• Journal of the Korea Convergence Society
• /
• v.8 no.6
• /
• pp.37-44
• /
• 2017

Mobile devices provide various services through payment and authentication by inputting important information such as passwords on the screen with the virtual keypads. In order to infer the password inputted by the user, the attacker captures the user's touch location information. The attacker is able to infer the password by using the location information or to obtain password information by peeping with Google Glass or Shoulder Surfing Attack. As existing secure keypads place the same letters in a set order except for few keys, considering handy input, they are vulnerable to attacks from Google Glass and Shoulder Surfing Attack. Secure keypads are able to improve security by rearranging various shapes and locations. In this paper, we propose secure keypads that generates 13 different shapes and sizes of Tetris and arranges keypads to be attached one another. Since the keypad arranges different shapes and sizes like the game, Tetris, for the virtual keypad to be different, it is difficult to infer the inputted password because of changes in size even though the attacker knows the touch location information.

• Journal of Korea Multimedia Society
• /
• v.25 no.7
• /
• pp.932-944
• /
• 2022

Smartphones, are currently equipped with high-performance hardware to process large amounts of data and provide most of the functions provided by desktop PCs. In addition, the smartphones enable quick user authentication through biometric information collected from embedded sensors. However, the biometric authentication method is sometimes rejected due to social and cultural environment, security vulnerabilities, and misrecognition rate. Thus, conventional authentication methods such as PIN and pattern authentication are still mainly used. Consider the latest foldable and bendable smartphones. These devices may be vulnerable to social engineering attacks as they use conventional authentication methods without considering their form factors. In this study, therefore, we propose an authentication method using partial elements of PIN and pattern authentication as a way to increase the security of the conventional authentication methods and consider the recent form factors. According to the performance evaluation results, our method provides improved safety compared to the conventional methods.

• Journal of the Ergonomics Society of Korea
• /
• v.35 no.6
• /
• pp.569-580
• /
• 2016

Objective: This study aims to identify the most effective keyboard layout in the area of performance for securing usability in a smart watch-using environment and to verify the usability of touch keyboard calibrated by hand. Background: It is necessary to understand the environmental characteristics in using the smart watch and to secure the usability of touch keyboard based on this understanding in order to take account of the users who use the touch screen in the extreme input conditions caused by the small screen of a smart watch. Method: 30 participants in this study were required to input characters using the QWERTY keyboard and 3x4 keypad (Naratgul, Chunjiin), which were familiar with them, in order to grasp the keyboard layout suitable in the smart watch- using environment; the performance (error rate, performance time) of this case was measured. In addition, 30 participants in this study were required to input the characters setting the QWERTY keyboard with calibrated touch area and the one with uncalibrated touch area, based on the characteristics of touch behavior, by finger typing the keyboard, with the performance (error rate and performance time) of this case measured. Results: QWERTY keyboard (93.3sec) is found to be 31.2% faster than Naratgul keyboard, a kind of 3x4 keypad, and 43.6% faster than Chunjiin keyboard, in the area of efficiency, in the results of the usability evaluation regarding the keyboard layout. QWERTY keyboard with calibrated touch area (7.5%) is found to be 23.5% improved compared to the QWERTY keyboard with uncalibrated touch area (9.8%) in the area of accuracy (error rate). The results of the usability evaluation regarding the QWERTY keyboard with touch area calibrated by finger typing the keyboard and QWERTY keyboard with calibrated touch area (80.7sec) is found to be 5.7% improved compared to QWERTY keyboard with uncalibrated touch area (85.6sec) in the area of efficiency (performance time). Conclusion: QWERTY keyboard is found to have an effective layout in the area of efficiency in the smart watch-using environment, and its improved usability is verified in the areas of accuracy and efficiency in the QWERTY keyboard with a touch area calibrated by finger typing the keyboard. Application: The results of this study may be used to set up the basic touch keyboard of the smart watch. The input usability is expected to secure the smart watch-using environment, which is an extreme input condition by applying QWERTY keyboard with touch area calibrated by finger typing the keyboard.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.603-613
• /
• 2015

Smart-phone Applications are consists of UI(User Interface). During using applications, UI events such as button click and scroll down are transmitted to Smart-phone system with many changes of UI. In these UI events, various information including user-input data are also involved. While Keylogging, which is a well-known user-input data acquisition technique, is needed a restrictive condition like rooting to obtain the user-input data in android environment, UI events have advantage which can be easily accessible to user-input data on user privileges. Although security solutions based keypad in several applications are applied, we demonstrate that these were exposed to vulnerability of application security and could be obtained user-input data using UI events regardless of presence of any security system. In this paper, we show the security threats related information disclosure using UI events and suggest the alternative countermeasures by showing the replay-attack example based scenarios.