Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

User Authentication Mechanism using Smartphone

스마트폰을 이용한 사용자 인증 메커니즘

  • Received : 2016.11.10
  • Accepted : 2016.12.25
  • Published : 2017.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

With the popularization of smart phones and the development of the Internet, many people use smart phones to conduct identity verification procedures. smart phones are easier and faster to authenticate than personal desktop computers. However, as Internet hacking technology and malicious code distribution technology rapidly evolve and attack types become more diverse, authentication methods suitable for mobile environment are required. As authentication methods, there are methods such as possessive-based authentication, knowledge-based authentication, biometric-based authentication, pattern-based authentication, and multi-element authentication. In this paper, we propose a user authentication mechanism that uses collected information as authentication factor using smart phone. Using the proposed authentication mechanism, it is possible to use the smart phone information and environment information of the user as a hidden authentication factor, so that the authentication process can be performed without being exposed to others. We implemented the user authentication system using the proposed authentication mechanism and evaluated the effectiveness based on applicability, convenience, and security.

스마트폰의 대중화와 인터넷의 발전으로 많은 사람들이 스마트폰을 이용하여 본인확인 인증절차를 진행한다. 스마트폰을 이용하면 개인용 데스크탑 컴퓨터를 이용하는 상황보다 쉽고 빠르게 인증이 가능하기 때문이다. 하지만 인터넷 해킹 기술과 악성코드 배포 기술이 빠르게 진화하고 공격형태도 더 다양해짐에 따라서 모바일 환경에 적합한 인증방법이 요구되고 있다. 인증방법으로는 소지기반 인증, 지식기반 인증, 생체기반 인증, 패턴기반 인증, 다중요소 인증 등의 방법이 있다. 본 논문에서는 스마트폰을 이용하여 수집 가능한 정보를 인증요소로 활용하는 사용자 인증 메커니즘을 제안한다. 제안 인증 메커니즘을 사용하면 본인의 스마트폰 정보 및 환경정보를 숨김 인증요소로 활용하여 타인에게 노출이 안된 상태에서 인증과정을 진행할 수 있는 장점이 있다. 제안 인증 메커니즘을 이용한 사용자 인증 시스템을 구현하여 적용성, 편의성, 보안성을 기준으로 효용성을 평가하였다.

Keywords

References

  1. K. Y. Jin, S. H. Choi, J. W. Seo, and Y. G. Kim, "An Approach to Systems with Multi-Factor Method," Journal of the Korea Academia-Industrial cooperation Society, vol. 13, no. 2, pp. 842-848, Feb. 2012. https://doi.org/10.5762/KAIS.2012.13.2.842
  2. J. Y. Lee, H. S. Shim, K. S. Han, Y. L. Choi, and J. B. Kim, "A Study on the Models of Internal system users Authentication considering Multi Factors," Journal of the Korea Institute of Information and Communication Engineering, vol. 19, no. 9, pp. 2044-2055, Sept. 2015. https://doi.org/10.6109/jkiice.2015.19.9.2044
  3. C. S. Kim, S. B. Youn, and M. K. Lee, "Shoulder-Surfing Resistant Password Input Method for Mobile Environment," Journal of the Korea Institute of Information Security and Cryptology, vol. 20, no. 3, pp. 93-104, June 2010.
  4. S. S. Ji, "The Improved-Scheme of Two Factor Authentication using SMS," Journal of the Korea Industrial Information Systems Research, vol. 17, no. 6, pp. 25-30, Dec. 2012. https://doi.org/10.9723/jksiis.2012.17.6.025
  5. M. K. Choi, T. C. Kwan, and D. H. Lee, "Analysis of Security Vulnerability in Home Trading System, and its Countermeasure using Cell phone," Journal of The Korea Institute of Information Security and Cryptology, vol. 23, no. 1, pp. 19-32, Feb. 2013. https://doi.org/10.13089/JKIISC.2013.23.1.019
  6. "Standardization trend of non-face authentication technology based on telebio recognition," Journal of The Korea Institute of Information Security and Cryptology, vol. 25, no. 4, pp. 43-50, Oct. 2015.
  7. MAS, Internet banking and technology risk management guidelines, Version 3.0, Monetary Authority of Singapore, June 2008.
  8. J. S. Seo, and J. S. Moon, "A Study on User Authentication with Smartphone Accelerometer Sensor," Journal of The Korea Institute of Information Security and Cryptology, vol. 25, no. 6, pp. 1477-1484, Dec. 2015. https://doi.org/10.13089/JKIISC.2015.25.6.1477
  9. H. Ketabdar, K. A. Yuksel, A. Jahnbekarn, M. Roshandel, and D. Skirop, "MagiSign: User Identifaction /Authetication Based on 3D Around Device Magnetic Signatures," The Fourth International Conference on Mobile Ubiqutous Computing, Systms, Services and Technologies, pp. 31-34, 2010.
  10. A. Bianchi, I. Oakley, V. Kostakos, and D. S. Kwon, "The Phone Lock: Audio and Haptic Shoulder-Surfing Resistant PIN Entry Methods for Mobile Devices," TEI'11 Proceedings of the fifth international conference on Tangible, embedded, and embodied interaction, pp. 197- 200, Jan. 2011.

Cited by

  1. 주민등록번호 기반의 온라인 본인확인서비스 기관 지정기준 개선방안 연구 vol.16, pp.3, 2017, https://doi.org/10.17662/ksdim.2020.16.3.013