• Title/Summary/Keyword: Shoulder-surfing

Search Result 58, Processing Time 0.023 seconds

Security Analysis of Partially Hidden Password Systems Resistant to Shoulder Surfing Attacks

  • Seong, Jin-Taek
    • The Journal of Korea Institute of Information, Electronics, and Communication Technology
    • /
    • v.13 no.1
    • /
    • pp.17-26
    • /
    • 2020
  • As more users use mobile devices, shoulder surfing attacks have emerged as an important issue in security. According to research report, in fact, the result showed that about 30% of smartphone users are hit by shoulder surfing attacks. To this end, in this paper, we consider a shoulder surfing attack and propose a partially hidden password system to resistant to its attack. In order to help readers understand, we describe the proposed password system in more detail using one simple example. The core idea behind the proposed system is to place the user's password randomly in the specified grid instead of entering a password directly. As a result, even if an attacker makes a shoulder surfing attack to observe the password, the user can hide the preset password and defend against the attack. We also show how the security of the password system proposed in this paper is improved. In addition, even if there are consecutive shoulder surfing attacks, the security of the proposed password system is robust.

Design and Implementation of Pinpad using Secure Technology from Shoulder Surfing Attack (비밀번호 훔쳐보기로부터 안전한 기술을 내장시킨 비밀번호 입력기의 설계 및 구현)

  • Kang, Moon-Seol;Kim, Young-Il
    • The KIPS Transactions:PartD
    • /
    • v.17D no.2
    • /
    • pp.167-174
    • /
    • 2010
  • When entering the PIN(personal identification number), the greatest security threat is shoulder surfing attack. Shoulder surfing attack is watching the PIN being entered from over the shoulder to obtain the number, and it is the most common and at the same time the most powerful security threat of stealing the PIN. In this paper, a psychology based PINpad technology referred to as DAS(Dynamic Authentication System) that safeguards from shoulder surfing attack was proposed. Also, safety of the proposed DAS from shoulder surfing attack was tested and verified through intuitive viewpoint, shoulder surfing test, and theoretical analysis. Then, a PINpad with an internal DAS that was certified for its safety from shoulder surfing attack was designed and produced. Because the designed PINpad significantly decreases the chances for shoulder surfing attackers being able to steal the PIN when compared to the ordinary PINpad, it was determined to be suitable for use at ATM(automated teller machine)s operated by banks and therefore has been introduced and is being used by many financial institutions.

Virtual Keyboard against Social Engineering Attacks in Smartphones (사회 공학적 공격에 대응하는 색 기반 스마트폰 가상 키보드)

  • Choi, Dongmin;Baek, Cheolheon;Chung, Ilyong
    • Journal of Korea Multimedia Society
    • /
    • v.18 no.3
    • /
    • pp.368-375
    • /
    • 2015
  • Nowaday, financial institutions provide secure mobile keyboard solutions to keep their mobile banking services safe. However, these are still vulnerable to attacks, such as shoulder surfing attack. Especially, in the case of handicapped person such as visual impairment and blindness, they are more vulnerable than ordinary person because of inconvenience of secure information input. Among them, we focused on the color blind. For the color blind, 4-color based secure keyboard method causes more inconvenience to notify exact color. Thus, we propose a secure mobile keyboard solution to provide advanced functionality for the color blind users. Our method is based on 4-color theorem to support color blind users. In addition, our scheme is robust against shoulder surfing attack. According to the evaluation result, our method offers increased security against shoulder surfing attack compare with existing methods.

Secure Human Authentication with Graphical Passwords

  • Zayabaatar Dagvatur;Aziz Mohaisen;Kyunghee Lee;DaeHun Nyang
    • Journal of Internet Technology
    • /
    • v.20 no.4
    • /
    • pp.1247-1260
    • /
    • 2019
  • Both alphanumeric and graphical password schemes are vulnerable to the shoulder-surfing attack. Even when authentication schemes are secure against a single shoulder-surfing attack round, they can be easily broken by intersection attacks, using multiple shoulder-surfing attacker records. To this end, in this paper we propose a graphical password-based authentication scheme to provide security against the intersection attack launched by an attacker who may record the user's screen, mouse clicks and keyboard input with the help of video recording devices and key logging software. We analyze our scheme's security under various threat models and show its high security guarantees. Various analysis, usability studies and comparison with the previous work highlight our scheme's practicality and merits.

Hangul Password System for Preventing Shoulder-Surfing (훔쳐보기 방지를 위한 한글 패스워드 시스템)

  • Kim, Jong-Woo;Kim, Sung-Hwan;Park, Sun-Young;Cho, Hwan-Gue
    • The Journal of the Korea Contents Association
    • /
    • v.11 no.4
    • /
    • pp.33-41
    • /
    • 2011
  • Although conventional text-based passwords are used as the most common authentication method, they have significant drawbacks such as guess attacks, dictionary attacks, key loggers, and shoulder-surfing. To address the vulnerabilities of traditional text-based passwords, graphical password schemes have been developed as possible alternative solutions, but they have a potential drawback that they are more vulnerable to shoulder-surfing than conventional text-based passwords. In this paper, we present a new Hangul password input method to prevent shoulder-surfing attacks. Our approach uses Hangul as a password, and it requires the users to locate their password in the given wheeling password grid instead of entering the password. Our approach makes it difficult for attackers to observe a user's password since the system shows the users' passwords with decoy characters as the noise on the screen. Also, we provide security analysis for random attacks, dictionary attacks, and shoulder-surfing attacks, and it shows that our password system is robust against these attacks.

