• 한국멀티미디어학회논문지
• /
• 제25권7호
• /
• pp.932-944
• /
• 2022

Smartphones, are currently equipped with high-performance hardware to process large amounts of data and provide most of the functions provided by desktop PCs. In addition, the smartphones enable quick user authentication through biometric information collected from embedded sensors. However, the biometric authentication method is sometimes rejected due to social and cultural environment, security vulnerabilities, and misrecognition rate. Thus, conventional authentication methods such as PIN and pattern authentication are still mainly used. Consider the latest foldable and bendable smartphones. These devices may be vulnerable to social engineering attacks as they use conventional authentication methods without considering their form factors. In this study, therefore, we propose an authentication method using partial elements of PIN and pattern authentication as a way to increase the security of the conventional authentication methods and consider the recent form factors. According to the performance evaluation results, our method provides improved safety compared to the conventional methods.

• 대한인간공학회지
• /
• 제35권6호
• /
• pp.569-580
• /
• 2016

Objective: This study aims to identify the most effective keyboard layout in the area of performance for securing usability in a smart watch-using environment and to verify the usability of touch keyboard calibrated by hand. Background: It is necessary to understand the environmental characteristics in using the smart watch and to secure the usability of touch keyboard based on this understanding in order to take account of the users who use the touch screen in the extreme input conditions caused by the small screen of a smart watch. Method: 30 participants in this study were required to input characters using the QWERTY keyboard and 3x4 keypad (Naratgul, Chunjiin), which were familiar with them, in order to grasp the keyboard layout suitable in the smart watch- using environment; the performance (error rate, performance time) of this case was measured. In addition, 30 participants in this study were required to input the characters setting the QWERTY keyboard with calibrated touch area and the one with uncalibrated touch area, based on the characteristics of touch behavior, by finger typing the keyboard, with the performance (error rate and performance time) of this case measured. Results: QWERTY keyboard (93.3sec) is found to be 31.2% faster than Naratgul keyboard, a kind of 3x4 keypad, and 43.6% faster than Chunjiin keyboard, in the area of efficiency, in the results of the usability evaluation regarding the keyboard layout. QWERTY keyboard with calibrated touch area (7.5%) is found to be 23.5% improved compared to the QWERTY keyboard with uncalibrated touch area (9.8%) in the area of accuracy (error rate). The results of the usability evaluation regarding the QWERTY keyboard with touch area calibrated by finger typing the keyboard and QWERTY keyboard with calibrated touch area (80.7sec) is found to be 5.7% improved compared to QWERTY keyboard with uncalibrated touch area (85.6sec) in the area of efficiency (performance time). Conclusion: QWERTY keyboard is found to have an effective layout in the area of efficiency in the smart watch-using environment, and its improved usability is verified in the areas of accuracy and efficiency in the QWERTY keyboard with a touch area calibrated by finger typing the keyboard. Application: The results of this study may be used to set up the basic touch keyboard of the smart watch. The input usability is expected to secure the smart watch-using environment, which is an extreme input condition by applying QWERTY keyboard with touch area calibrated by finger typing the keyboard.

• 정보보호학회논문지
• /
• 제25권3호
• /
• pp.603-613
• /
• 2015

스마트폰 어플리케이션은 UI(User Interface)로 구성되어 있다. 버튼 클릭, 화면 스크롤 등 사용자가 어플리케이션을 사용하는 과정 중 많은 UI의 변화가 발생하면서 UI 이벤트가 시스템에 전송된다. 이러한 UI 이벤트에는 다양한 정보가 포함되어 있는데, 사용자 입력과 관련된 정보도 함께 포함되어 있다. 안드로이드 환경에서 키로깅 등 기존의 알려진 입력정보 획득 기법은 루팅과 같은 제한적인 환경을 필요로 했으나, UI 이벤트는 일반권한만으로도 접근이 가능하다는 장점이 있다. 또한, 입력정보 보호를 위해 많은 어플리케이션에서 보안키패드를 적용 중에 있으나, 이와는 관계없이 UI 이벤트를 활용한 기법을 통해 입력정보 획득이 가능하다는 것이 실험을 통해 조사되었다. 본 논문에서는 UI 이벤트를 활용한 사용자 입력정보 유출 위협을 증명하고, 이를 응용하여 시나리오를 기반으로 재생공격(Replay Attack)이 가능함을 보이면서 대응 방안을 제시하도록 한다.