DOI QR코드

DOI QR Code

원형 스마트폰 잠금 패턴 방식 제안

A proposal of Circular Lock Pattern Method on Smart phone

  • Im, Ji-woo (Department of IT Engineering, Hansung University) ;
  • Lee, Seung-jay (Department of IT Engineering, Hansung University) ;
  • Jang, Won-jun (Department of IT Engineering, Hansung University) ;
  • Kwon, Hyeok-dong (Department of IT Engineering, Hansung University) ;
  • Seo, Hwa-jeong (Department of IT Engineering, Hansung University)
  • 투고 : 2019.07.15
  • 심사 : 2019.08.14
  • 발행 : 2019.11.30

초록

스마트폰에는 현재 다양한 보안 방식이 사용되고 있다. 그중에서도 핀 번호와 패턴 잠금 방식은 초기 스마트폰부터 사용되었을 정도로 오래 사용되었다. 하지만 패턴 잠금 방식은 오래 사용된 만큼 보안이 취약하다. 핀 번호 방식의 보안 강도가 약간 높은 정도라면 패턴 잠금 방식은 중간 정도에 그친다. 그럼에도 많은 스마트폰 사용자들은 패턴 잠금 방식을 이용하고 있는데 아직 생체보안을 지원하지 않는 기종을 사용하는 사용자가 있기 때문이다. 생체보안을 지원하지 않는 기종에서 제일 편리한 보안 방식은 패턴 잠금 방식이다. 그러나 기존의 패턴 잠금 방식은 Shoulder surfing attack과 Smudge attack에 취약하다. 따라서 패턴 잠금 방식의 편리성을 유지하면서 동시에 기존 방식의 취약점을 해결하는 방식을 제안하고자 한다. 제안하는 방식은 화면에 배치되는 각각의 점을 원형으로 배치한 뒤 무작위로 숫자를 부여하는 잠금 방식이다. 본 방식을 도입하게 된다면 기존의 취약점을 상당히 해결할 수 있다. 즉, 기존의 패턴 잠금 방식에 비해 보안성을 높일 수 있다.

Currently, there are various security methods in smart phone. Among them, pin number and pattern lock were used long as they were used from early smart phone. However, security is weak that much. The security of pin number is slightly high, but the security of conventional pattern lock remains moderate. However, the conventional pattern lock is still used by several people because of convenience. This is because some users' smart phones don't support biometric security. The most convenient security method for devices that don't support biometric security is pattern lock. However, this method is vulnerable to shoulder surfing attack and smudge attack. Therefore, we introduce random pattern lock that solves the vulnerability of the conventional pattern lock while maintaining the convenience of the pattern lock. This is a lock method that places each point placed on the screen in a circular shape and assigns a random number to it. Therefore, If this is introduced, It's expected to solve vulnerability.

키워드

과제정보

This research was partly supported by the MSIT(Ministry of Science and ICT), Korea, under the ITRC(Information Technology Research Center) support program(IITP-2019-2014-1-00743) supervised by the IITP(Institute for Information & communications Technology Planning & Evaluation) and this research was partly supported by the National Research Foundation of Korea(NRF) grant funded by the Korea government(MSIT) (No. NRF-2017R1C1B5075742).

참고문헌

  1. K. H. An, H. D. Kwon, K. H. Kim, and H. J. Seo, "Implement pattern lock security enhancement using thread to measure input time," Journal of the Korea Institute of Information and Communication Engineering, vol. 23, no. 4, pp. 470-476, Apr. 2019. https://doi.org/10.6109/JKIICE.2019.23.4.470
  2. M. D. Loge, "Tell Me Who You Are and I Will Tell You Your Unlock Pattern," M. S. theses, Norwegian University of Science and Technology, Trondheim, Sor-Trondelag, 2015.
  3. A. H. Lashkari, S. Farmand, O. B. Zakaria, and R. Saleh, "Shoulder Surfing attack in graphical password authentication," International Journal of Computer Science and Information Security, vol. 6, no. 2, pp. 145-154, Nov. 2009.
  4. A. J. Aviv, K. Gibson, E. Mossop, M. Blaze, and J. M. Smith, "Smudge attacks on smartphone touch screens," in Workshop on Offensive Technologies'10 Proceedings of the 4th USENIX conference on Offensive technologies, Washington: DC, pp. 1-7, 2010.
  5. P. Andriotis, G. Oikonomou, A. Mylonas, and T. Tryfonas, "A Study on Usability and Security Features of the Android Pattern Lock Screen," Information and Computer Security, vol. 24, no. 1, pp. 53-72, March. 2016. https://doi.org/10.1108/ICS-01-2015-0001
  6. S. M. Jung, and T. K. Kwon, "Automated Smudge Attacks Based on Machine Learning and Security Analysis of Pattern Lock Systems," Journal of The Korea Institute of Information Security and Cryptology, vol. 26, no. 4, pp. 903-910, Aug. 2016. https://doi.org/10.13089/JKIISC.2016.26.4.903
  7. G. Ye, Z. Tang, D. Fang, X. Chen, K. I. Kim, B. Taylor, and Z. Wang, "Cracking Android Pattern Lock in Five Attempts," in Proceedings 2017 Proceedings of the Network and Distributed System Security Symposium, San Diego: CA, pp. 1-1, 2017.