• Title/Summary/Keyword: Shoulder-surfing

Search Result 58, Processing Time 0.021 seconds

User Authentication Method Using Smartphone and Smartwatch (스마트폰과 스마트워치를 활용한 사용자 인증 기법)

  • Seo, Hwa-jeong
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.21 no.11
    • /
    • pp.2109-2114
    • /
    • 2017
  • Personal Identification Number (PIN) is the most common user-authentication method for the access control of private and commercial applications. The users need to enter PIN information to the applications whenever the users get access to the private services. However, the process imposes a burden on the users and is vulnerable to the potential shoulder-surfing attacks. In order to resolve both problems, we present a continuous authentication method for both smartphone and smartwatch, namely, synchronized authentication. First we analyze the previous smartwatch based authentication and point-out some shortcomings. In the proposed method, we verify the validity of user by analyzing the combined acceleration data of both smartphone and smartwatch. If the monitored sensor data shows the high correlations between them, the user is successfully authenticated. For the authentication test, we used the Samsung Galaxy Note5 and Sony Smartwatch2.

A Study of User Behavior Recognition-Based PIN Entry Using Machine Learning Technique (머신러닝을 이용한 사용자 행동 인식 기반의 PIN 입력 기법 연구)

  • Jung, Changhun;Dagvatur, Zayabaatar;Jang, RhongHo;Nyang, DaeHun;Lee, KyungHee
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.7 no.5
    • /
    • pp.127-136
    • /
    • 2018
  • In this paper, we propose a PIN entry method that combines with machine learning technique on smartphone. We use not only a PIN but also touch time intervals and locations as factors to identify whether the user is correct or not. In the user registration phase, a remote server was used to train/create a machine learning model using data that collected from end-user device (i.e. smartphone). In the user authentication phase, the pre-trained model and the saved PIN was used to decide the authentication success or failure. We examined that there is no big inconvenience to use this technique (FRR: 0%) and more secure than the previous PIN entry techniques (FAR : 0%), through usability and security experiments, as a result we could confirm that this technique can be used sufficiently. In addition, we examined that a security incident is unlikely to occur (FAR: 5%) even if the PIN is leaked through the shoulder surfing attack experiments.

Proposal and Implementation of Security Keypad with Dual Touch (이중 터치를 이용한 보안 키패드 제안 및 구현)

  • Song, Jinseok;Jung, Myung-Woo;Choi, Jung-In;Seo, Seung-Hyun
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.7 no.3
    • /
    • pp.73-80
    • /
    • 2018
  • Due to the popularity of smartphones and the simplification of financial services, the number of mobile financial services is increasing. However, the security keypads developed for existing financial services are susceptible to probability analysis attacks and have security vulnerabilities. In this paper, we propose and implement a security keypad based on dual touch. Prior to the proposal, we examined the existing types of security keypads used in the mobile banking and mobile payment systems of Korean mobile financial businesses and analyzed the vulnerabilities. In addition, we compared the security of the proposed dual touch keypad as well as existing keypads using the authentication framework and the existing keypad attack types (Brute Force Attack, Smudge Attack, Key Logging Attack, and Shoulder Surfing Attack, Joseph Bonneau). Based on the results, we can confirm that the proposed security keypad with dual touch presented in this paper shows a high level of security. The security keypad with dual touch can provide more secure financial services, and it can be applied to other mobile services to enhance their security.

A study on User Authentication Technology of Numeric based Pattern Password (숫자기반의 패턴 형식 패스워드 사용자인증 기술)

  • Ju, Seung-Hwan;Seo, Hee-Suk
    • Journal of the Korea Society of Computer and Information
    • /
    • v.17 no.9
    • /
    • pp.65-73
    • /
    • 2012
  • The traditional text-based password is vulnerable guessing, dictionary attacks, keyloggers, social engineering, stole view, etc. these vulnerability effect more serious problem in a mobile environment. In this study, By using the pattern number to enter the password of an existing four-digit numeric password, User easily use to new password system. The technology on pattern based numerical password authorization proposed in this paper would intensify the security of password which holds existing 10 numbers of cases by authorizing a user and would not invade convenience of use by providing high security and making users memorize only four numbers like old method. Making users not have inconvenience and raising complexity, it would have a strength to an shoulder surfing attack of an attacker. So I study password system that represents the shape-based of number. I propose the new password system to prevent peeking attacks and Brute-force attack, and this proposal is to review the security and usability.

