• Journal of Korea Multimedia Society
• /
• v.17 no.10
• /
• pp.1198-1204
• /
• 2014

Most of vaccine type security solutions detect intrusion of computer virus or malicious code. However, they almost don't have functionalities of the information leakage detection. In particular, information leakage through keylogging attact cannot be detected. In this paper, we design and implement a solution to detect the leakage of information through keylogging attact. Proposed solution detects the user-specified information in real time. To detect the leakage of user-specified information, the solution extracts the payload field from each outbound packet and compares with user-specified information. We design the solution to reduce the effect on the packet transmission delay time due to packet monitoring operation. And we design a simple user interface. By proposed solution, user can response to intrusion or information leakage immediately because he or she can perceives a leakage of information in real time.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.04a
• /
• pp.774-777
• /
• 2010

키로깅(Keylogging) 방지를 위한 입력방식은 무작위로 배열된 숫자나 문자를 마우스로 선택하는 가상 키보드가 주로 사용되고 있다. 그런데 무작위로 배열된 숫자나 문자는 순차적인 배열에 비해 가시성이 떨어지므로 사용자의 입력시간이 지연되어 사용하기 불편하다는 단점이 있다. 이에 본 논문에서는 숫자나 문자를 순차적으로 배열하여 사용자가 쉽게 인식할 수 있는 시각적 추상화 방법을 기반으로 하는 회전형 가상키보드 시스템(Rotary-type Virtual Keyboard System; R-VKS)을 제안한다. 제안하는 R-VKS는 기술적 측면에서 키로깅이나 마우스 커서 위치추적 등의 악성코드로부터 안전한 특성을 갖고, 공간 지각적 측면에서 사용자의 가시성을 높여 입력시간을 단축하는 효과가 있다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.1080-1083
• /
• 2012

최근 많은 스마트 디바이스의 보급으로 언제 어디서든지 모바일 네트워크를 통해 인터넷을 사용할 수 있게 되었으며, 단말이 가지는 자원 및 컴퓨팅 파워의 한계에 따라 모바일 클라우드 서비스에 대한 관심이 폭발적으로 증가하고 있다. 하지만 모바일 클라우드 서비스는 그 환경에 따라 사용자 단말에서 나타나는 보안위협과 클라우드 환경에서의 보안위협이 복합적으로 나타나게 된다. 모바일 클라우드 환경에서의 보안위협 중 사용자 단말 영역에서의 키로깅 공격으로부터 사용자 입력정보를 보호하기 위한 기존의 가상키보드를 비교 분석하였다. 본 논문에서는 기존에 사용되고 있는 가상키보드의 확률적 분석을 통한 키 유추 가능성을 보완하기 위해 보안성이 강화된 새로운 형태의 가상키보드를 제안한다.

• The Journal of the Korea Contents Association
• /
• v.17 no.7
• /
• pp.571-578
• /
• 2017

In order to approach information system through smart device and pc, user has to authenticate him or herself via user authentication. At that time when user tries reaching the system, well-used user authentication technologies are ID/PW base, OTP, certificate, security card, fingerprint, etc. The ID/PWbased method is familiar to users, however, it is vulnerable to brute force cracking, keylogging, dictionary attack. so as to protect these attacks, user has to change the passwords periodically as per password combination instructions. In this paper, we designed and implemented a user authentication system using smartphone's USIM without using password while enhancing security than existing ID / PW based authentication technology.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.603-613
• /
• 2015

Smart-phone Applications are consists of UI(User Interface). During using applications, UI events such as button click and scroll down are transmitted to Smart-phone system with many changes of UI. In these UI events, various information including user-input data are also involved. While Keylogging, which is a well-known user-input data acquisition technique, is needed a restrictive condition like rooting to obtain the user-input data in android environment, UI events have advantage which can be easily accessible to user-input data on user privileges. Although security solutions based keypad in several applications are applied, we demonstrate that these were exposed to vulnerability of application security and could be obtained user-input data using UI events regardless of presence of any security system. In this paper, we show the security threats related information disclosure using UI events and suggest the alternative countermeasures by showing the replay-attack example based scenarios.

• Journal of Practical Engineering Education
• /
• v.15 no.3
• /
• pp.641-647
• /
• 2023

In the fintech environment, ensuring secure financial transactions with smartphones requires authenticating the device owner. Smartphone authentication techniques encompass a variety of approaches, such as passwords, biometrics, SMS authentication, and more. Among these, password-based authentication is commonly used and highly convenient for user authentication. Although it is a simple authentication mechanism, it is susceptible to eavesdropping and keylogging attacks, alongside other threats. Security keypads have been proposed to address vulnerabilities in password input on smartphones. One such innovation is a group keypad, resistant to attacks that guess characters based on touch location. However, improvements are needed for user convenience. In this study, we aim to propose a method that enhances convenience while being resistant to eavesdropping and recording attacks on the existing group keypad. The proposed method uses new signs to allow users to verify instead of the last character confirmation easily and employs dragging-to-touch for blocking recording attacks. We suggest diverse positioning methods tailored for domestic users, improving efficiency and security in password input compared to existing methods.