively conducting in various places throughout the world. This article surveys recent research and development directions of graphical password authentication systems in Korea. For this purpose, security authentication methods using graphical passwords are categorized into technical groups and the research associated with graphical passwords performed in Korea is explored. In addition, the advantages and disadvantages of all investigated graphical password authentication methods were analyzed along with their characteristics.

Secure Human Authentication with Graphical Passwords

  • Zayabaatar Dagvatur;Aziz Mohaisen;Kyunghee Lee;DaeHun Nyang
    • Journal of Internet Technology
    • /
    • 제20권4호
    • /
    • pp.1247-1260
    • /
    • 2019
  • Both alphanumeric and graphical password schemes are vulnerable to the shoulder-surfing attack. Even when authentication schemes are secure against a single shoulder-surfing attack round, they can be easily broken by intersection attacks, using multiple shoulder-surfing attacker records. To this end, in this paper we propose a graphical password-based authentication scheme to provide security against the intersection attack launched by an attacker who may record the user's screen, mouse clicks and keyboard input with the help of video recording devices and key logging software. We analyze our scheme's security under various threat models and show its high security guarantees. Various analysis, usability studies and comparison with the previous work highlight our scheme's practicality and merits.

Next-Generation Personal Authentication Scheme Based on EEG Signal and Deep Learning

  • Yang, Gi-Chul
    • Journal of Information Processing Systems
    • /
    • 제16권5호
    • /
    • pp.1034-1047
    • /
    • 2020
  • The personal authentication technique is an essential tool in this complex and modern digital information society. Traditionally, the most general mechanism of personal authentication was using alphanumeric passwords. However, passwords that are hard to guess or to break, are often hard to remember. There are demands for a technology capable of replacing the text-based password system. Graphical passwords can be an alternative, but it is vulnerable to shoulder-surfing attacks. This paper looks through a number of recently developed graphical password systems and introduces a personal authentication system using a machine learning technique with electroencephalography (EEG) signals as a new type of personal authentication system which is easier for a person to use and more difficult for others to steal than other preexisting authentication systems.

D-PASS: 스마트 기기 사용자 인증 기법 연구 (D-PASS: A Study on User Authentication Method for Smart Devices)

  • 정유선;최동민
    • 한국전자통신학회논문지
    • /
    • 제12권5호
    • /
    • pp.915-922
    • /
    • 2017
  • 모바일 스마트 기기 이용자의 급격한 증가는 스마트 기기의 활동 범위를 크게 확장하는 계기가 되었다. 이러한 스마트 기기는 기존의 모바일 기기와 달리 기기 사용자의 다양한 비밀 정보를 관리 사용하고 있어 높은 보안요구사항을 갖는다. 그러나 현재 스마트 기기에서 제공하는 인증 기법들은 최근의 스마트 기기를 대상으로 하는 보안 공격 유형들 중 사회 공학 공격에 해당하는 엿보기, 레코딩, 스머지와 같은 공격에 취약하다. 이에 본 연구에서 우리는 사회공학 공격에 강인하면서도 충분히 사용자 편의성을 고려한 새로운 방식의 인증 기법을 제안한다. 제안하는 기법은 그래픽 기반 인증 기법과 텍스트 기반 인증 기법을 혼합 적용하여 보안 안전성이 높으며 여타 그래픽 기반 기법과 달리 암호의 기억이 용이하다.

T-TIME: A Password Scheme Based on Touch Signal Generation Time Difference

  • Yang, Gi-Chul
    • 한국정보기술학회 영문논문지
    • /
    • 제8권2호
    • /
    • pp.41-46
    • /
    • 2018
  • As evidenced through rapidly growing digital devices and information, digital authentication is becoming ever more critical, especially considering the complex and prevalent digital accounts we are using every day. Also, digital authentication is apt to consistent digital security application. In this sense, digital security quality and usability can be enhanced by developing a mechanism for efficient digital authentication. In this paper, a mechanism of efficient digital authentication called T-TIME is introduced in order to alleviate issues dealing with secure and user friendly authentication across ever- growing digital devices and information. Touch Signal generation time difference is utilized for T-TIME as a mediation mechanism that enhances the security quality by confusing others unlike other graphical password mechanisms which are using spatial information. Hence, digital authentication by using T-TIME can be a good way of enhancing security quality and usability.

개인 인증 체계의 발전 방향 (Development Direction of Personal Authentication System)

  • 양기철
    • 한국정보통신학회:학술대회논문집
    • /
    • 한국정보통신학회 2021년도 춘계학술대회
    • /
    • pp.117-119
    • /
    • 2021
  • 본 논문에서는 개인 인증 체계의 유형별 장단점을 살펴보고 개인 인증 시스템의 발전 방향을 제시한다. 현재 흔히 사용하고 있는 개인 인증 시스템은 텍스트 기반의 패스워드 시스템이다. 하지만 현재 대부분의 텍스트 기반 패스워드 시스템은 사용성이나 보안성이 취약하다. 이러한 문제점을 해결하기 위해 텍스트 기반 패스워드 시스템을 대체할 수 있는 개인 인증 체계가 요구되고 있다. 본 논문에서는 최근 개발된 그래픽 패스워드 시스템을 예로 들어 텍스트 기반 패스워드 시스템을 대체할 수 있는 조건과 가능성을 찾아보고 개인 인증 체계의 발전 방향을 제시한다.

