JOURNAL BROWSE
Search
Advanced SearchSearch Tips
Secure Password-based Authentication Method for Mobile Banking Services
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
Secure Password-based Authentication Method for Mobile Banking Services
Choi, Dongmin; Tak, Dongkil; Chung, Ilyong;
  PDF(new window)
 Abstract
Moblie device based financial services are vulnerable to social engineering attacks because of the display screen of mobile devices. In other words, in the case of shoulder surfing, attackers can easily look over a user`s shoulder and expose his/her password. To resolve this problem, a colour-based secure keyboard solution has been proposed. However, it is inconvenient for genuine users to verify their password using this method. Furthermore, password colours can be exposed because of fixed keyboard colours. Therefore, we propose a secure mobile authentication method to provide advanced functionality and strong privacy. Our authentication method is robust to social engineering attacks, especially keylogger and shoulder surfing attacks. According to the evaluation results, our method offers increased security and improved usability compared with existing methods.
 Keywords
Virtual Keyboard;Colour-blind;Shoulder Surfing Attack;User Authentication;Social Engineering Attack;
 Language
English
 Cited by
 References
1.
Mobile and Money, http://www.iab.net/media/file/iab-inmobiviggle%20mobile%20financial%20services-final.pdf (Accessed April, 22, 2013).

2.
Mobile Health Trends for 2012, http://manhattanresearch.com/Images—Files/Data-Snapshots/Mobile-Health-Trends-for-2012.aspx (Accessed April, 22 2013).

3.
A. Bartel, J. Klein, Y. Le Traon, and M. Monperrus, "Automatically Securing Permission-based Software by Reducing the Attack Surface: an Application to Android," Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering, ASE 2012, pp. 274-277, 2012.

4.
E. Chin, A.P. Felt, K. Greenwood, and D. Wagner, "Analyzing Interapplication Communication in Android," Proceedings of the 9th international conference on Mobile systems, applications, and services, pp. 239-252, 2011.

5.
E. Chin, A.P. Felt, V. Sekar, and D. Wagner, "Measuring User Confidence in Smartphone Security and Privacy," Proceedings of the Eighth Symposium on Usable Privacy and Security, Article No. 1, 2012.

6.
W. Enck, P. Gilbert, B.G. Chun, L.P. Cox, J. Jung, P. McDaniel, and A.N. Sheth, "Taint- Droid: An Information-flow Tracking System for Realtime Privacy Monitoring on Smartphones," Proceeding of 9th USENIX Symposium on Operating Systems Design and Implementation, Article No. 1-6, 2012.

7.
A.P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner, "Android Permissions: User Attention, Comprehension, and Behavior," Proceedings of the Eighth Symposium on Usable Privacy and Security Article No. 3 , pp. 3, 2012.

8.
A.P. Felt, H.J. Wang, A. Moshchuk, S. Hanna, and E. Chin, "Permission Re-delegation: Attacks and Defenses," SEC'11 Proceedings of the 20th USENIX conference on Security, pp. 22-22, 2011.

9.
M. Frank, B. Dong, A.P. Felt, and D. Song. "Mining Permission Request Patterns from Android and Facebook Applications," Proceeding of International Conference on Data Mining, pp. 870-875, 2012.

10.
M. Nauman, S. Khan, and X. Zhang, "Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints," Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS '10, pp. 328-332, 2010.

11.
P. Pearce, A.P. Felt, G. Nunez, and D. Wagner, "Addroid: Privilege Separation for Applications and Advertisers in Android," Proceeding of Aisa Conference on Computer and Communications Security, pp. 71-72, 2012.

12.
D. Choi, C. Baek, I. Chung, "Virtual Keyboard against Social Engineering attacks in Smartphones," Journal of Korea Multimedia Society, Vol. 18, No. 3, pp. 368-375, 2015. crossref(new window)

13.
D. Gelormini and B. Bishop, "Optimizing the Android Virtual Keyboard: A Study of User Experience," 2013 IEEE International Conference on Multimedia and Expo Workshops, pp. 1-4, 2013.

14.
CNET-Pop-up Program Reads Keystrokes, Steals Passwords, http://www.cnet.com/news/pop-up-program-reads-keystrokes-stealspasswords(accessed Oct., 10, 2015).

15.
M. Nohlberg, Securing Information Assets : Understanding, Measuring and Protecting Against Social Engineering Attacks, Docter's Thesis of Stockholm University, 2008.

