• Review of KIISC
• /
• v.24 no.3
• /
• pp.36-43
• /
• 2014

스마트폰의 보급률이 높아지고 많은 업무가 PC에서 스마트폰으로 옮겨 가면서 개인신상정보, 금융 정보와 같은 중요한 정보들도 함께 옮겨가고 있다. 최근에 이러한 중요한 정보들을 보호하기 위한 스마트폰 보안이 다양하게 연구되고 있다. 스마트폰의 휴대성 덕분에 사용자는 언제, 어디서나 다양한 업무를 수행할 수 있지만, 공격자도 마찬가지로 사용자에게 더욱 접근하기가 쉬워졌으며 스마트폰 사용자는 PC 환경보다 더욱 다양한 취약점에 처하게 되었다. 이러한 다양한 취약점 때문에 스마트폰을 겨냥한 다양한 종류의 공격 방법들이 생겨나고 있다. 본 논문에서는 스마트폰 보안 위협으로써 네트워크, 악성코드, 훔쳐보기 공격 등의 위협이 개인정보 유출이나 금전적 손실과 같은 직접적인 피해로 이루어지기 쉬우므로 해당 위협들에 대해 설명하고, 해당 위협을 완화하거나 회피할 수 있는 사용자 중심적인 최신 기술 동향을 소개한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2016.07a
• /
• pp.223-224
• /
• 2016

본 논문에서는 번호키 방식의 보안이 강화된 스마트폰 연동 도어락 시스템을 제안한다. 도어락 시스템은 Google OTP를 이용하여 매번 다르게 생성된 번호를 입력함으로써 훔쳐보기, 스머지 등의 공격으로부터 안전할 수 있다. 또한 사용자 편의를 위하여 NFC 접촉을 통하여 OTP 어플리케이션을 실행하도록 한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2010.11a
• /
• pp.95-96
• /
• 2010

• The KIPS Transactions:PartC
• /
• v.18C no.2
• /
• pp.71-78
• /
• 2011

Financial accidents such as password exposure of credit cards or bankbooks occur often when a password is inputted to ATM/CD(Automated Teller Machines and Cash Dispenser), so particular attention is required when inputting a password. This study suggested a method to input a password safely to prevent stealing a glance at a password in case of the use of ATM/CD. The method is that users input a password when numbers are randomly displayed and disappear not to notice the password even though someone is next to or behind the users. As methods to input a password safely, the study verified safety by dividing the methods into a test of shoulder surfing, an intuitive perspective, and a theoretical analysis. In addition, the result of implementation to apply the method to ATM/CD shows that a percentage of acquiring a password from the attack of shoulder surfing is found to be lower than an existing method, so password exposure can be prevented.

• The KIPS Transactions:PartD
• /
• v.17D no.2
• /
• pp.167-174
• /
• 2010

When entering the PIN(personal identification number), the greatest security threat is shoulder surfing attack. Shoulder surfing attack is watching the PIN being entered from over the shoulder to obtain the number, and it is the most common and at the same time the most powerful security threat of stealing the PIN. In this paper, a psychology based PINpad technology referred to as DAS(Dynamic Authentication System) that safeguards from shoulder surfing attack was proposed. Also, safety of the proposed DAS from shoulder surfing attack was tested and verified through intuitive viewpoint, shoulder surfing test, and theoretical analysis. Then, a PINpad with an internal DAS that was certified for its safety from shoulder surfing attack was designed and produced. Because the designed PINpad significantly decreases the chances for shoulder surfing attackers being able to steal the PIN when compared to the ordinary PINpad, it was determined to be suitable for use at ATM(automated teller machine)s operated by banks and therefore has been introduced and is being used by many financial institutions.

• Journal of Korea Society of Industrial Information Systems
• /
• v.22 no.6
• /
• pp.17-22
• /
• 2017

In this paper, a password recognition system that can overcome a shoulder-surfing attack is developed. During the time period of password insertion, the developed system can prevent the attack and enhance the safety of the password. In order to raise the detection rate of the password image, the mopology technique is utilized. By adapting 4 times of the expansion and dilation, the niose from the binary image of the password is removed. Finally, the mobile phone application is also developed to recognize the one time password and the detection rate is measured. It is shown that the detection rate of 90% is achieved under the dark light condition.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.9
• /
• pp.1152-1159
• /
• 2019

The Nintendo Switch(NSW), which appeared as an 8th generation console, has succeeded worldwide as a hybrid gaming console. The NSW has E-shop itself, users can sign in to their account and purchase games. The keypad built in the NSW is similar to QWERTY keyboard. In the password input field the input information is hidden, but it's possible to get the value entered from the keypad with shoulder surfing attack. Because of the NSW with many party or family games, there is a high probability that someone else is watching the screen nearby, which acts as a vulnerability in account security. Thus we designed the new keypad which improve from this issue. In this paper, we check the problem about the keypad which built in the NSW, we present the proposed keypad and the compared to the built in keypad by showing the test result of unspecified individuals use.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.12
• /
• pp.525-532
• /
• 2013

Recently smartphones, tablet, etc. Various types of smart terminal is due to the increased security in mobile devices are becoming an issue. How to enter the password in this environment is a very important issue. Difficult to have a secure password input device on various types of mobile devices. In addition you enter on the touch screen the password of character, uncomfortable and it is vulnerable to SSA attack. Therefore, in this paper provide for defense the SSA(Shoulder Surfing Attacks) and useful password input mechanism is proposed with Smartphone GPS uses a value generated via a graphical password techniques.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.10a
• /
• pp.331-332
• /
• 2022

The previously used locking device is a PIN method and has a problem in that the password is exposed by malicious users. In other words, if attackers looks at lock passwords from the side, correct passwords are known. In this paper, we aim to solve these security problems in lock devices resistant to shoulder surfing attacks. The proposed encryption approach is designed so that attackers cannot know lock passwords. To this end, we use a hidden password method instead of directly entering a PIN-type password to prevent the correct password from being exposed to an attacker even if someone steals the lock password.

• Journal of Convergence for Information Technology
• /
• v.12 no.3
• /
• pp.38-45
• /
• 2022

Due to the development of fintech technology, financial transactions using smart phones are being activated. The password for user authentication during financial transactions is entered through the virtual keypad displayed on the screen of the smart phone. When the password is entered, the attacker can find out the password by capturing it with a high-resolution camera or spying over the shoulder. A virtual keypad with security applied to prevent such an attack is difficult to input on a small touch-screen, and there is still a vulnerability in peeping attacks. In this paper, the entire keypad is divided into several groups and displayed on a small screen, touching the group to which the character to be input belongs, and then touching the corresponding character within the group. The proposed method selects the group to which the character to be input belongs, and displays the keypad in the group on a small screen with no more than 10 keypads, so that the size of the keypad can be enlarged more than twice compared to the existing method, and the location is randomly placed, hence location of the touch attacks can be blocked.