Design of a Secure Keypads to prevent Smudge Attack using Fingerprint Erasing in Mobile Devices (모바일 단말기에서 지문 지우기를 활용한 스머지 공격 방지를 위한 보안 키패드 설계)

  • Hyung-Jin, Mun
    • Journal of Industrial Convergence
    • /
    • v.21 no.2
    • /
    • pp.117-123
    • /
    • 2023
  • In the fintech environment, Smart phones are mainly used for various service. User authentication technology is required to use safe services. Authentication is performed by transmitting authentication information to the server when the PIN or password is entered and touch the button completing authentication. But A post-attack is possible because the smudge which is the trace of using screen remains instead of recording attack with a camera or SSA(Shoulder Surfing Attack). To prevent smudge attacks, users must erase their fingerprints after authentication. In this study, we proposed a technique to determine whether to erase fingerprints. The proposed method performed erasing fingerprint which is the trace of touching after entering PIN and designed the security keypads that processes instead of entering completion button automatically when determined whether the fingerprint has been erased or not. This method suggests action that must erase the fingerprint when entering password. By this method, A user must erase the fingerprint to complete service request and can block smudge attack.

The Secure Password Authentication Method based on Multiple Hash Values that can Grant Multi-Permission to a Single Account (단수 계정에 다중 권한 부여가 가능한 다중 해시값 기반의 안전한 패스워드 인증 기법 설계)

  • Hyung-Jin Mun
    • Journal of Industrial Convergence
    • /
    • v.21 no.9
    • /
    • pp.49-56
    • /
    • 2023
  • ID is used as identifying information and password as user authentication for ID-based authentication. In order to have a secure user authentication, the password is generated as a hash value on the client and sent to the server, where it is compared with the stored information and authentication is performed. However, if even one character is incorrect, the different hash value is generated, authentication will be failed and cannot be performed and various functions cannot be applied to the password. In this study, we generate several hash value including imaginary number of entered password and transmit to server and perform authentcation. we propose a technique can grants the right differentially to give various rights to the user who have many rights by one account. This can defend shoulder surfing attack by imaginary password and provide convenience to users who have various rights by granting right based on password.

An Incremental Elimination Method of EEG Samples Collected by Single-Channel EEG Measurement Device for Practical Brainwave-Based User Authentication (실용적 뇌파 기반 사용자 인증을 위한 단일 채널 EEG 측정 장비를 통해 수집된 EEG 샘플의 점진적 제거 방법)

  • Ko, Han-Gyu;Cho, Jin-Man;Choi, Daeseon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.2
    • /
    • pp.383-395
    • /
    • 2017
  • Brainwave-based user authentication technology has advantages such as changeability, shoulder-surfing resistance, and etc. comparing with conventional biometric authentications, fingerprint recognition for instance which are widely used for smart phone and finance user authentication. Despite these advantages, brainwave-based authentication technology has not been used in practice because of the price for EEG (electroencephalography) collecting devices and inconvenience to use those devices. However, according to the development of simple and convenient EEG collecting devices which are portable and communicative by the recent advances in hardware technology, relevant researches have been actively performed. However, according to the experiment based on EEG samples collected by using a single-channel EEG measurement device which is the most simplified one, the authentication accuracy decreases as the number of channels to measure and collect EEG decreases. Therefore, in this paper, we analyze technical problems that need to be solved for practical use of brainwave-based use authentication and propose an incremental elimination method of collected EEG samples for each user to consist a set of EEG samples which are effective to authentication users.

User authentication using touch positions in a touch-screen interface (터치스크린을 이용한 터치 위치기반 사용자 인증)

  • Kim, Jin-Bok;Lee, Mun-Kyu
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.1
    • /
    • pp.135-141
    • /
    • 2011
  • Recent advances in mobile devices and development of various mobile applications dealing with private information of users made user authentication in mobile devices a very important issue. This paper presents a new user authentication method based on touch screen interfaces. This method uses for authentication the PIN digits as well as the exact locations the user touches to input these digits. Our method is fully compatible with the regular PIN entry method which uses numeric keypads, and it provides better usability than the behavioral biometric schemes because its PIN registration process is much simpler. According to our experiments, our method guarantees EERs of 12.8%, 8.3%, and 9.3% for 4-digit PINs, 6-digit PINs, and 11-digit cell phone numbers, respectively, under the extremely conservative assumption that all users have the same PIN digits and cell phone numbers. Thus we can guarantee much higher performance in identification functionality by applying this result to a more practical situation where every user uses distinct PIN and sell phone number. Finally, our method is far more secure than the regular PIN entry method, which is verified by our experiments where attackers are required to recover a PIN after observing the PIN entry processes of the regular PIN and our method under the same level of security parameters.