Journal of Convergence for Information Technology (융합정보논문지)

Convergence Society for SMB (중소기업융합학회)
권호 표지
DOI QR코드

DOI QR Code

Implementation of Secure Keypads based on Tetris-Form Protection for Touch Position in the Fintech

핀테크에서 터치 위치 차단을 위한 테트리스 모양의 보안 키패드의 구현

  • Mun, Hyung-Jin (Dept. of Information & Communication Engineering, Sungkyul University) ;
  • Kang, Sin-Young (Dept. of Computer Software, Hoseo University) ;
  • Shin, ChwaCheol (Dept. of Innovation & Convergence, Hoseo University)
  • 문형진 (성결대학교 정보통신공학부) ;
  • 강신영 (호서대학교 컴퓨터소프트웨어학과) ;
  • 신좌철 (호서대학교 혁신융합학부)
  • Received : 2020.07.16
  • Accepted : 2020.08.20
  • Published : 2020.08.28
Download PDF
⟨ Previous Next ⟩

Abstract

User-authentication process is necessary in Fintech Service. Especially, authentication on smartphones are carried out through PIN which is inputted through virtual keypads on touch screen. Attacker can analogize password by watching touched letter and position over the shoulder or using high definition cameras. To prevent password spill, various research of virtual keypad techniques are ongoing. It is hard to design secure keypad which assures safety by fluctuative keypad and enhance convenience at once. Also, to reconfirm user whether password is wrongly pressed, the inputted information is shown on screen. This makes the password easily exposed through high definition cameras or Google Class during recording. This research analyzed QWERTY based secure keypad's merits and demerits. And through these features, creating Tetris shaped keypad and piece them together on Android environment, and showing inputted words as Tetris shape to users through smart-screen is suggested for the ways to prevent password spill by recording.

핀테크 서비스에서 금융거래시 사용자 인증하는 절차는 필수적이다. 특히, 스마트 폰에서의 인증은 터치 스크린상의 가상 키패드를 통해 PIN을 입력받아 수행한다. 공격자가 PIN 입력 과정을 어깨너머로 훔쳐보기로 터치한 문자와 터치위치를 활용하여 패스워드를 유추하거나 높은 해상도 카메라 등으로 녹화하여 터치한 문자를 알아내어 패스워드를 유출할 수 있다. 패스워드 유출을 차단하기 위해 다양한 기법의 가상 키패드에 대한 연구가 진행되고 있다. 한편 편리성을 높이는 동시에 변동적인 키패드로 안전성이 보장되는 보안 키패드를 설계하는 것은 쉽지 않다. 또한 사용자가 터치한 패스워드가 잘못되었는지 확인을 위해 사용자에게 입력된 정보를 보여주기 때문에 고해상도 카메라 및 구글 글래스 등으로 녹화시 패스워드가 쉽게 노출된다. 본 논문에서는 QWERTY기반 보안 키패드에 대한 장단점을 분석하였다. 이를 통해 테트리스 모양의 키패드를 생성하고, 이어 붙이는 보안 키패드를 안드로이드 환경에서 구현하고, 입력된 문자를 스마트 화면에 테트리스 모양으로 사용자에게 보여줌으로서 녹화로 인한 패스워드 노출을 차단할 수 있다.