  • PDF

Empirical Risk Assessment in Major Graphical Design Software Systems

  • Joh, HyunChul;Lee, JooYoung
    • Journal of Multimedia Information System
    • /
    • 제8권4호
    • /
    • pp.259-266
    • /
    • 2021
  • Security vulnerabilities have been reported in major design software systems such as Adobe Photoshop and Illustrator, which are recognized as de facto standard design tools in most of the design industries. Companies need to evaluate and manage their risk levels posed by those vulnerabilities, so that they could mitigate the potential security bridges in advance. In general, security vulnerabilities are discovered throughout their life cycles repeatedly if software systems are continually used. Hence, in this study, we empirically analyze risk levels for the three major graphical design software systems, namely Photoshop, Illustrator and GIMP with respect to a software vulnerability discovery model. The analysis reveals that the Alhazmi-Malaiya Logistic model tends to describe the vulnerability discovery patterns significantly. This indicates that the vulnerability discovery model makes it possible to predict vulnerability discovery in advance for the software systems. Also, we found that none of the examined vulnerabilities requires even a single authentication step for successful attacks, which suggests that adding an authentication process in software systems dramatically reduce the probability of exploitations. The analysis also discloses that, for all the three software systems, the predictions with evenly distributed and daily based datasets perform better than the estimations with the datasets of vulnerability reporting dates only. The observed outcome from the analysis allows software development managers to prepare proactively for a hostile environment by deploying necessary resources before the expected time of vulnerability discovery. In addition, it can periodically remind designers who use the software systems to be aware of security risk, related to their digital work environments.

Enhanced Knock Code Authentication with High Security and Improved Convenience

  • Jang, Yun-Hwan;Park, Yongsu
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • 제12권9호
    • /
    • pp.4560-4575
    • /
    • 2018
  • Since smartphone contains various personal data, security is one of the important aspects in smartphone technologies. Up to now, various authentication techniques have been proposed to protect smartphones. The pattern lock on the Android system is one of the most widely used authentication methods for low-cost devices but it is known to be vulnerable to smudge attack or shoulder surfing attack. LG's smartphone uses its own technique, which is called "Knock Code." The knock code completes the authentication by touching the user defined area in turn on the screen. In this paper, we propose the new, enhanced version of knock code by adding the sliding operation and by using flexible area recognition. We conducted security analysis, which shows that under the same password size, the search space is overwhelmingly larger than the original algorithm. Also, by using the sliding operation, the proposed scheme shows resilience against smudge attacks. We implemented the prototype of our scheme. Experimental results show that compared with the original Knock Code and Android pattern lock, our scheme is more convenient while providing better security.

스마트폰 GPS 기반 그래피컬 패스워드 기법에 관한 연구 (A Study on the SmartPhone GPS based Graphical Password Approach)

  • 김태은;김현홍;전문석
    • 정보처리학회논문지:컴퓨터 및 통신 시스템
    • /
    • 제2권12호
    • /
    • pp.525-532
    • /
    • 2013
  • 스마트폰, 태블릿 PC 등 다양한 형태의 모바일 스마트 단말이 증가함에 따라 이러한 모바일 단말 환경에서의 정보보호가 큰 이슈가 되고 있으며 많은 연구가 이루어지고 있다. 이런 정보보호의 한 연구 방안 중 안전하게 패스워드를 입력하는 방법은 매우 중요한 요소이며, 다양한 형태의 모바일 단말에서는 자체적인 하드웨어 제약 사항에 따라 높은 보안 등급의 패스워드 입력 장치를 구비하기 힘든 어려움을 가진다. 또한 터치스크린을 통해 단순한 문자들을 패스워드로 입력하게 되면 입력의 불편함이 따를 수 있으며, 엿보기 공격에 취약한 특성을 가지게 된다. 따라서 본 논문에서는 엿보기 공격을 방어하고 사용자 입력 편의를 제공하기 위해서 스마트폰에서 생성할 수 있는 GPS 위치 정보를 이용하여 새로운 그래피컬 패스워드 기법을 제안하고 구현하였다.

스마트폰용 동적 서명인증의 모바일 구현 (Mobile Implementation of Enhanced Dynamic Signature Verification for the Smart-phone)

  • 김진환;조혁규;서창진;차의영
    • 한국정보통신학회논문지
    • /
    • 제11권9호
    • /
    • pp.1781-1785
    • /
    • 2007
  • 본 논문에서는 스마트폰에서 사용 가능한 동적서명 인증기술의 사용자 인터페이스와 알고리즘을 제안하고, 제안된 시스템의 성능을 기술하였다. 개인 서명의 모양, 쓰는 속도, 기울기, 획수와 획순서 등의 정보를 활용함으로써 인증 여부를 결정하게 되며, 컴퓨터와 무선인터 넷이 발달하고 관련 산업이 급성장함에 따라서 폭 넓은 산업 분야에 활용될 것으로 기대된다.