- Volume 11 Issue 4
DOI QR Code
Hangul Password System for Preventing Shoulder-Surfing
훔쳐보기 방지를 위한 한글 패스워드 시스템
- Received : 2010.11.09
- Accepted : 2011.01.19
- Published : 2011.04.28
Although conventional text-based passwords are used as the most common authentication method, they have significant drawbacks such as guess attacks, dictionary attacks, key loggers, and shoulder-surfing. To address the vulnerabilities of traditional text-based passwords, graphical password schemes have been developed as possible alternative solutions, but they have a potential drawback that they are more vulnerable to shoulder-surfing than conventional text-based passwords. In this paper, we present a new Hangul password input method to prevent shoulder-surfing attacks. Our approach uses Hangul as a password, and it requires the users to locate their password in the given wheeling password grid instead of entering the password. Our approach makes it difficult for attackers to observe a user's password since the system shows the users' passwords with decoy characters as the noise on the screen. Also, we provide security analysis for random attacks, dictionary attacks, and shoulder-surfing attacks, and it shows that our password system is robust against these attacks.
- A. H. Lashkari, O. B. Zakaria, S. Farmand, and R. Saleh, "Shoulder surfing attack in graphical password authentication," International Journal of Computer Science and Information Security, Vol.6, No.2, pp.145-154, 2009.
- I. Jermyn, A. Mayer, F. Monrose, M. Reiter, and A. Rubin, "The design and analysis of graphical passwords," Proc. of the 8th USENIX Security Symposium, 1999.
- X. Suo, Y. Zhu, and G. S, Owen, "Graphical passwords: A survey," Proc. of the 21st Annual Computer Security Applications Conference, pp.463-472, 2005.
- S. Chiasson, P. C. van Oorschot, and R. Biddle, "Graphical password authentication using cued click points," Proc. of ESORICS 2007, pp.359-374, 2007.
- H. Tao and C. Adams, "Pass-go: A proposal to improve the usability of graphical passwords," International Journal of Network Security, Vol.7, No.2, pp.273-292, 2008.
- D. Weinshall, "Cognitive authentication schemes safe against spyware," Proc. of IEEE Symposium on Security and Privacy, pp.295-300, 2006. https://doi.org/10.1109/SP.2006.10
- Y. Berger, A. Wool, and A. Yeredor, "Dictionary attacks using keyboard acoustic emanations," Proc. of the 13th ACM Conf. on Computer and Communications Security, pp.245-254, 2006.
- M. G. Kuhn, "Electromagnetic evaesdropping risks of flat-panel displays," Proc. of the 4th Workshop on Privacy Enhancing Technologies, pp.23-25, 2004.
- B. Hoanca and K. Mock, "Screen oriented technique for reducing the incidence of shoulder surfing," Proc. of the Int. Conf. on Security and Management 2005, pp.334-340, 2005.
- S. Wiedenbeck, J. Waters, L. Sobrado, and J.-C. Birget, "Design and evaluation of a shoulder-surfing resistant graphical password scheme," Proc. of AVI 2006, pp.177-184, 2006.
- M. Kumar, T. Garfinkel, D. Boneh, and T. Winograd, "Reducing shoulder-surfing by using gaze-based password entry," Proc. of the Symposium On Usable Privacy and Security, pp.13-19, 2007.
- D. S. Tan, P. Keyani, and M. Czerwinski, "Spy-resistant keyboard: More secure password entry on public touch screen displays," Proc. of 17th Australia Conf. on Computer-Human Interaction, pp.1-10, 2005.
Supported by : 부산대학교