• Title/Summary/Keyword: Security Keypads

Search Result 12, Processing Time 0.021 seconds

An Analysis on the Vulnerability of Secure Keypads for Mobile Devices (모바일 기기를 위한 보안 키패드의 취약점 분석)

  • Lee, Yunho
    • Journal of Internet Computing and Services
    • /
    • v.14 no.3
    • /
    • pp.15-21
    • /
    • 2013
  • Due to the widespread propagation of mobile platforms such as smartphones and tablets, financial and e-commercial transactions based on these mobile platforms are growing rapidly. Unlike PCs, almost all mobile platforms do not provide physical keyboards or mice but provide virtual keypads using touchscreens. For this reason, an attacker attempts to obtain the coordinates of touches on the virtual keypad in order to get actual key values. To tackle this vulnerability, financial applications for mobile platforms use secure keypads, which change position of each key displayed on the virtual keypad. However, these secure keypads cannot protect users' private information more securely than the virtual keypads because each key has only 2 or 3 positions and moreover its probability distribution is not uniform. In this paper, we analyze secure keypads used by the most financial mobile applications, point out the limitation of the previous research, and then propose a more general and accurate attack method on the secure keypads.

Virtual Keypads based on Tetris with Resistance for Attack using Location Information (위치정보로 비밀정보를 유추할 수 있는 공격에 내성이 있는 테트리스 형태 기반의 보안 키패드)

  • Mun, Hyung-Jin
    • Journal of the Korea Convergence Society
    • /
    • v.8 no.6
    • /
    • pp.37-44
    • /
    • 2017
  • Mobile devices provide various services through payment and authentication by inputting important information such as passwords on the screen with the virtual keypads. In order to infer the password inputted by the user, the attacker captures the user's touch location information. The attacker is able to infer the password by using the location information or to obtain password information by peeping with Google Glass or Shoulder Surfing Attack. As existing secure keypads place the same letters in a set order except for few keys, considering handy input, they are vulnerable to attacks from Google Glass and Shoulder Surfing Attack. Secure keypads are able to improve security by rearranging various shapes and locations. In this paper, we propose secure keypads that generates 13 different shapes and sizes of Tetris and arranges keypads to be attached one another. Since the keypad arranges different shapes and sizes like the game, Tetris, for the virtual keypad to be different, it is difficult to infer the inputted password because of changes in size even though the attacker knows the touch location information.

Proposal and Implementation of Security Keypad with Dual Touch (이중 터치를 이용한 보안 키패드 제안 및 구현)

  • Song, Jinseok;Jung, Myung-Woo;Choi, Jung-In;Seo, Seung-Hyun
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.7 no.3
    • /
    • pp.73-80
    • /
    • 2018
  • Due to the popularity of smartphones and the simplification of financial services, the number of mobile financial services is increasing. However, the security keypads developed for existing financial services are susceptible to probability analysis attacks and have security vulnerabilities. In this paper, we propose and implement a security keypad based on dual touch. Prior to the proposal, we examined the existing types of security keypads used in the mobile banking and mobile payment systems of Korean mobile financial businesses and analyzed the vulnerabilities. In addition, we compared the security of the proposed dual touch keypad as well as existing keypads using the authentication framework and the existing keypad attack types (Brute Force Attack, Smudge Attack, Key Logging Attack, and Shoulder Surfing Attack, Joseph Bonneau). Based on the results, we can confirm that the proposed security keypad with dual touch presented in this paper shows a high level of security. The security keypad with dual touch can provide more secure financial services, and it can be applied to other mobile services to enhance their security.

1.5-factor Authentication Method using Secure Keypads and Biometric Authentication in the Fintech (핀테크 환경에서 보안 키패드와 생체인증을 이용한 1.5-factor 인증 기법)

  • Mun, Hyung-Jin
    • Journal of Industrial Convergence
    • /
    • v.20 no.11
    • /
    • pp.191-196
    • /
    • 2022
  • In the fintech field, financial transactions with smart phones are actively conducted. User authentication technology is essential for safe financial transactions. PIN authentication through the existing security keypads is convenient to input but has weaknesses in security and others. The biometric authentication technique is secure, but there is a possibility of false positive and false negative authentication. To compensate for this, two-factor authentication is used. In this paper, we propose the 1.5-factor authentication that can increase convenience and security through PIN input with biometric authentication. It provides the stability of fingerprint authentication and convenience of two or three PIN inputs, and this makes safe financial transaction possible. Since biometric authentication is performed at the same time when entering PIN, while security is required by applying fingerprint authentication to the area touched while entering PIN. The User authentication is performed while ensuring convenience to input through additional PIN input in situations where high safety is required, and Safe financial transactions are possible.

A Study on the Vulnerability of Security Keypads in Android Mobile Using Accessibility Features (안드로이드 접근성(Accessibility) 기능을 이용한 보안키패드의 취약점 공격 및 대응 방안)

  • Lee, Jung-Woong;Kim, In-Seok
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.1
    • /
    • pp.177-185
    • /
    • 2016
  • As the fintech industry is growing at an incredible rate, mobile phones are positioned as the most important tool for financial transaction. However, with a rising number of malware applications, the types of attack and illegal access to mobile device are becoming more diverse and sophisticated. This paper studies the potential keylogger attack by exploiting the Accessibility Service in Android framework. This type of attack allows the malicious individual to use keylogger on the victim's Android mobile phone to steal passwords during mobile financial transaction regardless of security keypad setting. Lastly the paper proposes solutions to counter these types of attack by verifying the accessibility usage and amending the application guideline for accessibility.