Keywords

References

  1. C. Nayak, M. Parhi & S. Ghosal.(2014). Robust virtual keyboard for online banking. International Journal of Computer Applications, 107(21), 36-38. DOI : 10.5120/19142-0530
  2. K. H. Choi, K. Y. Chung & D. K. Shin (2016). A Study of Prevention Model the Spread of Phishing Attack for Protection the Medical Information. Journal of digital Convergence, 11(3), 273-277. DOI : 10.14400/JDPM.2013.11.3.273
  3. B. S. Yu & S. H. Yun. (2011). The Design and Implementation of Messenger Authentication Protocol to Prevent Smartphone Phishing. Journal of the Korea Convergence Society, 2(4), 9-14. DOI : 10.15207/JKCS.2011.2.4.009
  4. H. J. Seo & H. W. Kim. (2014). Secure Keypad with Encrypted Input Message. Journal of the Korea Institute of Information and Communication Engineering, 18(12), 2899-2910. DOI : 10.6109/jkiice.2014.18.12.2899
  5. S. H. Kim, M. S. Park & S. J. Kim. (2014). Shoulder Surfing Attack Modeling and Security Analysis on Commercial Keypad Schemes. Journal of the Korea Institute of Information Security & Cryptology, 24(6), 1159-1174. DOI : 10.13089/JKIISC.2014.24.6.1159
  6. D. R. Kim & K. H. Han. (2013). A Study on Multi-Media Contents Security using Smart Phone. Journal of digital Convergence, 11(11), 675-682. DOI : 10.14400/JDPM.2013.11.11.675
  7. S. W. Choi & Y. J. Shin. (2015). Economy Effects of IT Industry on Financial and Insurance Services. Journal of digital Convergence, 13(1), 191-203. DOI : 10.14400/JDC.2015.13.1.191
  8. D. R. Kim. (2015). A Study on the OTP Generation Algorithm for User Authentication. Journal of the Korea Convergence Society, 13(1), 283-288.
  9. C. J. Chae, H. J. Cho & H.M. Jung. (2018). Authentication Method using Multiple Biometric Information in FIDO Environment. Journal of Digital Convergence, 16(1), 159-164. DOI : 10.14400/JDC.2018.16.1.159
  10. S. H. Lee & D. W. Lee.(2015). FinTech-Conversions of Finance Industry based on ICT. Journal of the Korea Convergence Society, 6(3), 97-102. DOI : 10.15207/JKCS.2015.6.3.097
  11. S. H. Hong, S. H. Park & Noe Lopez-Benitez (2017). Trends and Implications of Mobile and Online FinTech. International Journal of Emerging Multidisciplinary Research, 1(1), 43-47. DOI : 10.22662/IJEMR.2017.1.1.043.
  12. Q. Yue, Z. Ling, X. Fu, B. Liu, W. Yu & W. Zhao. (2014). My google glass sees your passwords!. Proceedings of the Black Hat USA, https://www.blackhat.com/docs/us-14/materials/us-14-Fu-My-Google-Glass-Sees-Your-Passwords.pdf
  13. H. J. Seo & H. W. Kim. (2016). Design of Security Keypad Against Key Stroke Inference Attack. Journal of the Korea Institute of Information Security & Cryptology, 26(1), 41-47. DOI : 10.13089/JKIISC.2016.26.1.41
  14. Y. H. Lee. (2013). An Analysis on the Vulnerability of Secure Keypads for Mobile Devices. The Journal of Internet Computing and Services, 14(3), 15-21. DOI : 10.7472/jksii.2013.14.3.15
  15. J. S. Song, M. W. Chung, S. H. Seo & S. H. Lee. (2015). Security vulnerability analysis of Simple Mobile Payments Services. The Korea Information Processing Society Fall Conference, 22(2), 817-820.
  16. Y. H. Lee. (2013). An Analysis on the Vulnerability of Secure Keypads for Mobile Devices. Journal of Korean Society for Internet Information, 14(3), 15-21.
  17. H. J. Mun. (2017). Virtual Keypads based on Tetris with Resistance for Attack using Location Information. Journal of the Korea Convergence Society, 8(6), 37-44. DOI : 10.15207/JKCS.2017.8.6.037
  18. D. H. Lee, D. H. Bae, S. L Yoo, J. Y. Chae, Y. Lee & H. G. Yang. (2011). Analysis of safety in secure keypads for smartphone. REVIEW of The Korea Institute of Information Security and Cryptology, 21(7), 30-37. DOI : KIISC.2011.21.7.30.
  19. W.G. Pak, S. Yeo & Y.R. Cha. (2015). A Secure Virtual Keypad for Mobile devices. Proceeding of KOREA INFORMATION SCIENCE SOCIETY, 875-876.
  20. D. Tak & D. Choi. (2016). Password Guessing Attack Resistant Circular Keypad for Smart Devices. Journal of Korea Multimedia Society, 19(8), 1395-1403. DOI : 10.9717/kmms.2016.19.8.1395
  21. J. Song, M. Jung, J. Choi & S. Seo. (2018). Proposal and Implementation of Security Keypad with Dual Touch. KIPS Transactions on Computer and Communication Systems, 7(3), 73-80. DOI : 10.3745/KTCCS.2018.7.3.73
  22. H. J. Kim, H. J. Seo, Y. C. Lee, T. H. Park & H.W. Kim(2013). Implementation of virtual finace keypads with resistance for shoulder surfing attack. REVIEW The Korea Institute of Information Security and Cryptology(KIISC), 23(6), 21-29. DOI : KIISC.2013.23.6.21.
  23. K. An, H. Kwon, Y. Kwon & H. Seo.(2019). Security Implementation using Flexible Keypad. Journal of the Korea Institute of Information and Communication Engineering, 23(5), 613-621. DOI : 10.6109/JKIICE.2019.23.5.613
  24. H. J. Mun & K. H. Han. (2018). Tetris security keypads design with higher security using alignment and padding. International Journal of Engineering & Technology, 7(2.33), 11-14. DOI : 10.14419/ijet.v7i2.33.13838
  25. Y. M. Kang, Y. G. Lee, H. J. Kwon, K. S. Han & H. S. Chung. (2016). A Study on the Information Security System of Fin-Tech Business. Journal of IT Convergence Society for SMB, 6(2), 19-24. https://doi.org/10.22156/CS4SMB.2016.6.2.019