Browse > Article
http://dx.doi.org/10.13089/JKIISC.2012.22.6.1243

STM-GOMS Model: A Security Model for Authentication Schemes in Mobile Smart Device Environments  

Shin, Sooyeon (Sejong University)
Kwon, Taekyoung (Sejong University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.22, no.6, 2012 , pp. 1243-1252 More about this Journal
Abstract
Due to the widespread use of smart devices, threats of direct observation attacks such as shoulder surfing and recording attacks, by which user secrets can be stolen at user interfaces, are increasing greatly. Although formal security models are necessary to evaluate the possibility of and security against those attacks, such a model does not exist. In this paper, based on the previous work in which a HCI cognitive model was firstly utilized for analyzing security, we propose STM-GOMS model as an improvement of GOMS-based model with regard to memory limitations. We then apply STM-GOMS model for analyzing usability and security of a password entry scheme commonly used in smart devices and show the scheme is vulnerable to the shoulder-surfing attack. We finally conduct user experiments to show the results that support the validity of STM-GOMS modeling and analysis.
Keywords
Security model; GOMS model; Smart devices; Shoulder-surfing attack; Usability and Security Analysis;
Citations & Related Records
연도 인용수 순위
  • Reference
1 나사랑, 신수연, 권태경, "STM-GOMS 모델을 이용한 스마트 환경에서의 일반 PIN 입력 기법에 대한 사용성 및 안전성 분석," 한국정보보호학회 하계학술대회(CISC S'12), pp. 85-90, 2012 6월.
2 신수연, 나사랑, 권태경, "STM-GOMS 모델을 이용한 스마트 기기에서의 ColorPIN 기법에 대한 사용성 및 안전성 분석," 한국정보보호학회 하계학술대회(CISC S'12), pp. 357-362, 2012 6월.
3 S.K. Card, T.P. Moran and A. Newell, "The keystroke-level model for user performance time with interactive systems," Communications of the ACM,vol. 23, no. 7, pp. 396-410, July 1980.   DOI   ScienceOn
4 S.K. Card, T.P. Moran and A. Newell, "The psychology of human-compute interaction," Lawrence Erlbaum Publishers, 1983.
5 N. Cowan, "The Magical Mystery Four: How is Working Memory Capacity Limited, and Why?" Psychological Science, vol. 19, no. 1, pp. 51-57, Feb. 2010.
6 A. De Luca, K. Hertzschuch and H. Hussmann, "ColorPIN-Securing PIN Entry through Indirect Input," In Proc. of CHI'10, pp. 1103-1106, Apr. 2011.
7 P.M. Fitts, "The information capacity of the human motor system in controlling the amplitude of movement," Journal of Experimental Psychology, vol. 7, pp. 381-391, June 1954.
8 W.D. Gray, B.E. John and M.E. Atwood, "The Precis of Project Ernestine or an overview of a validation of GOMS," In Proc. of CCS'92, pp. 307-312, May 1992.
9 D.E. Kieras, "Towards a practical GOMS model methodology for user interface design," In M. Tauber and D. Ackermann, The handbook of human computer interaction, pp. 135-158, 1988.
10 T. Kwon, S. Na and S. Shin, "Covert Attentional Shoulder Surfing: Human Adversaries Are More Powerful Than Expected," Submitted (2012).
11 A.H. Lashkari, S. Farmand, O.B. Zakaria and R. Saleh, "Shoulder Surfing attack in graphical password authentication," IJCSIS, vol. 6, no. 2, pp. 145-154, Nov. 2009.
12 V. Roth, K. Richter and R. Freidinger, "A Pin-Entry Method Resilient Against Shoulder Surfing," In Proc. of CCS'04, pp. 236-245, Oct. 2004.
13 S. Shin, S. Na, T. Kwon, and H. Moon, "Modeling and Analysis of Regular PIN Entry Method and Its Improvements," In Proc. of CNSI'12, ASTL, 8, pp. 835-840, July 2012.