Browse > Article
http://dx.doi.org/10.9717/kmms.2016.19.2.280

Layered Pattern Authentication Scheme on Smartphone Resistant to Social Engineering Attacks  

Tak, Dongkil (Dept. of Computer Engineering, Chosun University)
Choi, Dongmin (Div. of Undeclared Majors, Chosun University)
Publication Information
Journal of Korea Multimedia Society / v.19, no.2, 2016 , pp. 280-290 More about this Journal
Abstract
In this paper, we propose a layered pattern authentication scheme resistant to social engineering attacks. Existing android pattern lock scheme has some weak points for social engineering attacks. Thus, the proposed scheme improves the existing pattern lock scheme. In our scheme, pattern is recorded by touch screen, however, it is different with existing schemes because of the layered pattern. During the pattern registration process, users register their own pattern with many layers. Thus, registered pattern is 3D shape. When the smudge attack is occurring, the attacker can see the shape of user pattern through the smudge on smartphone screen. However, it is described on 2D surface, so acquired pattern is not fully determine to users original 3D shape. Therefore, our scheme is resistant to social engineering attack, especially smudge attack.
Keywords
Smudge Attack; Touch Screen; Layered Pattern;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 A.J. Aviv, K. Gibson, E. Mossop, M. Blaze, and J.M. Smith, "Smudge Attacks on Smartphone Touch Screens," Proceeding of USENIX Conference on Offensive Technologies, pp. 1-7, 2010.
2 T. Kim, S. Kim, E. Park, and J. Yi, "Minesweeper Game Based Password Authentication Scheme Resistant to Shoulder-Surfing Attack," Proceeding of the Fall Conference of the Korea Information Processing Society, Vol. 19, No. 1, pp. 654-657, 2012.
3 Oxford University Press, Shorter Oxford English Dictionary (6th ed.) , Oxford University Press, New York, 2007.
4 T. Takada, "FakePointer: An Authentication Scheme for Improving Security against Peeping Attacks Using Video Cameras," Proceeding of International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies, pp. 395-400, 2008.
5 D. Lee, Mobile Payment: Innovative Trends, Implications, Technical Report 7, Bank of Korea, 2013.
6 H. Kim, H. Seo, Y. Lee, T. Park, and H. Kim, “Implementation of Secure Virtual Financial Keypad for Shoulder Surfing Attack,” Korea Institute of Information Security and Cryptography, Vol. 23, No. 6, pp. 21-29, 2013.
7 J. Lee, T. Kim, G. Ma, H. Lee, and S. Kim, Method and Apparatus for Authenticating Password of User Device Using Variable Password, 10-1201934, Korea, 2012.
8 T. Kim, S. Kim, H. Yi, G. Ma, and J, Yi, "Mobile User Authentication Scheme Based on Minesweeper Game," Multimedia and Ubiquitous Engineering, Vol. 240, pp. 227-233, 2013.   DOI
9 J. Yi, T. Kim, G. Ma, H. Yi, and S. Kim, Method and Apparatus for Authenticating Password, US 13/623, 409, USA, 2012.
10 My Smartphone Does Not Lock Pattern too Lax?, http://www.bloter.net/archives/236809 (accessed Oct. 19, 2015.).
11 S. Park, A Method for Preventing Input Information from Exposing to Observer, 10-0743854, Korea, 2007.
12 T. Kim, S. Park, and M. Kang, “Advanced Password Input Method in Automated Teller Machines/Cash Dispenser,” The Korea Information Processing Society Transactions: PartC, Vol. 18-C, No. 2, pp. 71-78, 2011.
13 V. Roth, K. Richter, and R. Freidinger, "A PIN-entry Method Resilient against Shoulder Surfing," Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 236-245, 2004.
14 Volker Roth Project Pinentry, http://www.volkerroth.com/proj-pinentry.html, (accessed Oct., 19, 2015).
15 Passfaces Co., http://www.passfaces.com (accessed Oct., 15, 2015).
16 H. Ketabdar, K.A. Yuksel, A. Jahnbekam, M. Roshandel, and D. Skripko, "Magisign : Usser Identification/Authentication Based on 3D around Device Magnetic Signatures," Proceedings of the 4th International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies, pp. 31-34, 2010.
17 Raonsecure Co., http://www.raonsecure.com, (accessed Oct., 15, 2015).
18 D. Choi, C. Baek, and I. Chung, “Virtual Keyboard against Social Engineering Attacks in Smartphones,” Journal of Korea Multimedia Society, Vol. 18, No. 3, pp. 368-375, 2015.   DOI
19 Y. Lee, “An Analysis on the Vulnerability of Secure Keypads for Mobile Devices,” Journal of Korean Society for Internet Information, Vol. 14, No. 3, pp. 15-21, 2013.