• Journal of the Korea Convergence Society
• /
• v.8 no.6
• /
• pp.37-44
• /
• 2017

Mobile devices provide various services through payment and authentication by inputting important information such as passwords on the screen with the virtual keypads. In order to infer the password inputted by the user, the attacker captures the user's touch location information. The attacker is able to infer the password by using the location information or to obtain password information by peeping with Google Glass or Shoulder Surfing Attack. As existing secure keypads place the same letters in a set order except for few keys, considering handy input, they are vulnerable to attacks from Google Glass and Shoulder Surfing Attack. Secure keypads are able to improve security by rearranging various shapes and locations. In this paper, we propose secure keypads that generates 13 different shapes and sizes of Tetris and arranges keypads to be attached one another. Since the keypad arranges different shapes and sizes like the game, Tetris, for the virtual keypad to be different, it is difficult to infer the inputted password because of changes in size even though the attacker knows the touch location information.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.5
• /
• pp.613-621
• /
• 2019

In the case of door locks most widely used in the market, the most used area as a one-dimensional problem is worn out, and a worn area which does not use a special attack method enables password guessing. To solve this problem, various methods such as a keypad for randomly displaying numbers are introduced, but this is also not completely safe. The common feature of all the solutions so far is that the keypad area is fixed. In this paper, we consider that point in reverse and create a new area smaller than the entire area in the entire area of the keypad, making the keypad of the new area move randomly, thereby preventing the password from being deduced. When using this technique, a new type of keypad is proposed for the first time because of the impossibility of a shoulder surfing attack even though the number of keypad is left as it is.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.4
• /
• pp.470-476
• /
• 2019

The pattern locking technique applied to smart phones is a locking technique that many people use conveniently. However, the safety of pattern locking techniques is very low compared with other techniques. The pattern locking technique is vulnerable to a shoulder surfing attack, which is based on the user's input and can be interpreted by looking at the movement of the shoulder, and the smudge attack is also vulnerable due to fingerprint drag marks remaining on the mobile phone pad. Therefore, in this paper, we want to add a new security method to check the pressed time by using a thread in the pattern locking scheme to secure the vulnerability. It is divided into short, middle, and long click according to the pressing time at each point. When dragging using the technique, security performance enhances $3^n$ tiems. Therefore, even if dragging in the same 'ㄱ' manner, it becomes a completely different pattern depending on the pressing time at each point.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1243-1252
• /
• 2012

Due to the widespread use of smart devices, threats of direct observation attacks such as shoulder surfing and recording attacks, by which user secrets can be stolen at user interfaces, are increasing greatly. Although formal security models are necessary to evaluate the possibility of and security against those attacks, such a model does not exist. In this paper, based on the previous work in which a HCI cognitive model was firstly utilized for analyzing security, we propose STM-GOMS model as an improvement of GOMS-based model with regard to memory limitations. We then apply STM-GOMS model for analyzing usability and security of a password entry scheme commonly used in smart devices and show the scheme is vulnerable to the shoulder-surfing attack. We finally conduct user experiments to show the results that support the validity of STM-GOMS modeling and analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.189-200
• /
• 2012

With increasing the number of smart device such as Tablet PC, smart phone and netbook, information security which based on smart device in mobile environment have become the issue. It is important to enter a password safety. In various types of mobile devices, because of hardware limitation of device, it is difficult that to equip secondary input device such as keyboard and mouse. Also, a loss of accuracy becomes a problem because input information was entered by touch screen. Because of problem mentioned above it can be predicted to change password scheme text based password scheme to graphical password scheme, graphical password scheme is easy to use and is resistant to shoulder surfing attack. So this paper proposes new graphical password scheme based 5 strokes which are made by decomposed the Korean to defend against shoulder surfing attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.77-84
• /
• 2011

While The passwords that combined with characters and numbers are easy to memorize and use, they have low complexity. Therefore they can easily be revealed by the shoulder-surfing attack when they are inputted through the input devices such like keyboard. To overcome these problems, many new authentication schemes, which change the user secret different form or let users input their secrets through the more complex manners, have been suggested, but it is still hard to find the balanced point between usability and security. S3PAS is one of well-known schemes which had both usability and security against shoulder-surfing attack. However, this scheme was not considered about intersection attack that the attacker tried to pass the authentication system after observing several authentication sessions. In this paper, we consider the security problem of S3PAS; what the attacker can do when he can observe the authentication sessions in several times. We confirm it through user study and experiments. And also we consider the alternative that overcomes the problem.

