• Title/Summary/Keyword: Shoulder-surfing Attack

Search Result 42, Processing Time 0.019 seconds

A Study of User Behavior Recognition-Based PIN Entry Using Machine Learning Technique (머신러닝을 이용한 사용자 행동 인식 기반의 PIN 입력 기법 연구)

  • Jung, Changhun;Dagvatur, Zayabaatar;Jang, RhongHo;Nyang, DaeHun;Lee, KyungHee
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.7 no.5
    • /
    • pp.127-136
    • /
    • 2018

  • In this paper, we propose a PIN entry method that combines with machine learning technique on smartphone. We use not only a PIN but also touch time intervals and locations as factors to identify whether the user is correct or not. In the user registration phase, a remote server was used to train/create a machine learning model using data that collected from end-user device (i.e. smartphone). In the user authentication phase, the pre-trained model and the saved PIN was used to decide the authentication success or failure. We examined that there is no big inconvenience to use this technique (FRR: 0%) and more secure than the previous PIN entry techniques (FAR : 0%), through usability and security experiments, as a result we could confirm that this technique can be used sufficiently. In addition, we examined that a security incident is unlikely to occur (FAR: 5%) even if the PIN is leaked through the shoulder surfing attack experiments.

  • https://doi.org/10.3745/KTCCS.2018.7.5.127 인용 PDF

The Secure Password Authentication Method based on Multiple Hash Values that can Grant Multi-Permission to a Single Account (단수 계정에 다중 권한 부여가 가능한 다중 해시값 기반의 안전한 패스워드 인증 기법 설계)

  • Hyung-Jin Mun
    • Journal of Industrial Convergence
    • /
    • v.21 no.9
    • /
    • pp.49-56
    • /
    • 2023

  • ID is used as identifying information and password as user authentication for ID-based authentication. In order to have a secure user authentication, the password is generated as a hash value on the client and sent to the server, where it is compared with the stored information and authentication is performed. However, if even one character is incorrect, the different hash value is generated, authentication will be failed and cannot be performed and various functions cannot be applied to the password. In this study, we generate several hash value including imaginary number of entered password and transmit to server and perform authentcation. we propose a technique can grants the right differentially to give various rights to the user who have many rights by one account. This can defend shoulder surfing attack by imaginary password and provide convenience to users who have various rights by granting right based on password.

  • https://doi.org/10.22678/JIC.2023.21.9.049 인용 PDF