Secure Password-based Authentication Method for Mobile Banking Services

  • Choi, Dongmin;Tak, Dongkil;Chung, Ilyong
    • Journal of Korea Multimedia Society
    • /
    • v.19 no.1
    • /
    • pp.41-50
    • /
    • 2016
  • Moblie device based financial services are vulnerable to social engineering attacks because of the display screen of mobile devices. In other words, in the case of shoulder surfing, attackers can easily look over a user's shoulder and expose his/her password. To resolve this problem, a colour-based secure keyboard solution has been proposed. However, it is inconvenient for genuine users to verify their password using this method. Furthermore, password colours can be exposed because of fixed keyboard colours. Therefore, we propose a secure mobile authentication method to provide advanced functionality and strong privacy. Our authentication method is robust to social engineering attacks, especially keylogger and shoulder surfing attacks. According to the evaluation results, our method offers increased security and improved usability compared with existing methods.

Shoulder Surfing Attack Modeling and Security Analysis on Commercial Keypad Schemes (어깨너머공격 모델링 및 보안 키패드 취약점 분석)

  • Kim, Sung-Hwan;Park, Min-Su;Kim, Seung-Joo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.6
    • /
    • pp.1159-1174
    • /
    • 2014
  • As the use of smartphones and tablet PCs has exploded in recent years, there are many occasions where such devices are used for treating sensitive data such as financial transactions. Naturally, many types of attacks have evolved that target these devices. An attacker can capture a password by direct observation without using any skills in cracking. This is referred to as shoulder surfing and is one of the most effective methods. There has been only a crude definition of shoulder surfing. For example, the Common Evaluation Methodology(CEM) attack potential of Common Criteria (CC), an international standard, does not quantitatively express the strength of an authentication method against shoulder surfing. In this paper, we introduce a shoulder surfing risk calculation method supplements CC. Risk is calculated first by checking vulnerability conditions one by one and the method of the CC attack potential is applied for quantitative expression. We present a case study for security-enhanced QWERTY keyboard and numeric keypad input methods, and the commercially used mobile banking applications are analyzed for shoulder surfing risks.

Designing Password Input System Resistant on Shoulder Surfing Attack with Statistical Analysis (Shoulder Surfing 공격을 고려한 패스워드 입력 시스템 구현 및 통계적 검증)

  • Lim, Soo Min;Kim, Hyoung Joong;Kim, Seong Kee
    • Journal of the Institute of Electronics and Information Engineers
    • /
    • v.49 no.9
    • /
    • pp.215-224
    • /
    • 2012
  • Using password on system is easy to build and shorten the access time to authorize user, which is high in use for vary system that requires users' authorization. Many input device are able to perform the password system easily, such as PC, smart-phone, tablet PC, etc. Beside the high usability of password, physical attack occurs when user put their password on the device, known as Shoulder Surfing attack. It used to be formed in numbers, characters or mix of different kinds, but new kind of password arose. Exploiting image or making scenarios are those kinds which are able to reflect users' intentions. Not many estimation exists for new password, so there's need to be standard for those new password for highlighting usability and accessability. In this paper, we propose password system with simple image and switching key-board to test statistical method to estimate usability on the password.

Usability Comparison between PIN entry schemes (개인식별번호 입력 방식들에 대한 사용편의성 비교)

  • Kim, Chang-Soon;Song, Jeong-Eun;Lee, Mun-Kyu
    • 한국HCI학회:학술대회논문집
    • /
    • 2009.02a
    • /
    • pp.34-39
    • /
    • 2009
  • Four-digit PIN(Personal Identification Number) is a well-known user authentication method used for many applications including ATMs and mobile phones. However, it is vulnerable to shoulder surfing attacks(SSAs). In this paper, we present new PIN entry methods which are secure against SSA and easy to use. We compare the usability and security of these methods with those of the existing methods.

  • PDF

A Study of Secure Password Input Method Based on Eye Tracking with Resistance to Shoulder-Surfing Attacks (아이트래킹을 이용한 안전한 패스워드 입력 방법에 관한 연구 - 숄더 서핑 공격 대응을 중심으로)

  • Kim, Seul-gi;Yoo, Sang-bong;Jang, Yun;Kwon, Tae-kyoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.4
    • /
    • pp.545-558
    • /
    • 2020
  • The gaze-based input provides feedback to confirm that the typing is correct when the user types the text. Many studies have already demonstrated that feedback can increase the usability of gaze-based inputs. However, because the information of the typed text is revealed through feedback, it can be a target for shoulder-surfing attacks. Appropriate feedback needs to be used to improve security without compromising the usability of the gaze-based input using the original feedback. In this paper, we propose a new gaze-based input method, FFI(Fake Flickering Interface), to resist shoulder-surfing attacks. Through experiments and questionnaires, we evaluated the usability and security of the FFI compared to the gaze-based input using the original feedback.