Browse > Article
http://dx.doi.org/10.3745/KIPSTD.2010.17D.2.167

Design and Implementation of Pinpad using Secure Technology from Shoulder Surfing Attack  

Kang, Moon-Seol (광주대학교 컴퓨터공학과)
Kim, Young-Il (호남대학교 인터넷소프트웨어학과)
Publication Information
The KIPS Transactions:PartD / v.17D, no.2, 2010 , pp. 167-174 More about this Journal
Abstract
When entering the PIN(personal identification number), the greatest security threat is shoulder surfing attack. Shoulder surfing attack is watching the PIN being entered from over the shoulder to obtain the number, and it is the most common and at the same time the most powerful security threat of stealing the PIN. In this paper, a psychology based PINpad technology referred to as DAS(Dynamic Authentication System) that safeguards from shoulder surfing attack was proposed. Also, safety of the proposed DAS from shoulder surfing attack was tested and verified through intuitive viewpoint, shoulder surfing test, and theoretical analysis. Then, a PINpad with an internal DAS that was certified for its safety from shoulder surfing attack was designed and produced. Because the designed PINpad significantly decreases the chances for shoulder surfing attackers being able to steal the PIN when compared to the ordinary PINpad, it was determined to be suitable for use at ATM(automated teller machine)s operated by banks and therefore has been introduced and is being used by many financial institutions.
Keywords
Shoulder Surfing Attack; PINpad; DAS(Dynamic Authentication System); Security Threat;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 C.Y. Han, H.W. Jang, "An Empirical Study on the Use of POS System for Inventory Efficiency," Journal of Korean Industrial Information Systems Society, Vol.10, No.1, pp.81-88, 2005.   과학기술학회마을
2 Jablon, P.D. "Strong password-only authenticated key exchange," ACM SIGCOMM Computer Communication Review, (26:5), pp.5-20, 1996.   DOI
3 Halevi, S. and Krawczyk, H. "Public-key cryptography and password protocols," ACM Conference on Computer and Communications Security, pp.122-131, 1998.   DOI
4 Wikipedia, the free encyclopedia(http://en.wikipedia.org/wiki/ PINpad).
5 TTA(Telecommunications Technology Association), "Standard of Contact Type IC Card Terminal," Telecommunications Technology Association, 2003.
6 소리나무미디어, "일회용 비밀번호 생성 및 해석 방법," 대한민국 특허청, 2007. 01.
7 Nebojsa Jojic and Paul Roberts, "image based password systems," http://research.microsoft.com/en-us/um/people/ darkok/projectssyscli.htm.
8 Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone, "Applied Cryptography," CRC Press, 1997.
9 금융감독원, "영국의 인터넷뱅킹 관련 사기 피해 증가," 금융감독정보, 통권 396호, pp.43-44, Nov., 2006.
10 Bellovin, M.S. and Merrit, M. "Augmented encrypted key exchange: Password-based protocol secure against dictionary attack and password file compromise," Proceedings of the 1st ACM Conference on Computer and Communications Security, pp.244-250, 1993.   DOI
11 Halevi, S. and Krawczyk, H. "Public-key cryptography and password protocols," ACM Conference on Computer and Communications Security, pp.122-131, 1998.   DOI
12 Li, Zhi., Sun, Qibin., Lian, Yong., Giusto, D.D., "An Association-Based Graphical Password Design Resistant to Shoulder-Surfing Attack," 2005 IEEE International Conference on Multimedia and Expo(ICME-05), pp.245-248, 2005.   DOI
13 Lei, M., Xiao, Y., Vrbsky, S.V., "Virtual password using random linear functions for on-line services, ATM machines, and pervasive computing," Computer communications, Vol.31, No.18, pp.4367-4375, 2008.   DOI   ScienceOn
14 Park, S.B., Kang, M.S. and Lee, S.J. "Authenticated key exchange protocol secure against off-line dictionary attack and server compromise," Lecture Notes in Computer Science, Vol.3032, pp.924-931, 2004.
15 Park, S.B., Kang, M.S. and Lee, S.J. "New authentication system," Lecture Notes in Computer Science, Vol.3032, pp.1095-1098, 2004.
16 Nemeth, Garth Snyder, and Trent R. Hein, "Linux Administration Handbook(2nd Edition)," Prentice Hall PTR, 2006.
17 Park, S.B., Kang, M.S. and Lee, S.J. "User authentication protocol based on human memorable password and using ECC," Lecture Notes in Computer Science, Vol.3032, pp.1091-1094, 2004.   DOI
18 RealUser, "Passfaces: Two Factor Authentication, Graphical Password," http://www.realuser.com/index.htm.
19 Manu Kumar, Tal Garfinkel, Dan Boneh, Terry Winograd, "Reducing Shoulder-surfing by Using Gaze-based Password Entry," Proceedings of the 3rd symposium on Usable Privacy and Security(SOUPS 2007), pp.13-19, 2007.   DOI
20 Edward K. Vogel & Maro G. Machizawa, "Neural activity predicts individual differences in visual working memory capacity," Nature, Vol.428, pp.748-151, 15 April, 2004.   DOI   ScienceOn
21 S.B. Park, M.S. kang, Secure Password System against Imposter, The KIPS Transactions : Part C, Vol.10-C, No.2, pp.141-144, 2003.   DOI   ScienceOn
22 S.B, Park, N.K. Joo, M.S. Kang, Practically Secure and Efficient Random Bit Generator Using Digital Fingerprint Image for the Source of Random, The KIPS Transactions: Part D, Vol.10-D, No.3, pp.541-146, 2003.   DOI   ScienceOn
23 D. Kirovski, N. Jojic, and P. Roberts. "Click Passwords," 21st IFIP International Information Security Conference, pp. 351-363, 2006.   DOI
24 (주)비원플러스, 리듬패스 & 참아이디, http://www.beone.co.kr/.