Browse > Article
http://dx.doi.org/10.6109/jkiice.2019.23.4.470

Implement pattern lock security enhancement using thread to measure input time  

An, Kyuhwang (Department of Information System Engineering, Han-Sung University)
Kwon, Hyeokdong (Department of Information System Engineering, Han-Sung University)
Kim, Kyungho (Department of Information System Engineering, Han-Sung University)
Seo, Hwajeong (Department of Information System Engineering, Han-Sung University)
Publication Information
Journal of the Korea Institute of Information and Communication Engineering / v.23, no.4, 2019 , pp. 470-476 More about this Journal
Abstract
The pattern locking technique applied to smart phones is a locking technique that many people use conveniently. However, the safety of pattern locking techniques is very low compared with other techniques. The pattern locking technique is vulnerable to a shoulder surfing attack, which is based on the user's input and can be interpreted by looking at the movement of the shoulder, and the smudge attack is also vulnerable due to fingerprint drag marks remaining on the mobile phone pad. Therefore, in this paper, we want to add a new security method to check the pressed time by using a thread in the pattern locking scheme to secure the vulnerability. It is divided into short, middle, and long click according to the pressing time at each point. When dragging using the technique, security performance enhances $3^n$ tiems. Therefore, even if dragging in the same 'ㄱ' manner, it becomes a completely different pattern depending on the pressing time at each point.
Keywords
Drag; Pattern lock; Shoulder surfing attack; Smudge attack; Thread;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 UCSIS. Shoulder Surfing attack in graphical password authentication [Internet]. Available: https://arxiv.org/ftp/arxiv/papers/0912/0912.0951.pdf.
2 A. J. Aviv, K. L. Gibson, E. Mossop, and J. M. Smith, "Smudge Attacks on Smart phone Touch Screens," Woot, 10: 1-7, 2010.
3 C. Dongmin, "Application Adaptive Pattern-based Authentication Method for Smartphones," Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology vol. 8, no. 2, pp. 59-67, February 2018.
4 T. Kwon, and S. Na, "TinyLock: Affordable defense against smudge attacks on smartphone pattern lock systems," Computers & Security, 42, pp. 137-150, 2014.   DOI
5 Youtube. The video of how it works [Internet]. Available: https://youtu.be/OEOkHHQPTgA.
6 Github. The open source of press time pattern lock PIN [Internet]. Available: https://github.com/kyu-h/PressTime_PatternLock_PIN.
7 A. Karawash. Brute Force Attack [Internet]. Available: https://www.researchgate.net/profile/Ahmad_Karawash/publication/299645572_Data_protection_and_Brute_Force_attack/links/5703c19e08aeade57a25ae7b/Data-protection-and-Brute-Force-attack.pdf.
8 H. J. Seo, and H. W. Kim, "Secure Keypad with Encrypted Input Message," Journal of the Korea Institute of Information and Communication Engineering, vol. 18, no. 12, pp. 2899-2910, Dec. 2014.   DOI