Journal of the Korea Convergence Society (한국융합학회논문지)

Korea Convergence Society (한국융합학회)
권호 표지
DOI QR코드

DOI QR Code

Virtual Keypads based on Tetris with Resistance for Attack using Location Information

위치정보로 비밀정보를 유추할 수 있는 공격에 내성이 있는 테트리스 형태 기반의 보안 키패드

  • Mun, Hyung-Jin (Dept. of Information & Communication Engineering, Sungkyul University)
  • 문형진 (성결대학교 정보통신공학부)
  • Published : 2017.06.28
Download PDF
⟨ Previous Next ⟩

Abstract

Mobile devices provide various services through payment and authentication by inputting important information such as passwords on the screen with the virtual keypads. In order to infer the password inputted by the user, the attacker captures the user's touch location information. The attacker is able to infer the password by using the location information or to obtain password information by peeping with Google Glass or Shoulder Surfing Attack. As existing secure keypads place the same letters in a set order except for few keys, considering handy input, they are vulnerable to attacks from Google Glass and Shoulder Surfing Attack. Secure keypads are able to improve security by rearranging various shapes and locations. In this paper, we propose secure keypads that generates 13 different shapes and sizes of Tetris and arranges keypads to be attached one another. Since the keypad arranges different shapes and sizes like the game, Tetris, for the virtual keypad to be different, it is difficult to infer the inputted password because of changes in size even though the attacker knows the touch location information.

모바일 단말기는 터치 스크린 상의 가상 키패드로 비밀번호와 같은 중요 정보를 입력하여 결제 및 인증을 통해 다양한 서비스를 제공한다. 사용자가 모바일 단말기로 입력한 비밀번호를 유추하기 위해 공격자는 사용자의 터치 위치정보를 탈취한다. 구글 글래스를 이용한 훔쳐보기나 어깨너머 공격으로부터 터치된 비밀번호 정보를 알아내거나 탈취된 위치정보를 이용하여 터치한 비밀번호를 유추할 수 있다. 이는 기존 보안 키패드는 손쉬운 입력을 위해 일부 키를 제외하고 거의 정해진 순서대로 같은 크기의 키패드로 같은 문자를 배치하기 때문에 구글 글래스나 어깨너머 공격 등에 취약하다. 보안 키패드를 다양한 모양과 위치를 재배치하므로 보안성을 높일 수 있다. 본 논문은 13가지의 테트리스의 다양한 형태와 크기를 생성하고, 키패드를 이어 붙여서 배치하는 보안 키패드를 제안한다. 보안 키패드는 다양한 모양과 크기를 테트리스 게임처럼 배열하므로 가상 키패드를 다양하게 만들어 공격자가 터치한 위치정보가 알더라도 키패드의 크기를 달라 입력된 비밀정보를 유추하기가 어렵다.

