• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.12
• /
• pp.525-532
• /
• 2013

Recently smartphones, tablet, etc. Various types of smart terminal is due to the increased security in mobile devices are becoming an issue. How to enter the password in this environment is a very important issue. Difficult to have a secure password input device on various types of mobile devices. In addition you enter on the touch screen the password of character, uncomfortable and it is vulnerable to SSA attack. Therefore, in this paper provide for defense the SSA(Shoulder Surfing Attacks) and useful password input mechanism is proposed with Smartphone GPS uses a value generated via a graphical password techniques.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.11
• /
• pp.1471-1477
• /
• 2019

Currently, there are various security methods in smart phone. Among them, pin number and pattern lock were used long as they were used from early smart phone. However, security is weak that much. The security of pin number is slightly high, but the security of conventional pattern lock remains moderate. However, the conventional pattern lock is still used by several people because of convenience. This is because some users' smart phones don't support biometric security. The most convenient security method for devices that don't support biometric security is pattern lock. However, this method is vulnerable to shoulder surfing attack and smudge attack. Therefore, we introduce random pattern lock that solves the vulnerability of the conventional pattern lock while maintaining the convenience of the pattern lock. This is a lock method that places each point placed on the screen in a circular shape and assigns a random number to it. Therefore, If this is introduced, It's expected to solve vulnerability.

• The KIPS Transactions:PartC
• /
• v.18C no.2
• /
• pp.71-78
• /
• 2011

Financial accidents such as password exposure of credit cards or bankbooks occur often when a password is inputted to ATM/CD(Automated Teller Machines and Cash Dispenser), so particular attention is required when inputting a password. This study suggested a method to input a password safely to prevent stealing a glance at a password in case of the use of ATM/CD. The method is that users input a password when numbers are randomly displayed and disappear not to notice the password even though someone is next to or behind the users. As methods to input a password safely, the study verified safety by dividing the methods into a test of shoulder surfing, an intuitive perspective, and a theoretical analysis. In addition, the result of implementation to apply the method to ATM/CD shows that a percentage of acquiring a password from the attack of shoulder surfing is found to be lower than an existing method, so password exposure can be prevented.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.2
• /
• pp.23-35
• /
• 2015

When people stands near someone's mobile device, it can easily be seen by others. To rephrase this, attackers use human psychology to earn personal information or credit information or other. People are exposed by social engineering attacks. It is certain that we need more than just recommendation for the security to avoid social engineering attacks. This is why I proposed this paper. In this paper, I proposed an authentication technique using NFC and Hash function to stand against social engineering attack. Proposed technique result is showing that it could prevent shoulder surfing, touch event information, spyware attack using screen capture and smudge attack which relies on detecting the oily smudges left behind by user's fingers. Besides smart phone, IPad, Galaxy tab, Galaxy note and more mobile devices has released and releasing. And also, these mobile devices usage rate is increasing widely. We need to attend these matters and study in depth.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.9
• /
• pp.1152-1159
• /
• 2019

The Nintendo Switch(NSW), which appeared as an 8th generation console, has succeeded worldwide as a hybrid gaming console. The NSW has E-shop itself, users can sign in to their account and purchase games. The keypad built in the NSW is similar to QWERTY keyboard. In the password input field the input information is hidden, but it's possible to get the value entered from the keypad with shoulder surfing attack. Because of the NSW with many party or family games, there is a high probability that someone else is watching the screen nearby, which acts as a vulnerability in account security. Thus we designed the new keypad which improve from this issue. In this paper, we check the problem about the keypad which built in the NSW, we present the proposed keypad and the compared to the built in keypad by showing the test result of unspecified individuals use.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.5
• /
• pp.622-629
• /
• 2019

VR(Virtual Reality), which provides realistic services in virtual reality, provides a similar experience using a Head Mounted Display(HMD) device. When the HMD device is worn, it can not recognize the surrounding environment and it is easy to analyze the input pattern of the user with the Shoulder Surfing Attack(SSA) when entering the Personal Identification Number(PIN). In this paper, we propose a method to safeguard the user's password even if the hacker analyzes the input pattern while maintaining the user's convenience. For the first time, we implemented a new type of virtual keypad that deviates from the existing rectangle shape according to the VR characteristics and implemented the lock object for intuitive interaction with the user. In addition, a smart glove using the same sensor as the existing input devices of the VR and a PIN input method suitable for the rotary type are implemented and the safety of the SSA is verified through experiments.

• Journal of Practical Engineering Education
• /
• v.15 no.3
• /
• pp.641-647
• /
• 2023

In the fintech environment, ensuring secure financial transactions with smartphones requires authenticating the device owner. Smartphone authentication techniques encompass a variety of approaches, such as passwords, biometrics, SMS authentication, and more. Among these, password-based authentication is commonly used and highly convenient for user authentication. Although it is a simple authentication mechanism, it is susceptible to eavesdropping and keylogging attacks, alongside other threats. Security keypads have been proposed to address vulnerabilities in password input on smartphones. One such innovation is a group keypad, resistant to attacks that guess characters based on touch location. However, improvements are needed for user convenience. In this study, we aim to propose a method that enhances convenience while being resistant to eavesdropping and recording attacks on the existing group keypad. The proposed method uses new signs to allow users to verify instead of the last character confirmation easily and employs dragging-to-touch for blocking recording attacks. We suggest diverse positioning methods tailored for domestic users, improving efficiency and security in password input compared to existing methods.

• Journal of Korea Multimedia Society
• /
• v.18 no.1
• /
• pp.71-80
• /
• 2015

Many researches have been studied to overcome the weak points in authentication schemes of mobile devices such as pattern-authentication that is vulnerable for smudge-attack. Since random-pattern-lock authenticates users by drawing figure of predefined-shape, it can be a method for robust security. However, the authentication performance of random-pattern-lock is influenced by input noise and individual characteristics sign pattern. We introduce an optimization method of user input direction to increase the authentication accuracy of random-pattern-lock. The method uses the likelihood of each direction given an data which is angles of line drawing by user. We adjusted recognition range for each direction and achieved the authentication rate of 95.60%.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.9
• /
• pp.65-71
• /
• 2017

This paper proposes a smart phone authentication method based on user's behavior and habit that is an authentication method against shoulder surfing attack and brute force attack. As smart phones evolve not only storage of personal data but also a key means of financial services, the importance of personal information security in smart phones is growing. When user authentication of smart phone, pattern authentication method is simple to use and memorize, but it is prone to leak and vulnerable to attack. Using the features of the smart phone pattern method of the user, the pressure applied when touching the touch pad with the finger, the size of the area touching the finger, and the time of completing the pattern are used as feature vectors and applied to user authentication security. First, a smart phone user models and stores three parameter values as prototypes for each section of the pattern. Then, when a new authentication request is made, the feature vector of the input pattern is obtained and compared with the stored model to decide whether to approve the access to the smart phone. The experimental results confirm that the proposed technique shows a robust authentication security using subjective data of smart phone user based on habits and behaviors.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.175-188
• /
• 2009

Besides the passwords have low complexity, they can easily be revealed by the shoulder-surfing attack when they are inputted through the input devices such like keyboard. To overcome these problems, many new authentication schemes, which change the user secret different form or let users input their secrets through the more complex manners, have been suggested, but it is still hard to find the balanced point between usability and security. In this paper, we introduce a new authentication scheme that use the traditional alpha-numeric password as user secret based on operation of them on matrix. We show the security strength of our proposal through the analyses in the various aspects and confirm the difficulty that users feel from our proposal through the user study.