Browse > Article
http://dx.doi.org/10.22156/CS4SMB.2022.12.03.038

Design for Position Protection Secure Keypads based on Double-Touch using Grouping in the Fintech  

Mun, Hyung-Jin (Dept. of Information & Communication Engineering, Sungkyul University)
Publication Information
Journal of Convergence for Information Technology / v.12, no.3, 2022 , pp. 38-45 More about this Journal
Abstract
Due to the development of fintech technology, financial transactions using smart phones are being activated. The password for user authentication during financial transactions is entered through the virtual keypad displayed on the screen of the smart phone. When the password is entered, the attacker can find out the password by capturing it with a high-resolution camera or spying over the shoulder. A virtual keypad with security applied to prevent such an attack is difficult to input on a small touch-screen, and there is still a vulnerability in peeping attacks. In this paper, the entire keypad is divided into several groups and displayed on a small screen, touching the group to which the character to be input belongs, and then touching the corresponding character within the group. The proposed method selects the group to which the character to be input belongs, and displays the keypad in the group on a small screen with no more than 10 keypads, so that the size of the keypad can be enlarged more than twice compared to the existing method, and the location is randomly placed, hence location of the touch attacks can be blocked.
Keywords
Fintech; Secure Keypads; Grouping Pads; Shoulder Surfing Attack; Virtual Keypads; Password; Double touch;
Citations & Related Records
Times Cited By KSCI : 13  (Citation Analysis)
연도 인용수 순위
1 E. J. Choi, W. C. Jung. & S. Y. Kim. (2015). Attacks and Defenses for Vulnerability of Cross Site Scripting. Journal of Digital Convergence, 13(2), 177-183. DOI :10.14400/JDC.2015.13.2.177   DOI
2 C. Nayak, M. Parhi & S. Ghosal. (2014). Robust virtual keyboard for online banking. International Journal of Computer Applications, 107(21), 36-38. DOI : 10.5120/19142-0530   DOI
3 B. S. Yu & S. H. Yun. (2011). The Design and Implementation of Messenger Authentication Protocol to Prevent Smartphone Phishing. Journal of the Korea Convergence Society, 2(4), 9-14. DOI : 10.15207/JKCS.2011.2.4.009   DOI
4 D. Y. Kim & S. M. Cho. (2015). A Proposal of Smart Phone App for Preventing Smishing Attack. Journal of Security Engineering, 12(3), 207-220.   DOI
5 S. H. Kim, M. S. Park. & S. J. Kim. (2014). Shoulder Surfing Attack Modeling and Security Analysis on Commercial Keypad Schemes. Journal of the Korea Institute of Information Security & Cryptology, 24(6), 1159-1174. DOI : 10.13089/JKIISC.2014.24.6.1159   DOI
6 H. J. Seo & H. W. Kim. (2016). Design of Security Keypad Against Key Stroke Inference Attack. Journal of the Korea Institute of Information Security & Cryptology, 26(1), 41-47. DOI : 10.13089/JKIISC.2016.26.1.41   DOI
7 J. O. Park & B. W. Jin. (2015). A Study on Authentication Method for Secure Payment in Fintech Environment. The Journal of the Institute of Internet, Broadcasting and Communication, 15(4), 25-31.   DOI
8 J. H. Kim, J. Y. Go. & K. H. Lee. (2015). A Scheme of Social Engineering Attacks and Countermeasures Using Big Data based Conversion Voice Phishing. Journal of the Korea Convergence Society, 6(1), 85-91. DOI : 10.15207/JKCS.2015.6.1.085   DOI
9 G. O. Baik, C. H. Lim & J. G. Shon. (2010). A Virtual Keyboard System for Preventing Keylogging. Journal of Security Engineering, 7(4), 319-334.
10 S. W. Choi & Y.J. Shin. (2015). Economy Effects of IT Industry on Financial and Insurance Services. Journal of Digital Convergence, 13(1), 191-203. DOI : 10.14400/JDC.2015.13.1.191   DOI
11 J. Song, M. W. Jung, J. I. Choi & S. H. Seo. (2018). Proposal and Implementation of Security Keypad with Dual Touch. KIPS Transactions on Computer and Communication Systems, 7(3), 73-80. DOI : 10.3745/KTCCS.2018.7.3.73   DOI
12 C. J. Chae, H. J. Cho & H. M. Jung. (2018). Authentication Method using Multiple Biometric Information in FIDO Environment. Journal of Digital Convergence, 16(1), 159-164. DOI : 10.14400/JDC.2018.16.1.159   DOI
13 Q. Yue, Z. Ling, X. Fu, B. Liu, W. Yu & W. Zhao. (2014). My google glass sees your passwords!. Proceedings of the Black Hat USA.
14 Y. H. Lee. (2013). An Analysis on the Vulnerability of Secure Keypads for Mobile Devices. Journal of Korean Society for Internet Information, 14(3), 15-21. DOI : 10.7472/jksii.2013.14.3.15   DOI
15 J. S. Song, M. W. Chung, S. H. Seo & S. H. Lee. (2015). Security vulnerability analysis of Simple Mobile Payments Services. The Korea Information Processing Society Fall Conference, 22(2), 817-820.
16 D. H. Lee, D. H. Bae, S. L Yoo, J. Y. Chae, Y. Lee & H. G. Yang. (2011). Analysis of safety in secure keypads for smartphone. REVIEW of The Korea Institute of Information Security and Cryptology, 21(7), 30-37. DOI : KIISC.2011.21.7.30.
17 W. G. Pak, S. Yeo, Y. R. Cha. (2015). A Secure Virtual Keypad for Mobile devices. Proceeding of KOREA INFORMATION SCIENCE SOCIETY, 875-876.
18 H. J. Mun. (2017). Virtual Keypads based on Tetris with Resistance for Attack using Location Information. Journal of the Korea Convergence Society, 8(6), 37-44. DOI : 10.15207/JKCS.2017.8.6.037   DOI
19 H. J. Mun & K. H. Han. (2018). Tetris security keypads design with higher security using alignment and padding. International Journal of Engineering & Technology, 7(2.33), 11-14. DOI : 10.14419/ijet.v7i2.33.13838   DOI
20 H. J. Mun, S. Y. Kang & C. Shin. (2020). Implementation of Secure Keypads based on Tetris-Form Protection for Touch Position in the Fintech. Journal of Convergence for Information Technology, 10(8), 144-151. DOI: 10.22156/CS4SMB.2020.10.08.144   DOI
21 H. J. Kim, H. J. Seo, Y. C. Lee, T. H. Park & H.W. Kim. (2013). Implementation of virtual finace keypads with resistance for shoulder surfing attack. REVIEW The Korea Institute of Information Security and Cryptology(KIISC), 23(6), 21-29. DOI : KIISC.2013.23.6.21.
22 H. J. Seo & H. W. Kim. (2014). Secure Keypad with Encrypted Input Message. Journal of the Korea Institute of Information and Communication Engineering, 18(12), 2899-2910. DOI : 10.6109/jkiice.2014.18.12.2899   DOI