KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Enhanced Knock Code Authentication with High Security and Improved Convenience

  • Jang, Yun-Hwan (Department of Information Security, Hanyang University) ;
  • Park, Yongsu (Department of Computer Science, Hanyang University)
  • Received : 2018.02.12
  • Accepted : 2018.03.26
  • Published : 2018.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

Since smartphone contains various personal data, security is one of the important aspects in smartphone technologies. Up to now, various authentication techniques have been proposed to protect smartphones. The pattern lock on the Android system is one of the most widely used authentication methods for low-cost devices but it is known to be vulnerable to smudge attack or shoulder surfing attack. LG's smartphone uses its own technique, which is called "Knock Code." The knock code completes the authentication by touching the user defined area in turn on the screen. In this paper, we propose the new, enhanced version of knock code by adding the sliding operation and by using flexible area recognition. We conducted security analysis, which shows that under the same password size, the search space is overwhelmingly larger than the original algorithm. Also, by using the sliding operation, the proposed scheme shows resilience against smudge attacks. We implemented the prototype of our scheme. Experimental results show that compared with the original Knock Code and Android pattern lock, our scheme is more convenient while providing better security.

Keywords

References

  1. Robert Biddle, Sonia Chiasson, P.C. van Oorschot "Graphical Passwords: Learning from the First Twelve Years," ACM Computing Surveys, vol. 44, no. 4, pp. 1-41, August. 2012.
  2. Guixin Ye, Zhanyong Tang, Dingyi Fang, Xiaojiang Chen, Kwang In Kim, Ben Taylor, and Zhen Wang, "Cracking Android Pattern Lock in Five Attempts," in Proc. of NDSS'2017, 2017.
  3. Arash Habibi Lashkari, Samaneh Farmand, Dr. Omar Bin Zakaria, and Dr. Rosli Saleh "Shoulder Surfing attack in graphical password authentication," International Journal of Computer Science and Information Security, Vol. 6, No. 2, 2009.
  4. M. Kumar, T. Garfinkel, D. Boneh, and T. Winograd, "Reducing Shoulder-surfing by Using Gaze-based Password Entry," in Proc. of Symposium on Usable Privacy and Security, pp.13-19, 2007.
  5. Adam J. Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, and Jonathan M. Smith "Smudge attacks on Smartphone Touch Screens," in Proc. of 4th USENIX Workshop on Offensive Technologies, August. 2010.
  6. LG Electronics, "LG V20 Knock on and Knock Code," available at http://www.lg.com/us/support/product-help/CT10000025-20150217113217-activation.
  7. M. Rutnik, "LG grabs record 20% of US smartphone market," available at https://www.androidauthority.com/lg-grabs-record-smartphone-market-share-us-770033/, 2017 (accessed October 8 2017).
  8. LG Electronics, "Key LG Smartphones to get Knock Code Upgrade," 03-26-2014, available at http://www.lg.com/ae/press-release/key-lg-smartphones-to-get-knock-code-upgrade.
  9. Ian Jermyn, Alain Mayer, Fabian Monrose, Michael K. Reiter, and Aviel D. Rubin "The design and analysis of graphical password," in Proc. of 8th USENIX Security Symposium, August. 1999.
  10. Paul Dunphy and Jeff Yan, "Do Background image improve 'draw a secret' graphical passwords?," in Proc. of the 14th ACM Conference on Computer and Communications Security, CCS'07, pp.36-47, 2007.
  11. Hai Tao and Carlisle Adams, "Pass-go: A proposal to improve the usability of graphical passwords," International Journal of Network Security, vol.7, no. 2, pp.273-292, 2008.
  12. H. Gao, X. Guo, X. Chen, L. Wang and X. Liu, "YAGP: Yet Another Graphical Password Strategy," in Proc. of ACSAC'98, 2008.
  13. C. Varenhorst, M. V. Kleek, and L. Rudolph, "Passdoodles: A Lightweight Authentication Method," available at http://people.csail.mit.edu/emax/public_html/papers/varenhorst.pdf, 2004.
  14. R. Weiss and A. De Luca, "PassShapes: Utilizing Stroke Based Authentication to Increase Password Memorability," in Proc. of Nordic Conference on Human-Computer Interaction (NordiCHI), 2008.
  15. Gmalto, "GrIDsure: One-time password (OTP) without hardware tokens or software applications," 2015.
  16. Hsin-Yi Chiang, Sonia Chiasson, "Improving user authentication on mobile devices: A Touchscreen Graphical Password," in Proc. of International Conference on MobileHCI, pp. 251-260, January. 2013.
  17. Taekyoung Kwon and Sarang Na, "TinyLock: Affordable defense against smudge attacks on smartphone pattern lock systems," Computers and Security, Vol. 42, pp. 137-150, May. 2014. https://doi.org/10.1016/j.cose.2013.12.001
  18. Ashley Colley, Tobias Seitz, Tuomas Lappalainen, Matthias Kranz, and Jonna Hakkila1 "Extending the Touchscreen Pattern Lock Mechanism with Duplicated and Temporal Codes," Advances in Human-Computer Interaction, vol. 2016, November. 2016.
  19. Harshal Tupsamudre, Vijayanand Banahatti, and Sachin Lodha "Pass-O: A Proposal to Improve the Security of Pattern Unlock Scheme," in Proc. of ASIACCS'2017, April. 2017.
  20. J. A. Hartigan and M. A. Wong, "Algorithm AS 136: A K-Means Clustering Algorithm," Journal of the Royal Statistical Society. Series C (Applied Statistics), vol. 28, no. 1, pp. 100-108, 1979.