Design of an Enhanced Group Keypad to Prevent Shoulder-Surfing Attacks and Enable User Convenience (어깨 너머 공격을 차단하고 사용 편의성이 가능한 개선된 그룹 키패드 설계)

  • Hyung-Jin Mun
    • Journal of Practical Engineering Education
    • /
    • v.15 no.3
    • /
    • pp.641-647
    • /
    • 2023
  • In the fintech environment, ensuring secure financial transactions with smartphones requires authenticating the device owner. Smartphone authentication techniques encompass a variety of approaches, such as passwords, biometrics, SMS authentication, and more. Among these, password-based authentication is commonly used and highly convenient for user authentication. Although it is a simple authentication mechanism, it is susceptible to eavesdropping and keylogging attacks, alongside other threats. Security keypads have been proposed to address vulnerabilities in password input on smartphones. One such innovation is a group keypad, resistant to attacks that guess characters based on touch location. However, improvements are needed for user convenience. In this study, we aim to propose a method that enhances convenience while being resistant to eavesdropping and recording attacks on the existing group keypad. The proposed method uses new signs to allow users to verify instead of the last character confirmation easily and employs dragging-to-touch for blocking recording attacks. We suggest diverse positioning methods tailored for domestic users, improving efficiency and security in password input compared to existing methods.

Implementation of Secure Keypads based on Tetris-Form Protection for Touch Position in the Fintech (핀테크에서 터치 위치 차단을 위한 테트리스 모양의 보안 키패드의 구현)

  • Mun, Hyung-Jin;Kang, Sin-Young;Shin, ChwaCheol
    • Journal of Convergence for Information Technology
    • /
    • v.10 no.8
    • /
    • pp.144-151
    • /
    • 2020
  • User-authentication process is necessary in Fintech Service. Especially, authentication on smartphones are carried out through PIN which is inputted through virtual keypads on touch screen. Attacker can analogize password by watching touched letter and position over the shoulder or using high definition cameras. To prevent password spill, various research of virtual keypad techniques are ongoing. It is hard to design secure keypad which assures safety by fluctuative keypad and enhance convenience at once. Also, to reconfirm user whether password is wrongly pressed, the inputted information is shown on screen. This makes the password easily exposed through high definition cameras or Google Class during recording. This research analyzed QWERTY based secure keypad's merits and demerits. And through these features, creating Tetris shaped keypad and piece them together on Android environment, and showing inputted words as Tetris shape to users through smart-screen is suggested for the ways to prevent password spill by recording.

Design for Position Protection Secure Keypads based on Double-Touch using Grouping in the Fintech (핀테크 환경에서 그룹핑을 이용한 이중 터치 기반의 위치 차단이 가능한 보안 키패드 설계)

  • Mun, Hyung-Jin
    • Journal of Convergence for Information Technology
    • /
    • v.12 no.3
    • /
    • pp.38-45
    • /
    • 2022
  • Due to the development of fintech technology, financial transactions using smart phones are being activated. The password for user authentication during financial transactions is entered through the virtual keypad displayed on the screen of the smart phone. When the password is entered, the attacker can find out the password by capturing it with a high-resolution camera or spying over the shoulder. A virtual keypad with security applied to prevent such an attack is difficult to input on a small touch-screen, and there is still a vulnerability in peeping attacks. In this paper, the entire keypad is divided into several groups and displayed on a small screen, touching the group to which the character to be input belongs, and then touching the corresponding character within the group. The proposed method selects the group to which the character to be input belongs, and displays the keypad in the group on a small screen with no more than 10 keypads, so that the size of the keypad can be enlarged more than twice compared to the existing method, and the location is randomly placed, hence location of the touch attacks can be blocked.

Design of a Secure Keypads to prevent Smudge Attack using Fingerprint Erasing in Mobile Devices (모바일 단말기에서 지문 지우기를 활용한 스머지 공격 방지를 위한 보안 키패드 설계)

  • Hyung-Jin, Mun
    • Journal of Industrial Convergence
    • /
    • v.21 no.2
    • /
    • pp.117-123
    • /
    • 2023
  • In the fintech environment, Smart phones are mainly used for various service. User authentication technology is required to use safe services. Authentication is performed by transmitting authentication information to the server when the PIN or password is entered and touch the button completing authentication. But A post-attack is possible because the smudge which is the trace of using screen remains instead of recording attack with a camera or SSA(Shoulder Surfing Attack). To prevent smudge attacks, users must erase their fingerprints after authentication. In this study, we proposed a technique to determine whether to erase fingerprints. The proposed method performed erasing fingerprint which is the trace of touching after entering PIN and designed the security keypads that processes instead of entering completion button automatically when determined whether the fingerprint has been erased or not. This method suggests action that must erase the fingerprint when entering password. By this method, A user must erase the fingerprint to complete service request and can block smudge attack.

A Study on the attack technique using android UI events (안드로이드 UI 이벤트를 이용한 공격 기법 연구)

  • Yoon, Seok-Eon;Kim, Min-Sung;Lee, Sang-jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.3
    • /
    • pp.603-613
    • /
    • 2015
  • Smart-phone Applications are consists of UI(User Interface). During using applications, UI events such as button click and scroll down are transmitted to Smart-phone system with many changes of UI. In these UI events, various information including user-input data are also involved. While Keylogging, which is a well-known user-input data acquisition technique, is needed a restrictive condition like rooting to obtain the user-input data in android environment, UI events have advantage which can be easily accessible to user-input data on user privileges. Although security solutions based keypad in several applications are applied, we demonstrate that these were exposed to vulnerability of application security and could be obtained user-input data using UI events regardless of presence of any security system. In this paper, we show the security threats related information disclosure using UI events and suggest the alternative countermeasures by showing the replay-attack example based scenarios.