Review of KIISC (정보보호학회지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지

모바일 환경의 사용자 인증 기법에 대한 usable security 연구 동향

  • 김승연 (연세대학교 정보대학원 정보보호연구실) ;
  • 권태경 (연세대학교 정보대학원 정보보호연구실)
  • Published : 2018.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

패스워드, PIN, 패턴 락, 지문 인증 등은 현재 가장 널리 사용되고 있는 모바일 장치의 사용자 인증 수단이다. 그러나 사용자가 기억의 편의성을 위해 쉬운 패스워드를 반복 사용한다는 것은 널리 알려진 사실이며 이를 보완하기 위해 개발된 그래픽 패스워드, 또는 지문 등 생체 인증은 사용성 개선을 이루어냈으나 여전히 사용성, 안전성에서 많은 취약점이 보고되고 있다. 본 논문에서는 모바일 장치에서의 인증 기법에 관한 연구동향을 살펴보고 분석한다.

Keywords

References

  1. Y. Abdelrahman, M. Khamis, S. Schneegass and F. Alt, "Stay cool! understanding thermal attacks on mobile-based user authentication," In Proc. of CHI 2017.
  2. P. Andriotis, T. Tryfonas, G. Oikonomou and C. Yildiz, "A pilot study on the security of pattern screen-lock methods and soft side channel attacks," In Proc. of Wisec 2016.
  3. A.J. Aviv, K.L Gibson, E. Mossop, M. Blaze, and J.M. Smith, "Smudge Attacks on Smartphone Touch Screen," In Proc. of WOOT 2010.
  4. R. Biddle, S. Chiasson, and P.C. Van Oorschot, "Graphical passwords: Learning from the first twelve years," In ACM Computing Surveys, Aug., 2012.
  5. H. Crawford and E. Ahmadzadeh, "Authentication on the Go: Assessing the Effect of Movement on Mobile Device Keystroke Dynamics,"
  6. A. Das, J. Bonneau, M. Caesar, N. Borisov and X. Wang, "The Tangled Web of Password Reuse," In Proc. of NDSS 2014.
  7. A. De Luca, A. Hang, F. Brudy, C. Lindner and H. Hussmann, "Touch me once and I know it's you!: implicit authentication based on touch screen patterns," In Proc. of CHI 2012.
  8. A. De Luca, A. Hang, E. Von Zezschwitz, and H. Hussmann, "I Feel Like I'm Taking Selfies All Day!: Towards Understanding Biometric Authentication on Smartphones," In Proc. of CHI 2015.
  9. S. Eberz, K.B. Rasmussen, V. Lenders and I. Martinovic, "Evaluating behavioral biometrics for continuous authentication: Challenges and metrics," In Proc. of ASIACCS 2017.
  10. M. Eiband, M. Khamis, E. von Zezschwitz, H. Hussmann and F. Alt, "Understanding shoulder surfing in the wild: Stories from users and observers," In Proc. of CHI 2017.
  11. L. Fridman, S. Weber, R. Greenstadt and M. Kam, "Active authentication on mobile devices via stylometry, application usage, web browsing, and GPS location," In IEEE Systems Journal, 2017.
  12. R.S. Gaines, W. Lisowski, S.J. Press and N. Shapiro, "Authentication by keystroke timing: Some preliminary results," Rand Report R-2526-NSF, Rand, Santa Monica, CA. 1980.
  13. M. Harbach, E. Von Zezschwitz, A. Fichtner, A. De Luca and M. Smith, "It's a hard lock life: A field study of smartphone (un) locking behavior and risk perception." In Proc. of SOUPS 2014.
  14. B. Ur, F. Noma, J. Bess, S. M. Segreti, R. Shay, L. Bauer, N. Christin, and L. F. Cranor, ""I added '!' at the End to Make It Secure": Oberving Password Creation in the Lab," In Proc. of SOUPS 2015.
  15. M. Khamis, M. Hassib, E.V. Zezschwitz, A. Bulling and F. Alt, "GazeTouchPIN: protecting sensitive data on mobile devices using secure multimodal authentication," In Proc. of ICMI 2017.
  16. W. Kim, "Fingerprint Liveness Detection Using Local Coherence Patterns," In IEEE Signal Processing Letters, 2017.
  17. K. Krombholz, T. Hupperich and T. Holz, "Use the force: Evaluating force-sensitive authentication for mobile devices," In Proc. of SOUPS 2016.
  18. T. Kwon and S. Na, "TinyLock: Affordable defense against smudge attacks on smartphone pattern lock systems," In computers & security, May, 2014.
  19. H. Lee, S. Kim, and T. Kwon, "Here Is Your Fingerprint!: Actual Risk versus User Perception of Latent Fingerprints and Smudges Remaining on Smartphones," In Proc. of ACSAC 2017.
  20. Y. Li, Y. Li, Q. Yan, H. Kong and R.H. Deng, "Seeing your face is not enough: An inertial sensor-based liveness detection for face authentication," In Proc. of ACM CCS 2015.
  21. A. Mahfouz, T.M. Mahmoud and A.S. Eldin, "A survey on behavioral biometric authentication on smartphones," In Journal of Information Security and Applications, 2017.
  22. Y. Song, G. Cho, S. Oh, H. Kim, J.H. Huh, "On the effectiveness of pattern lock strength meters: Measuring the strength of real world pattern locks. In Proc. of CHI 2015.
  23. H. Xu, Y. Zhou, M.R. Lyu, "Towards continuous and passive authentication via touch biometrics: An experimental study on smartphones," In Proc. of SOUPS 2014.
  24. Ten-Year-Old's Face Unlocks Face ID on His Mom's iPhone X : https://youtu.be/dUMH6DVYskc
  25. The Global biometrics and Mobility Report: http://www.acuity-mi.com/GBMR_Report.php
  26. Behaviosec: https://www.behaviosec.com
  27. UnifyID: https://unify.id/