Keywords

References

  1. E. J. Choi, W. C. Jung, S. Y. Kim,"Attacks and Defenses for Vulnerability of Cross Site Scripting," Journal of digital Convergence, Vol. 13, No. 2, pp. 177-183, 2015. https://doi.org/10.14400/JDC.2015.13.2.177
  2. H. J. Mun, G.H, Choi, Y.C. Hwang, "Countermeasure to Underlying Security Threats in IoT communication," Journal of IT Convergence Society for SMB, Vol. 6, No. 2, pp. 37-44, 2016.
  3. S. H. Hong, "XSS Attack and Countermeasure: Survey," Journal of digital Convergence, Vol. 11, No. 7, pp. 327-332, 2013.
  4. K. H. Choi, K. Y. Chung, D. K. Shin, "A Study of Prevention Model the Spread of Phishing Attack for Protection the Medical Information", Journal of digital Convergence, Vol. 11, No. 3, pp. 273-277, 2016. https://doi.org/10.14400/JDPM.2013.11.3.273
  5. B. S. Yu, S. H. Yun, "The Design and Implementation of Messenger Authentication Protocol to Prevent Smartphone Phishing," Journal of the Korea Convergence Society, Vol. 2, No. 4, pp. 9-14, 2011.
  6. S. H. Hong,"Cognitive Approach to Anti-Phishing and Anti-Pharming : Survey", Journal of IT Convergence Society for SMB, Vol. 3, No. 2, pp. 33-39, 2013.
  7. S. D. Yoo, J.G. Kim, "How to improve carrier (telecommunications) billing services to prevent damage", Journal of digital Convergence, Vol. 11, No. 10, pp. 217-224, 2013. https://doi.org/10.14400/JDPM.2013.11.10.217
  8. J. H. Kim, J. Y. Go, K. H. Lee, "A Scheme of Social Engineering Attacks and Countermeasures Using Big Data based Conversion Voice Phishing," Journal of the Korea Convergence Society, Vol. 6. No. 1, pp. 85-91, 2015. https://doi.org/10.15207/JKCS.2015.6.1.085
  9. H. J. Seo, H. W. Kim, "Secure Keypad with Encrypted Input Message," Journal of the Korea Institute of Information and Communication Engineering, Vol. 18, No. 12, pp. 2899-2910, 2014. https://doi.org/10.6109/jkiice.2014.18.12.2899
  10. S. Y. Jun, I. J Jeong, "LTE Spectrum Policy: Focused on the OECD 12 Countries," Journal of digital Convergence, Vol. 12, No. 8, pp. 1-18, 2014. https://doi.org/10.14400/JDC.2014.12.8.1
  11. J. S. Han, "Security Threats in the Mobile Cloud Service Environment," Journal of digital Convergence, Vol. 12, No. 5, pp. 263-269, 2014. https://doi.org/10.14400/JDC.2014.12.5.263
  12. D. R. Kim, K. H. Han, "A Study on Multi-Media Contents Security using Smart Phone," Journal of digital Convergence, Vol. 11, No. 11, pp. 675-682, 2013. https://doi.org/10.14400/JDPM.2013.11.11.675
  13. S. W. Choi, Y. J. Shin, "Economy Effects of IT Industry on Financial and Insurance Services", Journal of digital Convergence, Vol. 13, No. 1, pp. 191-203, 2015. https://doi.org/10.14400/JDC.2015.13.1.191
  14. D. R. Kim, "A Study on the OTP Generation Algorithm for User Authentication," Journal of the Korea Convergence Society, Vol. 13, No. 1, pp. 283-288, 2015.
  15. S. H. Hong, "New Authentication Methods based on Users Behavior Big Data Analysis on Cloud," Journal of IT Convergence Society for SMB, Vol. 6, No. 4, pp. 31-36, 2016.
  16. H. J. Moon, M. H. Lee, K. H. Jeong, "Authentication Performance Optimization for Smart-phone based Multimodal Biometrics," Journal of digital Convergence, Vol. 13, No. 6, pp. 151-156, 2015. https://doi.org/10.14400/JDC.2015.13.6.151
  17. C. Shuang, S. J. Lee, K. R. Lee, "A Study on Chinese User Resistance of Mobile Banking," Journal of digital Convergence, Vol. 12, No. 1, pp. 105-111, 2014. https://doi.org/10.14400/JDPM.2014.12.1.105
  18. D. R. Kim, "Secure One-Time Password Authentication in Mobile Environments," Journal of digital Convergence, Vol. 11, No. 12, pp. 423-430, 2013. https://doi.org/10.14400/JDPM.2013.11.12.423
  19. S. H. Lee, D. W. Lee, "FinTech-Conversions of Finance Industry based on ICT," Journal of the Korea Convergence Society, Vol. 6, No. 3, pp. 97-102, 2015. https://doi.org/10.15207/JKCS.2015.6.3.097
  20. J. M. Ryu, Y. M. Seo, H. J. Cho, "A Study on Business Model of Fintech - Focus on the Business model canvas-," Journal of digital Convergence, Vol. 14, No. 3, pp. 171-179, 2016. https://doi.org/10.14400/JDC.2016.14.3.171
  21. Y. M. Kang, Y. G. Lee, H. J. Kwon, K. S. Han, H. S. Chung, "A Study on the Information Security System of Fin-Tech Business," Journal of IT Convergence Society for SMB, Vol. 6, No. 2, pp. 19-24, 2016. https://doi.org/10.22156/CS4SMB.2016.6.2.019
  22. Q. Yue, Z. Ling, X. Fu, B. Liu, W. Yu, and W. Zhao, "My google glass sees your passwords!." Proceedings of the Black Hat USA, 2014.
  23. H.J. Seo, H. W. Kim, "Design of Security Keypad Against Key Stroke Inference Attack," Journal of the Korea Institute of Information Security & Cryptology, Vol. 26, No. 1, pp. 41-47, 2016. https://doi.org/10.13089/JKIISC.2016.26.1.41
  24. S. H. Kim, M. S. Park, S. J. Kim, "Shoulder Surfing Attack Modeling and Security Analysis on Commercial Keypad Schemes," Journal of the Korea Institute of Information Security & Cryptology, Vol. 24, No. 6, pp. 1159-1174, 2014. https://doi.org/10.13089/JKIISC.2014.24.6.1159
  25. Y. H. Lee, "An Analysis on the Vulnerability of Secure Keypads for Mobile Devices," Journal of Korean Society for Internet Information, Vol. 14, No. 3, pp. 15-21, 2013.
  26. D.H. Lee, D.H. Bae, S.L. Yoo, J. Y. Chae, Y.H. Lee, H.G. Yang, "Analysis of safety in secure keypads for smartphone," REVIEW OF KIISC, Vol. 21, No. 7, pp. 30-37, 2011.
  27. W.G. Pak, S.K Yeo, Y.R. Cha, "A Secure Virtual Keypad for Mobile devices," Proceeding of KOREA INFORMATION SCIENCE SOCIETY, pp. 875-876, 2015.
  28. H. J. Kim, H. J. Seo, Y. C. Lee, T. H. Park, H.W. Kim, "Implementation of virtual finace keypads with resistance for shoulder surfing attack," REVIEW OF KIISC, Vol. 23, No. 6, pp. 21-29, 2013.