16.
Oxford University Press, Shorter Oxford English Dictionary (6th ed.) , Oxford University Press, New York, 2007.

17.
C.K. Dimitriadis, "Analyzing the Security of Internet Banking Authentication Mechanisms," Information Systems Control Journal , Vol. 3 No. 1 pp. 1-8, 2007.

18.
J.A. Vila, J.S. Olvera, L. Fernandez, M. Medina, and A. Sfakianakis, "A Professional View on Ebanking Authentication: Challenges and Recommendations," Proceeding of 2013 9th International Conference on Information Assurance and Security, pp. 43-48, 2013.

19.
D.H. Nyang, A. Mohaisen, and J. Kang, "Keylogging-resistant Visual Authentication Protocols," IEEE Transactions on Mobile Computting, Vol. 13, No. 11, pp. 2566-2579, 2014. crossref(new window)

20.
Mobile Password Authentication Methods, http://www.passfaces.com/ (accessed July, 22, 2010).

21.
T. Valentine, An Evaluation of the Passface Personal Authentication System, Technical Report, 1998.

22.
T. Valentine, Memory for Passfaces after a Long Delay, Technical Report, 1999.

23.
How to Enable Pattern Lock Security on Android Devices, http://www.groovypost.com/howto/security/how-to-enable-patternlocksecurity-on-android-devices (accessed May, 22, 2011).

24.
Y.S. Ryu, D.H. Koh, B.L. Aday, X.A. Gutierrez, and J.D. Platt, "Usability Evaluation of Randomized Keypad," Journal of Usability Studies, Vol. 5, No. 2, pp. 65-75, 2010.

25.
X. Chen, J. Tian, Q. Su, X. Yang, and F. Wang, "A Secured Mobile Phone based on Embedded Fingerprint Recognition Systems," Proceeding of Springer LNCS 3495, pp. 549-553, 2005.

26.
D. Jeong, H. Park, K. Park, and J. Kim, "Iris Recognition in Mobile Phone based on Adaptive Gabor Filter," Proceeding of Springer LNCS 3832, pp. 457-463, 2006.

27.
K.W. Bowyer, K. Hollingsworth, and P.J. Flynn, "Image Understanding for Iris Biometrics: a Survey," Comput Vision Image Understanding, Vol. 110, No. 2, pp. 281-307, 2008. crossref(new window)

28.
M. Stamp, Information Security: Principles and Practice, Willey InterScience 1st edition, John Wiley & Sons, Inc., Hoboken, New Jersey, 2006.

29.
S.M. Lim, H.J. Kim, and S.K. Kim, "Designing Password Input System Resistant on Shoulder Surfing Attack with Statiscal Analysis," Journal of the Institute of Electronics Engineers of Korea, Vol. 49, No. 9, pp. 215-224, 2013.

30.
I.S. MacKenzie and J.C. Read, "Using Paper Mockups for Evaluating Soft Keyboard Layouts," Proceeding of 2007 Conference of the Center for Advanced Studies on Collaborative Research, pp. 98-108, 2007.

31.
A. Sears and Y. Zha, “Data Entry for Mobile Devices Using Soft Keyboards: Understanding the Effects of Keyboard Size and User Tasks,” International Journal of Human Computer Interaction, Vol. 16, No. 2, pp. 163-184, 2003. crossref(new window)

32.
K.B. Perry and J.P. Hourcade, "Evaluating One Handed Thumb Tapping on Mobile Touchscreen Devices," Proceeding of Graphics Interface 2008, pp. 57-64, 2008.

33.
Y.S. Park and S.H. Han, “Touch Key Design for One-handed Thumb Interaction with a Mobile Phone: Effects of Touch Key Size and Touch Key Location,” International Journal of Industrial Ergonomics, Vol. 40, No. 1, pp. 68-76, 2010. crossref(new window)

34.
Donald Mclntyre, Colour Blindness: Causes and Effects, Dalton Publishing, 33, Eaton Road, Chester CH4 7EW, UK, 2002.

35.
League of Legends, http://forums.na.leagueoflegends.com/board/showthread.php?p=33632375 (accessed Dec., 23, 2014).

36.
World of Tanks, http://forum.worldoftanks.com/index.php?/tags/forums/Colorblind/ (accessed Dec., 23, 2014).

37.
World of Warcraft, https://us.battle.net/support/en/article/color-blind-mode (accessed Dec., 23, 2014).