• Title/Summary/Keyword: Shoulder-Surfing Attacks

Search Result 30, Processing Time 0.02 seconds

Security Analysis of Partially Hidden Password Systems Resistant to Shoulder Surfing Attacks

  • Seong, Jin-Taek
    • The Journal of Korea Institute of Information, Electronics, and Communication Technology
    • /
    • v.13 no.1
    • /
    • pp.17-26
    • /
    • 2020
  • As more users use mobile devices, shoulder surfing attacks have emerged as an important issue in security. According to research report, in fact, the result showed that about 30% of smartphone users are hit by shoulder surfing attacks. To this end, in this paper, we consider a shoulder surfing attack and propose a partially hidden password system to resistant to its attack. In order to help readers understand, we describe the proposed password system in more detail using one simple example. The core idea behind the proposed system is to place the user's password randomly in the specified grid instead of entering a password directly. As a result, even if an attacker makes a shoulder surfing attack to observe the password, the user can hide the preset password and defend against the attack. We also show how the security of the password system proposed in this paper is improved. In addition, even if there are consecutive shoulder surfing attacks, the security of the proposed password system is robust.

Hangul Password System for Preventing Shoulder-Surfing (훔쳐보기 방지를 위한 한글 패스워드 시스템)

  • Kim, Jong-Woo;Kim, Sung-Hwan;Park, Sun-Young;Cho, Hwan-Gue
    • The Journal of the Korea Contents Association
    • /
    • v.11 no.4
    • /
    • pp.33-41
    • /
    • 2011
  • Although conventional text-based passwords are used as the most common authentication method, they have significant drawbacks such as guess attacks, dictionary attacks, key loggers, and shoulder-surfing. To address the vulnerabilities of traditional text-based passwords, graphical password schemes have been developed as possible alternative solutions, but they have a potential drawback that they are more vulnerable to shoulder-surfing than conventional text-based passwords. In this paper, we present a new Hangul password input method to prevent shoulder-surfing attacks. Our approach uses Hangul as a password, and it requires the users to locate their password in the given wheeling password grid instead of entering the password. Our approach makes it difficult for attackers to observe a user's password since the system shows the users' passwords with decoy characters as the noise on the screen. Also, we provide security analysis for random attacks, dictionary attacks, and shoulder-surfing attacks, and it shows that our password system is robust against these attacks.

Secure Password-based Authentication Method for Mobile Banking Services

  • Choi, Dongmin;Tak, Dongkil;Chung, Ilyong
    • Journal of Korea Multimedia Society
    • /
    • v.19 no.1
    • /
    • pp.41-50
    • /
    • 2016
  • Moblie device based financial services are vulnerable to social engineering attacks because of the display screen of mobile devices. In other words, in the case of shoulder surfing, attackers can easily look over a user's shoulder and expose his/her password. To resolve this problem, a colour-based secure keyboard solution has been proposed. However, it is inconvenient for genuine users to verify their password using this method. Furthermore, password colours can be exposed because of fixed keyboard colours. Therefore, we propose a secure mobile authentication method to provide advanced functionality and strong privacy. Our authentication method is robust to social engineering attacks, especially keylogger and shoulder surfing attacks. According to the evaluation results, our method offers increased security and improved usability compared with existing methods.

Virtual Keyboard against Social Engineering Attacks in Smartphones (사회 공학적 공격에 대응하는 색 기반 스마트폰 가상 키보드)

  • Choi, Dongmin;Baek, Cheolheon;Chung, Ilyong
    • Journal of Korea Multimedia Society
    • /
    • v.18 no.3
    • /
    • pp.368-375
    • /
    • 2015
  • Nowaday, financial institutions provide secure mobile keyboard solutions to keep their mobile banking services safe. However, these are still vulnerable to attacks, such as shoulder surfing attack. Especially, in the case of handicapped person such as visual impairment and blindness, they are more vulnerable than ordinary person because of inconvenience of secure information input. Among them, we focused on the color blind. For the color blind, 4-color based secure keyboard method causes more inconvenience to notify exact color. Thus, we propose a secure mobile keyboard solution to provide advanced functionality for the color blind users. Our method is based on 4-color theorem to support color blind users. In addition, our scheme is robust against shoulder surfing attack. According to the evaluation result, our method offers increased security against shoulder surfing attack compare with existing methods.

A Study of Secure Password Input Method Based on Eye Tracking with Resistance to Shoulder-Surfing Attacks (아이트래킹을 이용한 안전한 패스워드 입력 방법에 관한 연구 - 숄더 서핑 공격 대응을 중심으로)

  • Kim, Seul-gi;Yoo, Sang-bong;Jang, Yun;Kwon, Tae-kyoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.4
    • /
    • pp.545-558
    • /
    • 2020
  • The gaze-based input provides feedback to confirm that the typing is correct when the user types the text. Many studies have already demonstrated that feedback can increase the usability of gaze-based inputs. However, because the information of the typed text is revealed through feedback, it can be a target for shoulder-surfing attacks. Appropriate feedback needs to be used to improve security without compromising the usability of the gaze-based input using the original feedback. In this paper, we propose a new gaze-based input method, FFI(Fake Flickering Interface), to resist shoulder-surfing attacks. Through experiments and questionnaires, we evaluated the usability and security of the FFI compared to the gaze-based input using the original feedback.

