• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.3
• /
• pp.73-80
• /
• 2018

Due to the popularity of smartphones and the simplification of financial services, the number of mobile financial services is increasing. However, the security keypads developed for existing financial services are susceptible to probability analysis attacks and have security vulnerabilities. In this paper, we propose and implement a security keypad based on dual touch. Prior to the proposal, we examined the existing types of security keypads used in the mobile banking and mobile payment systems of Korean mobile financial businesses and analyzed the vulnerabilities. In addition, we compared the security of the proposed dual touch keypad as well as existing keypads using the authentication framework and the existing keypad attack types (Brute Force Attack, Smudge Attack, Key Logging Attack, and Shoulder Surfing Attack, Joseph Bonneau). Based on the results, we can confirm that the proposed security keypad with dual touch presented in this paper shows a high level of security. The security keypad with dual touch can provide more secure financial services, and it can be applied to other mobile services to enhance their security.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.9
• /
• pp.1152-1159
• /
• 2019

The Nintendo Switch(NSW), which appeared as an 8th generation console, has succeeded worldwide as a hybrid gaming console. The NSW has E-shop itself, users can sign in to their account and purchase games. The keypad built in the NSW is similar to QWERTY keyboard. In the password input field the input information is hidden, but it's possible to get the value entered from the keypad with shoulder surfing attack. Because of the NSW with many party or family games, there is a high probability that someone else is watching the screen nearby, which acts as a vulnerability in account security. Thus we designed the new keypad which improve from this issue. In this paper, we check the problem about the keypad which built in the NSW, we present the proposed keypad and the compared to the built in keypad by showing the test result of unspecified individuals use.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.731-742
• /
• 2017

For all the various cryptographic techniques related to security, social technological attacks such as a shoulder surfing are infeasible to block off completely. Especially, the attacks are executed against financial facilities such as automated teller machine(ATM) which are located in public areas. Furthermore, online financial services whose rate of task management is consistently increasing are vulnerable to a shoulder surfing, smudge attacks, and key stroke inference attacks with google glass behind the convenience of ubiquitous business transactions. In this paper, we show that the security of ATM and internet banking can be reinforced against a shoulder surfing by using One-Time Keypad(OTK) and compare the security of OTK with those of ordinary keypad and One-Time Password(OTP).

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.2
• /
• pp.107-120
• /
• 2014

In this paper, we suggest a soft keyboard, called easy keypad, that we use only for login information input in smart devices. Especially, as easy keypad is applied to MTS(Mobile Trading System) we suggest easy keypad in MTS. Easy keypad UI in MTS represents 20 letters and users input login information by using 20 letters. We suggest protocol which decides letters represented in easy keypad UI, which is code for users to input login information by using 20 letters. We analyze easy keypad's safe degree for soft keyboard security threat, especially when it comes to point hacking, we suggest comparison among original soft keyboard's safe degree. Also we suggest mathematical fomula for measuring soft keyboard's convenience and then we analyze the result of soft keyboard's convenience by the presented mathematical formula.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.41-47
• /
• 2016

In Black hat USA 2014, a hacking method to infer the password entry of smartphone or smartpad with google glass in distance is presented. In this paper, we design the secure keypad to protect the key stroke inference attacks with google glass which has unique layout ensuring same input entry but different input value.

• Journal of Korea Multimedia Society
• /
• v.19 no.8
• /
• pp.1395-1403
• /
• 2016

In recent years, researches of security threats reported that various types of social engineering attack were frequently observed. In this paper, we propose secure keypad scheme for mobile devices. In our scheme, every edge of keypad is linked each other, and it looks like a sphere. With this keypad, users input their password using pre-selected grid pointer. Because of circulation of the keypad layout, even though the attacker snatch the user password typing motion through the human eyes or motion capture devices, attacker do not estimate the original password. Moreover, without the information of grid pointer position, the attacker do not acquire original password. Therefore, our scheme is resistant to password guessing attack.

• Journal of Industrial Convergence
• /
• v.22 no.2
• /
• pp.63-71
• /
• 2024

Conventional methods like PIN used in conventional smartphone form factor have not considered the variation in display structure or screen size. As a result, when applied to recent variable display-based smartphones, the secret information input unit may get reduced or enlarged, leading to vulnerabilities for social engineering attacks due to deformation of the display area. This study proposes a secure keypad that responds to changes in display size in rollable and bendable smart phones. Firstly, the security problems that may arise when applying classical authentication methods to new form factors were analyzed, and corresponding security requirements were derived. The proposed security keypad addresses the key input error problem that can occur when the screen size is small. The arrangement and size of keys can be deformed with the spacing suitable for input depending on the display size of rollable and bendable smartphones. The study also considered the problem of leaking input information for social engineering attacks by irregularly distributing key input coordinates. The proposed method provides better user experience and security than existing methods and can be used in smartphones of various sizes and shapes.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.5
• /
• pp.613-621
• /
• 2019

In the case of door locks most widely used in the market, the most used area as a one-dimensional problem is worn out, and a worn area which does not use a special attack method enables password guessing. To solve this problem, various methods such as a keypad for randomly displaying numbers are introduced, but this is also not completely safe. The common feature of all the solutions so far is that the keypad area is fixed. In this paper, we consider that point in reverse and create a new area smaller than the entire area in the entire area of the keypad, making the keypad of the new area move randomly, thereby preventing the password from being deduced. When using this technique, a new type of keypad is proposed for the first time because of the impossibility of a shoulder surfing attack even though the number of keypad is left as it is.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.12
• /
• pp.2899-2910
• /
• 2014

In this paper, we present method that verifies the validity of inputted message rather than showing last character on virtual keyboard. This encrypts password and valid input only can receive right feedback. This is implemented on Android phone and tested. This shows higher security than former method by 68.23% and accuracy shows 100%. This secure keypad is practical and secure so this can replace current input keypad without difficulty.

• Journal of Korea Multimedia Society
• /
• v.23 no.6
• /
• pp.738-746
• /
• 2020

In this paper, we propose an indirect PIN entry method that provides enhanced security against smudge, recording, and thermal attacks. Conventional mobile PIN entry methods use on-screen numeric keypad for both use of display and entry. Thus These methods are vulnerable to aforementioned attacks. In our method, passcode is same as that of the conventional PIN entry methods, and that is user-friendly way for mobile device users. Therefore, our method does not reduce user convenience which is one of the advantages of the conventional methods. In addition, our method is not a method of directly touching the on-screen numeric keypad for entering passcode like the conventional PIN methods. Unlike the conventional methods, our method uses an indirect passcode entry method that applied a passcode indicating key. According to the performance comparison result, proposed method provides user convenience similar to the conventional methods, and also provides a higher level of security and safety against recording, smudge, and thermal attacks than the conventional methods.