Journal of Practical Engineering Education (실천공학교육논문지)

Korean Institute for Pratical Engineering Education (한국실천공학교육학회)
권호 표지
DOI QR코드

DOI QR Code

Secure PIN Authentication Technique in Door-Lock Method to Prevent Illegal Intrusion into Private Areas

사적 영역에 불법 침입 방지를 위한 도어락 방식의 안전한 PIN 인증 기법

  • Hyung-Jin Mun (Dept. of Information & Communication Engineering, Sungkyul University)
  • 문형진 (성결대학교 정보통신공학과)
  • Received : 2024.04.30
  • Accepted : 2024.06.04
  • Published : 2024.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

The spread of smart phones provides users with a variety of services, making their lives more convenient. In particular, financial transactions can be easily made online after user authentication using a smart phone. Users easily access the service by authenticating using a PIN, but this makes them vulnerable to social engineering attacks such as spying or recording. We aim to increase security against social engineering attacks by applying the authentication method including imaginary numbers when entering a password at the door lock to smart phones. Door locks perform PIN authentication within the terminal, but in smart phones, PIN authentication is handled by the server, so there is a problem in transmitting PIN information safely. Through the proposed technique, multiple PINs containing imaginary numbers are generated and transmitted as processed values such as hash values, thereby ensuring the stability of transmission and enabling safe user authentication through a technique that allows the PIN to be entered without exposure.

스마트 폰의 보급이 사용자에게 다양한 서비스를 제공하여 삶의 편리함을 주고 있다. 특히, 스마트 폰으로 사용자 인증 후에 손쉽게 온라인 금융거래가 이루어지고 있다. 사용자는 PIN을 이용한 인증으로 쉽게 서비스에 접근하지만 그로 인해 훔쳐보기나 레코딩과 같은 사회공학적 공격에 취약하다. 도어락에서 비밀번호 입력 시 허수를 포함하여 인증하는 방법을 스마트 폰에도 적용함으로써 사회공학적 공격에 대한 보안성을 높이고자 한다. 도어락은 PIN을 단말기 내에서 인증을 수행하지만 스마트 폰에서는 PIN 인증이 서버에서 처리하기 때문에 PIN 정보를 안전하게 전달해야 하는 문제가 있다. 제안기법을 통해 허수가 포함된 PIN을 여러 개 생성하여 해시값과 같은 가공값으로 전송하기 때문에 전송의 안정성을 보장하면서, 노출없이 PIN을 입력할 수 있는 기법으로 안전한 사용자 인증이 가능하다.

Keywords

References

  1. PIN encryption: Safeguarding Your Personal Identification Number 13 Feb 2024. https://fastercapital.com/content/PIN-encryption--Safeguarding-Your-Personal-Identification-Number.html 
  2. H. J. Mun, "Analysis on the trends of PIN input method of mobile device in fintech environment," Quality of Life Research, vol. 1, no. 1, pp. 33-38, April 2023. 
  3. S. Schneegass, A. Saad, R. Heger, S. Delgado Rodriguez, R. Poguntke, and F. Alt, "An investigation of shoulder surfing attacks on touch-based unlock events," Proceedings of the ACM on Human-Computer Interaction, vol. 6, no. MHCI, pp. 1-14, 2022. https://doi.org/10.1145/3546742 
  4. H. J. Mun, "Design of an enhanced group keypad to prevent shoulder- surfing attacks and enable user convenience," Journal of Practical Engineering Education, vol. 15, no. 3, pp. 641-647, December 2023. 
  5. https://news.koreadaily.com/2024/02/23/society/general-society/20240223220404948.html 
  6. H. J. Mun, "1.5-factor authentication method using secure keypads and biometric authentication in the fintech," Journal of Industrial Convergence, vol. 20, no. 11, pp. 191-196, 2022. 
  7. X. Bultel, J. Dreier, M. Giraud, M. Izaute, T. Kheyrkhah, P. Lafourcade, D. Lakhzoum, V. Marlin, and L. Mota, "Security analysis and psychological study of authentication methods with PIN codes," In 2018 12th International Conference on Research Challenges in Information Science (RCIS), pp. 1-11, May 2018. IEEE. https://doi.org/10.1109/RCIS.2018.8406648 
  8. M. H. Lee and H. J. Mun, "Design of an visitor identification system for the front door of an apartment using deep learning," Journal of the Korea Convergence Society, vol. 13, no. 4, pp. 45-51, 2022. 
  9. H. J. Mun, S. H Hong, and J. P. Shin, "A novel secure and efficient hash function with extra padding against rainbow table attacks," Cluster Computing, vol. 21, no. 1, pp. 1161-1173, 2018. https://doi.org/10.1007/s10586-017-0886-4. 
  10. H. J. Mun, "The secure password authentication method based on multiple hash values that can grant multi-permission to a single account," Journal of Industrial Convergence, vol. 21, no. 9, pp. 49-56, September 2023.