Tetris security keypads design with higher security using alignment and padding
-
2018-06-08 https://doi.org/10.14419/ijet.v7i2.33.13838 -
Virtual Keypads, Password, Secure Keypads, Tetris Form Keypads, Shoulder Surfing Attack, Password Guess Attack. -
Abstract
Background/Objectives: With the development of ICT, there has been a rapid increase of demand on convenient services for users to make financial transactions on smartphone. User authentication is made by inputting password on smartphone.
Methods/Statistical analysis: Banks or fintech service providers receive password using a security keypads, but attackers take a peep at passwords by various ways such as Google Glass or shoulder surfing attack. Because the locations of keypads are almost fixed and the size of keypads is almost the same, they are vulnerable to attacks using the touched location or shoulder surfing attacks.
Findings: To protect security and safety from various attacks such as the stealing of touched location using Google Glass, shoulder surfing attack, or malware, this study proposes to diversify the size of keypads, connect the keys as a Tetris game but randomly align them to left or right, and add paddings in-between the keypads so that it is difficult to infer a password by the information of touched location.
Improvements/Applications: Since a different letter is entered even if the same key is touched, it will be difficult for the attacker to infer the password through this proposed technique. It will be possible to block the attacker from peeping at a user’s touched location information or the shoulder surfing attack.
Â
Â
-
References
[1] AV-TEST | Antivirus & Security Software & AntiMalware Reviews. https://www.av-test.org/en/ Date accessed: 11/29/2017.
[2] Roland M, Langer J, Scharinger J, Practical Attack Scenarios on Secure Element-Enabled Mobile Devices, 4th International Workshop on Near Field Communication, 2012, pp. 19-24.
[3] Kim Y, Park Y J, Choi J, Yeon J, An Empirical Study on the Adoption of “Fintech†Service: Focused on Mobile Payment Services. Advanced Science and Technology Letters, 2015, 114(26), pp. 136-140.
[4] Kang B S, Lee K H, 2-Channel authentication technique using cardiac impulse based OTP. Journal of Computer Virology and Hacking Techniques, 2016, 12(3), pp. 163-167.
[5] Park J O, Jin B W, A study on authentication method for secure payment in Fintech environment. The Journal of the Institute of Internet, Broadcasting and Communication, 2015, 15(4), pp. 25-31.
[6] Kim D R, A Study on the OTP Generation Algorithm for User Authentication, Journal of the Korea Convergence Society, 2015, 13(1), pp. 283-288.
[7] Lee D H, Bae D H, Yoo S L, Chae J Y, Lee Y H, Yang H G, Analysis of safety in secure keypads for smartphone, REVIEW OF KIISC, 2011, 21(7), pp. 30-37. http://www.ndsl.kr/ndsl/search/detail/article/articleSearchResultDetail.do?cn=JAKO201111436232012 Date accessed: 11/29/2017.
[8] Pak W G, Yeo S K, Cha Y R, A Secure Virtual Keypad for Mobile devices, Proceeding of Korea Information Science Society, 2015, pp. 875-876. http://www.dbpia.co.kr/Journal/ArticleDetail/NODE06602558 Date accessed: 11/29/2017.
[9] Seo H J, Kim H W, Design of Security Keypad Against Key Stroke Inference Attack, Journal of the Korea Institute of Information Security & Cryptology, 2016, 26(1), pp. 41-47.
[10] Mun H-J, Virtual Keypads based on Tetris with Resistance for Attack using Location Information. Journal of the Korea Convergence Society, 2017, 8(6), pp. 37-44.
[11] Kim S H, Park M S, Kim S J, Shoulder Surfing Attack Modeling and Security Analysis on Commercial Keypad Schemes, Journal of the Korea Institute of Information Security & Cryptology, 2014, 24(6), pp. 1159-1174.
[12] Lee Y H, An Analysis on the Vulnerability of Secure Keypads for Mobile Devices, Journal of Korean Society for Internet Information, 2013, 14(3), pp. 15-21.
-
Downloads
-
How to Cite
Jin Mun, H., & Hee Han, K. (2018). Tetris security keypads design with higher security using alignment and padding. International Journal of Engineering & Technology, 7(2.33), 11-14. https://doi.org/10.14419/ijet.v7i2.33.13838Received date: 2018-06-07
Accepted date: 2018-06-07
Published date: 2018-06-08