The Journal of the Korea institute of electronic communication sciences (한국전자통신학회논문지)

Korea Institute of Electronic Communication Science (한국전자통신학회)
권호 표지
DOI QR코드

DOI QR Code

D-PASS: A Study on User Authentication Method for Smart Devices

D-PASS: 스마트 기기 사용자 인증 기법 연구

  • Received : 2017.09.30
  • Accepted : 2017.10.18
  • Published : 2017.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

The rapid increase in users of mobile smart devices has greatly expanded their range of activities. Compare to conventional mobile devices, smart devices have higher security requirements because they manage and use various kind of confidential information of the owners. However, the cation schemes provided by conventional smart devices are vulnerable to recent attacks such as shoulder surfing, recording, and smudge attacks, which are the social engineering attacks among the types of security attacks targeting the smart devices. In this paper, we propose a novel authentication method that is robust against social engineering attacks but sufficiently considering user's convenience. The proposed method is robust by using combination of a graphical authentication method and a text-based authentication method. Furthermore, our method is easier to memorize the password compare to the conventional graphical authentication methods.

모바일 스마트 기기 이용자의 급격한 증가는 스마트 기기의 활동 범위를 크게 확장하는 계기가 되었다. 이러한 스마트 기기는 기존의 모바일 기기와 달리 기기 사용자의 다양한 비밀 정보를 관리 사용하고 있어 높은 보안요구사항을 갖는다. 그러나 현재 스마트 기기에서 제공하는 인증 기법들은 최근의 스마트 기기를 대상으로 하는 보안 공격 유형들 중 사회 공학 공격에 해당하는 엿보기, 레코딩, 스머지와 같은 공격에 취약하다. 이에 본 연구에서 우리는 사회공학 공격에 강인하면서도 충분히 사용자 편의성을 고려한 새로운 방식의 인증 기법을 제안한다. 제안하는 기법은 그래픽 기반 인증 기법과 텍스트 기반 인증 기법을 혼합 적용하여 보안 안전성이 높으며 여타 그래픽 기반 기법과 달리 암호의 기억이 용이하다.

Keywords

References

  1. K. Kim, D. Wang, and S. Han, "Home Security System Based on IoT," J. of Korea Institute Electronic Communication Science, vol. 12, no. 1, 2017, pp. 147-154. https://doi.org/10.13067/JKIECS.2017.12.1.147
  2. S. Agrawal, A. Z. Ansari, and M. S. Umar, "Multimedia Graphical Grid based Text Password Authentication: For Advanced Users," 2016 Thirteenth Int. Conf. on Wireless and Optical Communications Networks (WOCN), Hyderabad, India, Jul. 2016, pp. 1-5.
  3. D. Tak and D. Choi, "Layered Pattern Authentication Scheme on Smartphone Resistant to Social Engineering Attacks," J. of Korea Multimedia Society, vol. 19, no. 2, 2016, pp. 280-290. https://doi.org/10.9717/kmms.2016.19.2.280
  4. A. V. D. M. Kayem, "Graphical Passwords - A Discussio," 2016 30th Int. Conf. on Advanced Information Networking and Applications Workshops (WAINA), Crans-Montana, Switzerland, Mar. 2016, pp. 596-600.
  5. G. Lee, B. Kim, and J. Lee, "Distributed Hardware Security System with Secure Key Update," J. of Korea Institute Electronic Communication Science, vol. 12, no. 4, 2017, pp. 671-678. https://doi.org/10.13067/JKIECS.2017.12.4.671
  6. J. Saidov, B. Kim, J. Lee and G. Lee, "Hardware Interlocking Security System with Secure Key Update Mechanisms In IoT Environments," J. of the Korea Institute of Electronic Communication Sciences, vol. 12, no. 4, 2017, pp. 671-678 https://doi.org/10.13067/JKIECS.2017.12.4.671
  7. S. Lee and W. Jeong, "A Study on Authentication Algorithm for NFC Security Channel", J. of the Korea Institute of Electronic Communication Sciences, vol. 7, no. 4, 2012, pp. 805-810 https://doi.org/10.13067/JKIECS.2012.7.4.805
  8. M. Shahzad, A. X. Liu, and A. Samuel, "Secure unlocking of mobile touch screen devices by simple gestures: You can see it but you can not do it," Proc. of the 19th Annual Int. Conf. on Mobile Computing & Networking, MobiCom '13, Miami, USA, Sept. 2013, pp. 39-50.
  9. H. Sun, S. Chen, J. Yeh, and C. Cheng, "A Shoulder Surfing Resistant Graphical Authentication System," IEEE Trans. Dependable and Secure Computing, vol. pp, issue 99, 2016, pp.11-16.
  10. T. Takada, "FakePointer: An Authentication Scheme for Improving Security against Peeping Attacks using Video Cameras," Proc. of Int. Conf. on Mobile Ubiquitous Computing, Systems, Services and Technologies, Valencia, Spain, Sept. 2008, pp. 395-400.
  11. H. Kim, H. Seo, Y. Lee, T. Park, and H. Kim, "Implementation of Secure Virtual Financial Keypad for Shoulder Surfing Attack," Review of Korea Institute of Information Security and Cryptograph (KIISC), vol. 23, no. 6, 2013, pp. 21-29.
  12. L. Cai and H. Chen, "TouchLogger: Inferring Keystrokes on Touch Screen from Smart-phone Motion," Proc. of the 6th USENIX Conf. on Hot Topics in Security, San Francisco, USA, Aug. 2011, pp.9.
  13. E. Miluzzo, A. Varshavsky, S. Balakrishnan, and R.R. Choudhury, "TapPrints: Your Finger Taps Have Fingerprints," Proc. of the 10th Int. Conf. on Mobile Systems, Applications, and Services, Lake District, UK, Jun. 2012, pp. 323-336.
  14. Y. Lee, "An Analysis on The Vulnerability of Secure Keypads for Mobile Devices," J. of Korean Society for Internet Information, vol. 14, no. 3, 2013, pp. 15-21.
  15. D. Lee, D. Bae, S. You, J. Chae, Y. Lee, and H. Yang, "An Analysis on the Security of Secure Keypads for Smartphone," Review of Korea Institute of Information Security and Cryptograph (KIISC), vol. 21, no. 7, 2011, pp. 30-37.
  16. S. Schneegass, F. Steimle, A. Bulling, F. Alt, and A. Schmidt, "SmudgeSafe : Geometric Image Transformations for Smudge-resistant User Authentication," 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing, SEATTLE, USA, Sept. 2014, pp. 775-786.