Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.4.843

Usability and Security Analysis of Authentication Methods for Mobile Fin-Tech Services  

Kim, KyoungHoon (Information Security Lab., Graduation School of Information, Yonsei University)
Kwon, Taekyoung (Information Security Lab., Graduation School of Information, Yonsei University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.4, 2017 , pp. 843-853 More about this Journal
Abstract
In the case of electronic payment, the obligation to use the certificate-based authentication was abolished. As Fin-tech service providers gain autonomy, various authentication methods are provided. SMS, ARS, PIN, Text-passwords, Fingerprints are popular authentication methods in the mobile Fin-tech services. In this study evaluate the usability and security of authentication methods in a unified mobile environment. We evaluate the usability through SUS and interview. Also we evaluate the security level of authentication methods through NIST guideline. At the result of the usability evaluation, Fingerprint authentication method had been determined as the highest usability, also Fingerprint authentication method had been determined as the safest authentication method by obtaining Security Level 4.
Keywords
Fin-tech; Authentication; Usability; Security;
Citations & Related Records
연도 인용수 순위
  • Reference
1 C. Braz, and J. M. Robert, "Security and usability: the case of the user authentication methods," In Proc. of IHM '06, pp. 199-203, 2006.
2 D. T. Toledano, R. F. Pozo, A. H. Trapote and L. H. Gomez, "Usability evaluation of multi-modal biometric verification systems," Interacting with Computers, 18(5), vol. 18, no. 5, pp. 1101-1122, Sept, 2006.   DOI
3 H. Khan, A. Atwater, and U. Hengartner, "A comparative Evaluation of Implicit Authentication Schemes," In Proc. of RAID, pp. 255-275, Sep. 2014.
4 N. L. Clarke, and S. M. Furnell, "Authentication of users on mobile telephones - A survey of attitudes and practices," Computers & Security, vol. 24, no. 7, pp. 519-527, 2005.   DOI
5 N. Micallef, M. Just, L. Baillie, M. Halvey, and H. G. Kayacik, "Why aren't users using protection? Investigating the usability of smartphone locking," Iin Proc. of MobileHCI, 2015.
6 S. Trewin, C. Swart, L. Koved, J. Martino, K. Singh, and S. B. David, "Biometric Authentication on a Mobile Device: A Study of User Effort, Error and Task Disruption," In Proc. of ACSAC, pp. 159-168, Dec. 2012.
7 S. Prabhakar, S. Pankanti, and A. K. Jain, "Biometric Recognition: Security and Privacy Concerns," In Proc. of IEEE S&P, vol. 99, no. 2, pp. 33-42, 2003.
8 S. M. Furnell, P. S. Dowland, H. M. Illingworth, and P. L. Reynolds, "Authentication and Supervision: A Survey of User Attitudes," Computers & Security, vol. 19, no. 6, pp. 529-539, Oct., 2000.   DOI
9 K. Taekyoung, and N. Sarang "TinyLock: Affordable defense against smudge attacks on smartphone pattern lock systems." computers & security, vo. 42, pp. 137-150, 2014.   DOI
10 DIGIECO report, "2016 Mobile Trend Forecast," 2016.