DOI QR코드

DOI QR Code

Hangul Password System for Preventing Shoulder-Surfing

훔쳐보기 방지를 위한 한글 패스워드 시스템

  • Received : 2010.11.09
  • Accepted : 2011.01.19
  • Published : 2011.04.28

Abstract

Although conventional text-based passwords are used as the most common authentication method, they have significant drawbacks such as guess attacks, dictionary attacks, key loggers, and shoulder-surfing. To address the vulnerabilities of traditional text-based passwords, graphical password schemes have been developed as possible alternative solutions, but they have a potential drawback that they are more vulnerable to shoulder-surfing than conventional text-based passwords. In this paper, we present a new Hangul password input method to prevent shoulder-surfing attacks. Our approach uses Hangul as a password, and it requires the users to locate their password in the given wheeling password grid instead of entering the password. Our approach makes it difficult for attackers to observe a user's password since the system shows the users' passwords with decoy characters as the noise on the screen. Also, we provide security analysis for random attacks, dictionary attacks, and shoulder-surfing attacks, and it shows that our password system is robust against these attacks.

Keywords

Authentication;Password;Shoulder-surfing;Grid-based Password;Hangul

References

  1. A. H. Lashkari, O. B. Zakaria, S. Farmand, and R. Saleh, "Shoulder surfing attack in graphical password authentication," International Journal of Computer Science and Information Security, Vol.6, No.2, pp.145-154, 2009.
  2. I. Jermyn, A. Mayer, F. Monrose, M. Reiter, and A. Rubin, "The design and analysis of graphical passwords," Proc. of the 8th USENIX Security Symposium, 1999.
  3. http://www.gridsure.com/
  4. http://www.passfaces.com/
  5. X. Suo, Y. Zhu, and G. S, Owen, "Graphical passwords: A survey," Proc. of the 21st Annual Computer Security Applications Conference, pp.463-472, 2005.
  6. S. Chiasson, P. C. van Oorschot, and R. Biddle, "Graphical password authentication using cued click points," Proc. of ESORICS 2007, pp.359-374, 2007.
  7. H. Tao and C. Adams, "Pass-go: A proposal to improve the usability of graphical passwords," International Journal of Network Security, Vol.7, No.2, pp.273-292, 2008.
  8. D. Weinshall, "Cognitive authentication schemes safe against spyware," Proc. of IEEE Symposium on Security and Privacy, pp.295-300, 2006. https://doi.org/10.1109/SP.2006.10
  9. Y. Berger, A. Wool, and A. Yeredor, "Dictionary attacks using keyboard acoustic emanations," Proc. of the 13th ACM Conf. on Computer and Communications Security, pp.245-254, 2006.
  10. M. G. Kuhn, "Electromagnetic evaesdropping risks of flat-panel displays," Proc. of the 4th Workshop on Privacy Enhancing Technologies, pp.23-25, 2004.
  11. B. Hoanca and K. Mock, "Screen oriented technique for reducing the incidence of shoulder surfing," Proc. of the Int. Conf. on Security and Management 2005, pp.334-340, 2005.
  12. S. Wiedenbeck, J. Waters, L. Sobrado, and J.-C. Birget, "Design and evaluation of a shoulder-surfing resistant graphical password scheme," Proc. of AVI 2006, pp.177-184, 2006.
  13. M. Kumar, T. Garfinkel, D. Boneh, and T. Winograd, "Reducing shoulder-surfing by using gaze-based password entry," Proc. of the Symposium On Usable Privacy and Security, pp.13-19, 2007.
  14. D. S. Tan, P. Keyani, and M. Czerwinski, "Spy-resistant keyboard: More secure password entry on public touch screen displays," Proc. of 17th Australia Conf. on Computer-Human Interaction, pp.1-10, 2005.

Acknowledgement

Supported by : 부산대학교