• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.545-558
• /
• 2020

The gaze-based input provides feedback to confirm that the typing is correct when the user types the text. Many studies have already demonstrated that feedback can increase the usability of gaze-based inputs. However, because the information of the typed text is revealed through feedback, it can be a target for shoulder-surfing attacks. Appropriate feedback needs to be used to improve security without compromising the usability of the gaze-based input using the original feedback. In this paper, we propose a new gaze-based input method, FFI(Fake Flickering Interface), to resist shoulder-surfing attacks. Through experiments and questionnaires, we evaluated the usability and security of the FFI compared to the gaze-based input using the original feedback.

• Journal of the Korea Convergence Society
• /
• v.8 no.6
• /
• pp.37-44
• /
• 2017

Mobile devices provide various services through payment and authentication by inputting important information such as passwords on the screen with the virtual keypads. In order to infer the password inputted by the user, the attacker captures the user's touch location information. The attacker is able to infer the password by using the location information or to obtain password information by peeping with Google Glass or Shoulder Surfing Attack. As existing secure keypads place the same letters in a set order except for few keys, considering handy input, they are vulnerable to attacks from Google Glass and Shoulder Surfing Attack. Secure keypads are able to improve security by rearranging various shapes and locations. In this paper, we propose secure keypads that generates 13 different shapes and sizes of Tetris and arranges keypads to be attached one another. Since the keypad arranges different shapes and sizes like the game, Tetris, for the virtual keypad to be different, it is difficult to infer the inputted password because of changes in size even though the attacker knows the touch location information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.77-84
• /
• 2011

While The passwords that combined with characters and numbers are easy to memorize and use, they have low complexity. Therefore they can easily be revealed by the shoulder-surfing attack when they are inputted through the input devices such like keyboard. To overcome these problems, many new authentication schemes, which change the user secret different form or let users input their secrets through the more complex manners, have been suggested, but it is still hard to find the balanced point between usability and security. S3PAS is one of well-known schemes which had both usability and security against shoulder-surfing attack. However, this scheme was not considered about intersection attack that the attacker tried to pass the authentication system after observing several authentication sessions. In this paper, we consider the security problem of S3PAS; what the attacker can do when he can observe the authentication sessions in several times. We confirm it through user study and experiments. And also we consider the alternative that overcomes the problem.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.175-188
• /
• 2009

Besides the passwords have low complexity, they can easily be revealed by the shoulder-surfing attack when they are inputted through the input devices such like keyboard. To overcome these problems, many new authentication schemes, which change the user secret different form or let users input their secrets through the more complex manners, have been suggested, but it is still hard to find the balanced point between usability and security. In this paper, we introduce a new authentication scheme that use the traditional alpha-numeric password as user secret based on operation of them on matrix. We show the security strength of our proposal through the analyses in the various aspects and confirm the difficulty that users feel from our proposal through the user study.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.383-395
• /
• 2017

Brainwave-based user authentication technology has advantages such as changeability, shoulder-surfing resistance, and etc. comparing with conventional biometric authentications, fingerprint recognition for instance which are widely used for smart phone and finance user authentication. Despite these advantages, brainwave-based authentication technology has not been used in practice because of the price for EEG (electroencephalography) collecting devices and inconvenience to use those devices. However, according to the development of simple and convenient EEG collecting devices which are portable and communicative by the recent advances in hardware technology, relevant researches have been actively performed. However, according to the experiment based on EEG samples collected by using a single-channel EEG measurement device which is the most simplified one, the authentication accuracy decreases as the number of channels to measure and collect EEG decreases. Therefore, in this paper, we analyze technical problems that need to be solved for practical use of brainwave-based use authentication and propose an incremental elimination method of collected EEG samples for each user to consist a set of EEG samples which are effective to authentication users.