Secure Human Authentication with Graphical Passwords

  • Zayabaatar Dagvatur;Aziz Mohaisen;Kyunghee Lee;DaeHun Nyang
    • Journal of Internet Technology
    • /
    • v.20 no.4
    • /
    • pp.1247-1260
    • /
    • 2019
  • Both alphanumeric and graphical password schemes are vulnerable to the shoulder-surfing attack. Even when authentication schemes are secure against a single shoulder-surfing attack round, they can be easily broken by intersection attacks, using multiple shoulder-surfing attacker records. To this end, in this paper we propose a graphical password-based authentication scheme to provide security against the intersection attack launched by an attacker who may record the user's screen, mouse clicks and keyboard input with the help of video recording devices and key logging software. We analyze our scheme's security under various threat models and show its high security guarantees. Various analysis, usability studies and comparison with the previous work highlight our scheme's practicality and merits.

Hidden Indicator Based PIN-Entry Method Using Audio Signals

  • Seo, Hwajeong;Kim, Howon
    • Journal of information and communication convergence engineering
    • /
    • v.15 no.2
    • /
    • pp.91-96
    • /
    • 2017
  • PIN-entry interfaces have high risks to leak secret values if the malicious attackers perform shoulder-surfing attacks with advanced monitoring and observation devices. To make the PIN-entry secure, many studies have considered invisible radio channels as a secure medium to deliver private information. However, the methods are also vulnerable if the malicious adversaries find a hint of secret values from user's $na{\ddot{i}}ve$ gestures. In this paper, we revisit the state-of-art radio channel based bimodal PIN-entry method and analyze the information leakage from the previous method by exploiting the sight tracking attacks. The proposed sight tracking attack technique significantly reduces the original password complexities by 93.8% after post-processing. To keep the security level strong, we introduce the advanced bimodal PIN-entry technique. The new technique delivers the secret indicator information through a secure radio channel and the smartphone screen only displays the multiple indicator options without corresponding numbers. Afterwards, the users select the target value by following the circular layout. The method completely hides the password and is secure against the advanced shoulder-surfing attacks.

A Password Method Resistant to Shoulder Surfing Attacks (훔쳐보기 공격에 강인한 비밀번호 방식)

  • Seong, Jin-Taek
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2022.10a
    • /
    • pp.331-332
    • /
    • 2022
  • The previously used locking device is a PIN method and has a problem in that the password is exposed by malicious users. In other words, if attackers looks at lock passwords from the side, correct passwords are known. In this paper, we aim to solve these security problems in lock devices resistant to shoulder surfing attacks. The proposed encryption approach is designed so that attackers cannot know lock passwords. To this end, we use a hidden password method instead of directly entering a PIN-type password to prevent the correct password from being exposed to an attacker even if someone steals the lock password.

  • PDF

Usability Comparison between PIN entry schemes (개인식별번호 입력 방식들에 대한 사용편의성 비교)

  • Kim, Chang-Soon;Song, Jeong-Eun;Lee, Mun-Kyu
    • 한국HCI학회:학술대회논문집
    • /
    • 2009.02a
    • /
    • pp.34-39
    • /
    • 2009
  • Four-digit PIN(Personal Identification Number) is a well-known user authentication method used for many applications including ATMs and mobile phones. However, it is vulnerable to shoulder surfing attacks(SSAs). In this paper, we present new PIN entry methods which are secure against SSA and easy to use. We compare the usability and security of these methods with those of the existing methods.

  • PDF

A Study on the Security of One-Time Keypad (OTK) (원타임 키패드의 보안성 분석)

  • Kim, Jon-Lark;Lee, Nari;Roe, Young Gun;Galvez, Lucky Erap
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.4
    • /
    • pp.731-742
    • /
    • 2017
  • For all the various cryptographic techniques related to security, social technological attacks such as a shoulder surfing are infeasible to block off completely. Especially, the attacks are executed against financial facilities such as automated teller machine(ATM) which are located in public areas. Furthermore, online financial services whose rate of task management is consistently increasing are vulnerable to a shoulder surfing, smudge attacks, and key stroke inference attacks with google glass behind the convenience of ubiquitous business transactions. In this paper, we show that the security of ATM and internet banking can be reinforced against a shoulder surfing by using One-Time Keypad(OTK) and compare the security of OTK with those of ordinary keypad and One-Time Password(OTP).