• Proceedings of the Korea Inteligent Information System Society Conference
• /
• 2000.04a
• /
• pp.187-196
• /
• 2000

A lot of Internet shopping malls strive for obtaining a competitive advantage over others in an increasingly tighter electronic marketplace. To this end, understanding customer preference toward products (or services) and administering appropriate marketing strategy is essential for their continuous survival. However, only a few marketing researchers and practicioners focused on this issue, compared with academic and industry efforts devoted to traditional market segmentation. In this paper, we suggest a methodology of conjoint segmentation for electronic shopping malls. Traditional market segmentation methodologies based on customer's profile sometimes fail to utilize abundant information given while navigating around cyber shopping malls. In this methodology, we do not impose information overload to the customer for preference elicitation, but this methodology, we do not impose information overload to the customer for preference elicitation, but capture automatically generated surfing or buying data and analyze them to get useful market segmentation information. The methodology consists of 4-stages: 1) analyzing legacy homepages, 2) data preparation, 3) estimating and interpreting the result, and 4) developing marketing mix. Our methodology was to give useful guidelines for market segmentation to companies working in the electronic marketplace.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.12
• /
• pp.525-532
• /
• 2013

Recently smartphones, tablet, etc. Various types of smart terminal is due to the increased security in mobile devices are becoming an issue. How to enter the password in this environment is a very important issue. Difficult to have a secure password input device on various types of mobile devices. In addition you enter on the touch screen the password of character, uncomfortable and it is vulnerable to SSA attack. Therefore, in this paper provide for defense the SSA(Shoulder Surfing Attacks) and useful password input mechanism is proposed with Smartphone GPS uses a value generated via a graphical password techniques.

• Korean Journal of Artificial Intelligence
• /
• v.11 no.1
• /
• pp.9-15
• /
• 2023

As mobile devices such as smartphones, tablets, and kiosks become increasingly prevalent, there is growing interest in developing alternative input systems in addition to traditional tools such as keyboards and mouses. Many people use their own bodies as a pointer to enter simple information on a mobile device. However, methods using the body have limitations due to psychological factors that make the contact method unstable, especially during a pandemic, and the risk of shoulder surfing attacks. To overcome these limitations, we propose a simple information input system that utilizes gaze-tracking technology to input passwords and control web surfing using only non-contact gaze. Our proposed system is designed to recognize information input when the user stares at a specific location on the screen in real-time, using intelligent gaze-tracking technology. We present an analysis of the relationship between the gaze input box, gaze time, and average input time, and report experimental results on the effects of varying the size of the gaze input box and gaze time required to achieve 100% accuracy in inputting information. Through this paper, we demonstrate the effectiveness of our system in mitigating the challenges of contact-based input methods, and providing a non-contact alternative that is both secure and convenient.

• The KIPS Transactions:PartB
• /
• v.9B no.4
• /
• pp.399-406
• /
• 2002

The goal of this research has been to develop an adaptive user agent for web surfing. To achieve this goal, the research has concentrated on three issues: collection of user data, construction and improvement of user profile, and adaptation by applying the user profile. The main outcome from the research is a prototype system that provides the functional definition and componential design scheme for an adaptive user agent for the web environment. Internally, the system achieves its operational goal from the cooperation of two independent agents. They are IIA (Interactive Interface Agent) and UPA (User Profiling Agent). As a tool for providing a user-friendly interface environment, the IIA employs the Keyword Index, which is a list of index terms of a webpage as well as a keyword menu for subsequent queries, and the Suggest Link, which is a hierarchical list of URLs showing the past browsing procedure of the user. The UPA reflects in the User Profile, both the static and the dynamic information obtained from the user's browsing behavior. In particular, a user's interests are represented in the form of Interest Vectors which, based on the similarity of the vectors, is subject to update and creation, thus dynamically profiling the user's ever-shifting interests.