Browse > Article
http://dx.doi.org/10.5392/JKCA.2011.11.4.033

Hangul Password System for Preventing Shoulder-Surfing  

Kim, Jong-Woo (부산대학교 U-Port정보기술산학공동사업단)
Kim, Sung-Hwan (부산대학교 컴퓨터공학과)
Park, Sun-Young (부산대학교 컴퓨터공학과)
Cho, Hwan-Gue (부산대학교 컴퓨터공학과)
Publication Information
The Journal of the Korea Contents Association / v.11, no.4, 2011 , pp. 33-41 More about this Journal
Abstract
Although conventional text-based passwords are used as the most common authentication method, they have significant drawbacks such as guess attacks, dictionary attacks, key loggers, and shoulder-surfing. To address the vulnerabilities of traditional text-based passwords, graphical password schemes have been developed as possible alternative solutions, but they have a potential drawback that they are more vulnerable to shoulder-surfing than conventional text-based passwords. In this paper, we present a new Hangul password input method to prevent shoulder-surfing attacks. Our approach uses Hangul as a password, and it requires the users to locate their password in the given wheeling password grid instead of entering the password. Our approach makes it difficult for attackers to observe a user's password since the system shows the users' passwords with decoy characters as the noise on the screen. Also, we provide security analysis for random attacks, dictionary attacks, and shoulder-surfing attacks, and it shows that our password system is robust against these attacks.
Keywords
Authentication; Password; Shoulder-surfing; Grid-based Password; Hangul;
Citations & Related Records
연도 인용수 순위
  • Reference
1 H. Tao and C. Adams, "Pass-go: A proposal to improve the usability of graphical passwords," International Journal of Network Security, Vol.7, No.2, pp.273-292, 2008.
2 D. Weinshall, "Cognitive authentication schemes safe against spyware," Proc. of IEEE Symposium on Security and Privacy, pp.295-300, 2006.   DOI
3 Y. Berger, A. Wool, and A. Yeredor, "Dictionary attacks using keyboard acoustic emanations," Proc. of the 13th ACM Conf. on Computer and Communications Security, pp.245-254, 2006.
4 M. G. Kuhn, "Electromagnetic evaesdropping risks of flat-panel displays," Proc. of the 4th Workshop on Privacy Enhancing Technologies, pp.23-25, 2004.
5 B. Hoanca and K. Mock, "Screen oriented technique for reducing the incidence of shoulder surfing," Proc. of the Int. Conf. on Security and Management 2005, pp.334-340, 2005.
6 S. Wiedenbeck, J. Waters, L. Sobrado, and J.-C. Birget, "Design and evaluation of a shoulder-surfing resistant graphical password scheme," Proc. of AVI 2006, pp.177-184, 2006.
7 M. Kumar, T. Garfinkel, D. Boneh, and T. Winograd, "Reducing shoulder-surfing by using gaze-based password entry," Proc. of the Symposium On Usable Privacy and Security, pp.13-19, 2007.
8 D. S. Tan, P. Keyani, and M. Czerwinski, "Spy-resistant keyboard: More secure password entry on public touch screen displays," Proc. of 17th Australia Conf. on Computer-Human Interaction, pp.1-10, 2005.
9 I. Jermyn, A. Mayer, F. Monrose, M. Reiter, and A. Rubin, "The design and analysis of graphical passwords," Proc. of the 8th USENIX Security Symposium, 1999.
10 A. H. Lashkari, O. B. Zakaria, S. Farmand, and R. Saleh, "Shoulder surfing attack in graphical password authentication," International Journal of Computer Science and Information Security, Vol.6, No.2, pp.145-154, 2009.
11 http://www.gridsure.com/
12 http://www.passfaces.com/
13 X. Suo, Y. Zhu, and G. S, Owen, "Graphical passwords: A survey," Proc. of the 21st Annual Computer Security Applications Conference, pp.463-472, 2005.
14 S. Chiasson, P. C. van Oorschot, and R. Biddle, "Graphical password authentication using cued click points," Proc. of ESORICS 2007, pp.359-374, 2007.