• Journal of the Institute of Electronics and Information Engineers
• /
• v.49 no.9
• /
• pp.215-224
• /
• 2012

Using password on system is easy to build and shorten the access time to authorize user, which is high in use for vary system that requires users' authorization. Many input device are able to perform the password system easily, such as PC, smart-phone, tablet PC, etc. Beside the high usability of password, physical attack occurs when user put their password on the device, known as Shoulder Surfing attack. It used to be formed in numbers, characters or mix of different kinds, but new kind of password arose. Exploiting image or making scenarios are those kinds which are able to reflect users' intentions. Not many estimation exists for new password, so there's need to be standard for those new password for highlighting usability and accessability. In this paper, we propose password system with simple image and switching key-board to test statistical method to estimate usability on the password.

• 한국HCI학회:학술대회논문집
• /
• 2009.02a
• /
• pp.34-39
• /
• 2009

Four-digit PIN(Personal Identification Number) is a well-known user authentication method used for many applications including ATMs and mobile phones. However, it is vulnerable to shoulder surfing attacks(SSAs). In this paper, we present new PIN entry methods which are secure against SSA and easy to use. We compare the usability and security of these methods with those of the existing methods.

• Journal of Korea Multimedia Society
• /
• v.19 no.1
• /
• pp.41-50
• /
• 2016

Moblie device based financial services are vulnerable to social engineering attacks because of the display screen of mobile devices. In other words, in the case of shoulder surfing, attackers can easily look over a user's shoulder and expose his/her password. To resolve this problem, a colour-based secure keyboard solution has been proposed. However, it is inconvenient for genuine users to verify their password using this method. Furthermore, password colours can be exposed because of fixed keyboard colours. Therefore, we propose a secure mobile authentication method to provide advanced functionality and strong privacy. Our authentication method is robust to social engineering attacks, especially keylogger and shoulder surfing attacks. According to the evaluation results, our method offers increased security and improved usability compared with existing methods.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10e
• /
• pp.151-153
• /
• 2002

Mobile handhold devices such as PDA(Personal Digital Assistant) and Cellular Phone are more and more popular for personal web surfing. But today, most mobile handheld devices have relatively poor web browsing capability because of the small bandwidth of wireless connection, the small speed of CPU, the small capacity of RAM and Flash ROM, the small display size of LCD and the short lifecycle of battery. Users have to endure bigger communication latency than Desk PC's one because of these factors. In this paper, we propose an effective pre-refresh mechanism for handheld device's embedded web browser so as to make user's web surfing faster. The experiment was done using the simulator designed by ourselves and the experiment result demonstrates the proposed mechanism has a good performance to make web surfing faster.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.545-558
• /
• 2020

The gaze-based input provides feedback to confirm that the typing is correct when the user types the text. Many studies have already demonstrated that feedback can increase the usability of gaze-based inputs. However, because the information of the typed text is revealed through feedback, it can be a target for shoulder-surfing attacks. Appropriate feedback needs to be used to improve security without compromising the usability of the gaze-based input using the original feedback. In this paper, we propose a new gaze-based input method, FFI(Fake Flickering Interface), to resist shoulder-surfing attacks. Through experiments and questionnaires, we evaluated the usability and security of the FFI compared to the gaze-based input using the original feedback.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.2
• /
• pp.207-215
• /
• 2011

Due to the increasing availability and popularity of digital television (DTV), the numbers of TV channels and programs that can be selected by consumers are also increasing rapidly. Therefore, searching for interesting channels and program via remote controls or channel guide maps can be frustrating and slow. In this paper, in order to better satisfy consumers, we propose a dynamic channel surfing scheme that reduces the channel seek distance in DTV. The proposed scheme dynamically rearranges the channel sequences according to the channel currently being watched to reduce the channel seek distance. The results of a simulation experiment demonstrate that the proposed dynamic channel surfing scheme reduces the channel seek distance for DTV channel navigation when up-down channel selection interfaces are used.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.3
• /
• pp.93-104
• /
• 2010

The advent of various mobile devices and mobile services has caused diversification of information stored in a mobile device, e.g., SMS, photos, movies, addresses, e-mails, digital certificates, and so on. Because mobile devices are lost or stolen easily, user authentication is critical to protect the information stored in mobile devices. However, the current user authentication methods using Personal Identification Numbers (PINs) and passwords are vulnerable to Shoulder Surfing Attacks (SSAs), which enables an attacker to obtain user's information. Although there are already several SSA-resistant authentication methods in the literature, most of these methods lack of usability. Moreover, they are not suitable for use in mobile devices. In this paper, we propose a user friendly password input method for mobile devices which is secure against SSA. We also perform user tests and compare the security and usability of the proposed method with those of the existing password input methods.

• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.109-114
• /
• 2012

Information society in recent times, lots of important information have been stored in information systems. In this situation, unauthorized person can obtains important information by piggy-backing and shoulder surfing in specific area of organization. Therefore, in this study, we proposed network group access control system by combining RFID and infrared-ray for blocking information leakage due to unauthorized access by internal threats and enhancing personnel security. So it can provides a more secure internal network environment.

• Journal of information and communication convergence engineering
• /
• v.15 no.2
• /
• pp.91-96
• /
• 2017

PIN-entry interfaces have high risks to leak secret values if the malicious attackers perform shoulder-surfing attacks with advanced monitoring and observation devices. To make the PIN-entry secure, many studies have considered invisible radio channels as a secure medium to deliver private information. However, the methods are also vulnerable if the malicious adversaries find a hint of secret values from user's $na{\ddot{i}}ve$ gestures. In this paper, we revisit the state-of-art radio channel based bimodal PIN-entry method and analyze the information leakage from the previous method by exploiting the sight tracking attacks. The proposed sight tracking attack technique significantly reduces the original password complexities by 93.8% after post-processing. To keep the security level strong, we introduce the advanced bimodal PIN-entry technique. The new technique delivers the secret indicator information through a secure radio channel and the smartphone screen only displays the multiple indicator options without corresponding numbers. Afterwards, the users select the target value by following the circular layout. The method completely hides the password and is secure against the advanced shoulder-surfing attacks.

• Journal of Korea Society of Industrial Information Systems
• /
• v.22 no.6
• /
• pp.17-22
• /
• 2017

In this paper, a password recognition system that can overcome a shoulder-surfing attack is developed. During the time period of password insertion, the developed system can prevent the attack and enhance the safety of the password. In order to raise the detection rate of the password image, the mopology technique is utilized. By adapting 4 times of the expansion and dilation, the niose from the binary image of the password is removed. Finally, the mobile phone application is also developed to recognize the one time password and the detection rate is measured. It is shown that the detection rate of 90% is achieved under the dark light condition.