Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

Proposal of Safe PIN Input Method on VR

VR 상에서의 안전한 PIN 입력 방법 제안

  • Received : 2019.03.07
  • Accepted : 2019.04.02
  • Published : 2019.05.31
Download PDF
⟨ Previous Next ⟩

Abstract

VR(Virtual Reality), which provides realistic services in virtual reality, provides a similar experience using a Head Mounted Display(HMD) device. When the HMD device is worn, it can not recognize the surrounding environment and it is easy to analyze the input pattern of the user with the Shoulder Surfing Attack(SSA) when entering the Personal Identification Number(PIN). In this paper, we propose a method to safeguard the user's password even if the hacker analyzes the input pattern while maintaining the user's convenience. For the first time, we implemented a new type of virtual keypad that deviates from the existing rectangle shape according to the VR characteristics and implemented the lock object for intuitive interaction with the user. In addition, a smart glove using the same sensor as the existing input devices of the VR and a PIN input method suitable for the rotary type are implemented and the safety of the SSA is verified through experiments.

가상현실 속에서 실제와 같은 서비스를 제공하는 기술 VR(Virtual Reality)은 Head Mounted Display(HMD) 기기를 이용하여 실제와 유사한 체험을 제공한다. 최근 VR의 시장은 커졌으나 가상현실에서의 보안에 대한 연구는 다른 분야에 비해 미흡하다. 현재 VR을 활용한 많은 개인화된 서비스들이 진행되고 있는 만큼 안전한 사용자 인증이 중요하다. VR의 HMD 기기를 착용을 하면 주변 환경을 인식하지 못하기에 Personal Identification Number(PIN)입력 시에 Shoulder Surfing Attack (SSA)으로 사용자의 입력 패턴을 분석이 용이하다. 본 논문에서는 사용자의 편의성은 그대로 유지하면서 해커가 입력 패턴을 분석하더라도 사용자의 비밀 번호를 안전하게 보호할 수 있는 방법에 대해 제안한다. VR 특성에 맞게 기존 직사각형 모양에서 벗어난 새로운 형태의 가상 키패드와 사용자와 직관적인 상호작용을 위해 자물쇠 오브젝트를 최초로 구현 하였다. 또한 VR의 기존 입력 장치들과 동일한 센서를 사용하는 스마트 글러브와 이에 적합한 회전방식의 PIN입력 방식을 구현하였다. 따라서 총 세 가지의 VR 상에서의 안전한 PIN 입력 방법에 대하여 제안하며 실험을 통해 SSA에 대한 안전성을 검증하였다.

Keywords

HOJBC0_2019_v23n5_622_f0001.png 이미지

Fig. 1 Hacker doing shoulder surfing attack

HOJBC0_2019_v23n5_622_f0002.png 이미지

Fig. 2 Left) Traditional keypad Right) keypad to suggest

HOJBC0_2019_v23n5_622_f0003.png 이미지

Fig. 3 The location of the keypad and the locations of the numbers are switched when keypad input occurs

HOJBC0_2019_v23n5_622_f0004.png 이미지

Fig. 4 Left) When a password set by the user is entered, the phrase OK is displayed Right) If the password entered is incorrect, the phrase Wrong password is displayed

HOJBC0_2019_v23n5_622_f0005.png 이미지

Fig. 5 Implementation of lock object

HOJBC0_2019_v23n5_622_f0006.png 이미지

Fig. 6 If the password set by the user is correct, the lock will open

HOJBC0_2019_v23n5_622_f0007.png 이미지

Fig. 7 Smart gloves implemented using multiple sensors

HOJBC0_2019_v23n5_622_f0008.png 이미지

Fig. 8 Left) Initial Run Screen Right) When user authentication is completed

Table. 1 Smart gloves implemented using multiple sensors

HOJBC0_2019_v23n5_622_t0001.png 이미지

Table. 2 Result of shoulder surfing attack on existing virtual keypads

HOJBC0_2019_v23n5_622_t0002.png 이미지

Table. 3 Result of shoulder surfing attack on proposal virtual keypads

HOJBC0_2019_v23n5_622_t0003.png 이미지

Table. 4 Average input time per keypad

HOJBC0_2019_v23n5_622_t0004.png 이미지

Table. 5 Results of security survey of proposed methods

HOJBC0_2019_v23n5_622_t0005.png 이미지

Table. 6 Results of convenience survey of proposed methods

HOJBC0_2019_v23n5_622_t0006.png 이미지

References

  1. E. J. Song, "A Study on Training System for Fire Prevention based on Virtual Reality," Digital Contents Society, vol. 17, no. 3, pp. 189-195, Jun. 2016. https://doi.org/10.9728/dcs.2016.17.3.189
  2. Y. K. Chung, "Development of VR Fire-extinguishing Experience Education Contents Using UX Design Methodology," The Korea contents society, vol. 17, no. 3, pp. 222-230, Mar. 2017. https://doi.org/10.5392/JKCA.2017.17.01.222
  3. K. J. Seo, J. H. Yun, K. S. Nam, and S. G. Kim, "Development of the Educational V-Factory system combining Virtual Reality," The Korea Academia-Industrial cooperation Society, vol. 19, no. 4, pp. 617-622, Apr. 2018.
  4. Y. M. Lee, J. A. Park, S. H. Lee, S. J. Kim, and J. K. Lee, "Development of Anxiety Measuring App and VR System for Panic Disorder Exposure Training," KIISE Transactions on Computing Practices, vol. 24, no. 5, pp. 227-233, May. 2018. https://doi.org/10.5626/KTCP.2018.24.5.227
  5. N. Y. Yang, H. S. Park, T. H. Yoon, and J. H. Moon, "Effectiveness of Motion-Based Virtual Reality Training (Joystim) on Cognitive Function and Activities of Daily Living in Patients with Stroke," Rehabilitation Engineering And Assistive Technology Society of Korea, vol. 12, no. 1, pp. 10-19, Feb. 2018.
  6. T. U. Kang, and H. K. Kim, "VR Threat Analysis for Information Assurance of VR Device and Game System," Korea Institute of Information Security & Cryptology, vol. 28, no. 2, pp. 437-447, Apr. 2018.
  7. Y. H. Kong, and W. C. Lee, "Motion Control System for a Robotic Manipulator Using Leap Motion," Korean Institute of Information Technology, vol. 14, no. 12, pp. 1-6, Dec. 2016.
  8. B. H. Kang, J. S. Kim, and H. W. Kim, "Study for Operation Teaching Machine Using 3D Virtual Reality System," Digital Contents Society, vol. 17, no. 4, pp. 287-293, Aug. 2016. https://doi.org/10.9728/dcs.2016.17.4.287
  9. M. J. Kim, J. M. Heo, J. H. Kim, S. Y. Park, and J. H. Chang, "Development and Evaluation of Leapmotion-based Game interface considering Intuitive Hand Gestures," The Korean Society for Computer Game, vol. 27, no. 4, pp.69-75, Dec. 2014.
  10. S. H. Kim, M. S. Park, and S. J. Kim, "Shoulder Surfing Attack Modeling and Security Analysis on Commercial Keypad Schemes," The Korea Institute of Information Security & Cryptology, vol. 24, no. 6, pp. 1159-1174, Dec. 2014. https://doi.org/10.13089/JKIISC.2014.24.6.1159
  11. H. J. Seo, and H. W. Kim, "Design of Security Keypad Against Key Stroke Inference Attack," The Korean Institute of Information Security & Cryptology, vol. 26, no. 1, pp. 41-47, Feb. 2016. https://doi.org/10.13089/JKIISC.2016.26.1.41