KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

A Study of User Behavior Recognition-Based PIN Entry Using Machine Learning Technique

머신러닝을 이용한 사용자 행동 인식 기반의 PIN 입력 기법 연구

  • Received : 2017.11.20
  • Accepted : 2018.02.23
  • Published : 2018.05.31
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, we propose a PIN entry method that combines with machine learning technique on smartphone. We use not only a PIN but also touch time intervals and locations as factors to identify whether the user is correct or not. In the user registration phase, a remote server was used to train/create a machine learning model using data that collected from end-user device (i.e. smartphone). In the user authentication phase, the pre-trained model and the saved PIN was used to decide the authentication success or failure. We examined that there is no big inconvenience to use this technique (FRR: 0%) and more secure than the previous PIN entry techniques (FAR : 0%), through usability and security experiments, as a result we could confirm that this technique can be used sufficiently. In addition, we examined that a security incident is unlikely to occur (FAR: 5%) even if the PIN is leaked through the shoulder surfing attack experiments.

이 논문에서는 스마트폰에서 사용자 인증 프로토콜에 머신러닝을 사용하는 기법을 제안한다. 우리가 제안하는 기법은 사용자가 PIN을 입력할 때, PIN 뿐만 아니라 추가적으로 스크린을 터치하는 시간 간격 및 위치를 인증 정보로 수집하여 식별자로 사용하는 기법이다. 먼저 사용자 등록 단계에서 다수의 사용자 터치 시간 및 위치 데이터를 수집 한 다음, 그 데이터로 머신러닝을 이용하여 모델을 제작한다. 그리고 사용자 인증 단계에서 사용자가 입력한 PIN을 비교하고, PIN이 일치하면 사용자의 터치 시간 및 위치 데이터를 모델에 입력하여 기존에 수집한 데이터와 거리를 비교하여, 그에 따라 인증 성공 여부가 결정된다. 우리는 사용성 실험과 보안성 실험을 통하여 이 기법을 사용하는데 큰 불편이 없다는 것(FRR : 0%)과, 이전의 사용되고 있던 PIN 입력 기법보다 안전하다는 것(FAR : 0%)을 보였고, 그에 따라 충분히 사용될 수 있는 기법이라는 것을 확인하였다. 또한 숄더 서핑 공격 실험을 통하여 PIN이 유출되어도 보안 사고가 발생하기 힘들다는 것(FAR : 5%)을 확인하였다.

Keywords

References

  1. E. Jang, S. Oh, and J. Park, "Press release about simple mobile payment," Korea Consumer Agency, Aug. 2016.
  2. C. Adams, "Personal Identification Number (PIN)," Encyclopedia of Cryptography and Security, p.927, 2011.
  3. S. Mun, "2017. 5. Wireless communication service subscriber statistics," Ministry of Science, ICT and Future Planning, Jun. 2017.
  4. A. Aviv, K. Gibson, E. Mossop, M. Blaze, and J. Smith, "Smudge Attacks on Smartphone Touch Screens," WOOT '10 Proceedings of the 4th USENIX Conference on Offensive Technologies, 2010.
  5. F. Mohsen and M. Shehab, "Android Keylogging Threat," 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, Dec. 2013.
  6. W. Goucher, "Look behind you: the dangers of shoulder surfing," Computer Fraud & Security, Vol.2011, Iss.11, pp.17-20. Nov. 2011. https://doi.org/10.1016/S1361-3723(11)70116-6
  7. F. Cherifi, B. Hemery, R. Giot, M. Pasquet, and C. Rosenberger, "Performance Evaluation Of Behavioral Biometric Systems," Book on Behavioral Biometrics for Human Identification: Intelligent Applications, 2009.
  8. J. Kim and M. Lee, "User authentication using touch positions in a touch-screen interface," Journal of the Korea Institute of Information Security & Cryptology, Vol.21, pp.135-141, Feb. 2011.
  9. David E. Goldberg and John H. Holland, "Genetic Algorithms and Machine Learning," Machine Learning, Vol.3, Iss.2-3, pp.95-99, 1988. https://doi.org/10.1023/A:1022602019183
  10. S. Kim, Y. Kim, and D. Kim, "A Method of Activity Recognition in Small-Scale Activity Classification Problems via Optimization of Deep Neural Networks," KIPS Transactions on Software and Data Engineering, Vol.6, No.3, pp.155-160, 2017. https://doi.org/10.3745/KTSDE.2017.6.3.155
  11. Yejin Yoon, Jong-Hyuk Im, and Mun-Kyu Lee, "Secure power demand forecasting using regression analysis on Intel SGX," Next Generation Computing Conference 2017, Aug. 2017.
  12. Xinyou Yin, Jan Goudriaan, Egbert A. Lantinga, Jan Vos, and Huub J. Spiertz, "A Flexible Sigmoid Function of Determinate Growth," Annals of Botany, Vol.91, Iss.3, pp.361-371, 2003. https://doi.org/10.1093/aob/mcg029
  13. Lívia C. F. Araujo, Luiz H. R. Sucupira Jr., Miguel G. Lizarraga, Lee L. Ling, and Joao B. T. Yabu-uti, "User Authentication Through Typing Biometrics Features," IEEE Transactions on Signal Processing, Vol.53, No.2, pp.851-855, 2005. https://doi.org/10.1109/TSP.2004.839903
  14. P. Panasiuk and K. Saeed, "A Modified Algorithm for User Identification by His Typing on the Keyboard," Image Processing and Communications Challenges 2, Springer, Berlin, Heidelberg, pp.113-120, 2010.
  15. S. J. Shepherd, "Continuous authentication by analysis of keyboard typing characteristics," Security and Detection 1995, May. 1995.
  16. "TensorFlow," Wikipedia, 2017.