Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

Implement pattern lock security enhancement using thread to measure input time

입력시간을 측정하는 쓰레드를 활용한 패턴 잠금 보안 강화 구현

  • An, Kyuhwang (Department of Information System Engineering, Han-Sung University) ;
  • Kwon, Hyeokdong (Department of Information System Engineering, Han-Sung University) ;
  • Kim, Kyungho (Department of Information System Engineering, Han-Sung University) ;
  • Seo, Hwajeong (Department of Information System Engineering, Han-Sung University)
  • Received : 2019.01.26
  • Accepted : 2019.02.22
  • Published : 2019.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

The pattern locking technique applied to smart phones is a locking technique that many people use conveniently. However, the safety of pattern locking techniques is very low compared with other techniques. The pattern locking technique is vulnerable to a shoulder surfing attack, which is based on the user's input and can be interpreted by looking at the movement of the shoulder, and the smudge attack is also vulnerable due to fingerprint drag marks remaining on the mobile phone pad. Therefore, in this paper, we want to add a new security method to check the pressed time by using a thread in the pattern locking scheme to secure the vulnerability. It is divided into short, middle, and long click according to the pressing time at each point. When dragging using the technique, security performance enhances $3^n$ tiems. Therefore, even if dragging in the same 'ㄱ' manner, it becomes a completely different pattern depending on the pressing time at each point.

스마트폰에 적용된 패턴 잠금 기법 같은 경우 많은 사람들이 편리하게 사용하는 잠금 기법이다. 그러나 많은 사람들이 사용하는데 비해 패턴 잠금 기법에 대한 안전성은 정말 낮다. 패턴 잠금 기법은 사용자가 입력하는 드래그 방식을 어깨의 움직임을 보고 유추할 수 있는 shoulder surfing attack에 취약하며, 핸드폰 패드에 남아있는 지문 드래그 자국에 의해 smudge attack 또한 취약하다. 따라서 본 논문에서는 해당 취약점을 보안하기 위해 패턴 잠금 기법에 쓰레드를 활용하여 눌리는 시간을 체크하는 새로운 보안 방식을 추가하고자 한다. 각 점에서의 누른 시간에 따라 short, middle, long click으로 나누어지고, 그 방법을 사용하여 드래그하면 보안 성능이 $3^n$배 향상된다. 따라서 같은 'ㄱ' 방식으로 드래그 하더라도 각 점마다 누르는 시간에 따라 완전히 다른 패턴이 된다.

Keywords

HOJBC0_2019_v23n4_470_f0001.png 이미지

Fig. 1 Left) before put the pattern, Right) recognized pattern

HOJBC0_2019_v23n4_470_f0002.png 이미지

Fig. 2 Suggested solution

HOJBC0_2019_v23n4_470_f0003.png 이미지

Fig. 3 The processes without or with threads

HOJBC0_2019_v23n4_470_f0004.png 이미지

Fig. 4 Pseudo code that shows how to check the pressing time using thread

HOJBC0_2019_v23n4_470_f0005.png 이미지

Fig. 5 Comparing default pattern lock with suggest system

HOJBC0_2019_v23n4_470_f0006.png 이미지

Fig. 6 The absolute positions of each buttons

HOJBC0_2019_v23n4_470_f0007.png 이미지

Fig. 7 The convenience and security

Table. 1 The information of experiment environment

HOJBC0_2019_v23n4_470_t0001.png 이미지

Table. 2 Number of cases for get the secret pattern

HOJBC0_2019_v23n4_470_t0002.png 이미지

References

  1. UCSIS. Shoulder Surfing attack in graphical password authentication [Internet]. Available: https://arxiv.org/ftp/arxiv/papers/0912/0912.0951.pdf.
  2. A. J. Aviv, K. L. Gibson, E. Mossop, and J. M. Smith, "Smudge Attacks on Smart phone Touch Screens," Woot, 10: 1-7, 2010.
  3. C. Dongmin, "Application Adaptive Pattern-based Authentication Method for Smartphones," Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology vol. 8, no. 2, pp. 59-67, February 2018.
  4. T. Kwon, and S. Na, "TinyLock: Affordable defense against smudge attacks on smartphone pattern lock systems," Computers & Security, 42, pp. 137-150, 2014. https://doi.org/10.1016/j.cose.2013.12.001
  5. Youtube. The video of how it works [Internet]. Available: https://youtu.be/OEOkHHQPTgA.
  6. Github. The open source of press time pattern lock PIN [Internet]. Available: https://github.com/kyu-h/PressTime_PatternLock_PIN.
  7. A. Karawash. Brute Force Attack [Internet]. Available: https://www.researchgate.net/profile/Ahmad_Karawash/publication/299645572_Data_protection_and_Brute_Force_attack/links/5703c19e08aeade57a25ae7b/Data-protection-and-Brute-Force-attack.pdf.
  8. H. J. Seo, and H. W. Kim, "Secure Keypad with Encrypted Input Message," Journal of the Korea Institute of Information and Communication Engineering, vol. 18, no. 12, pp. 2899-2910, Dec. 2014. https://doi.org/10.6109/jkiice.2014.18.12.2899

Cited by

  1. 원형 스마트폰 잠금 패턴 방식 제안 vol.23, pp.11, 2019, https://doi.org/10.6109/jkiice.2019.23.11.1471