Secure Keypad against Password Guessing Attacks with Accelerometer and Gyroscope Sensors (가속도 센서와 방향 센서를 이용한 패스워드 추측 공격에 대응하는 보안 키패드)

Iksu Kim (김익수); Choi, Jong Myung (최종명)

Secure Keypad against Password Guessing Attacks with Accelerometer and Gyroscope Sensors

Journal of Knowledge Information Technology and Systems
Abbr : JKITS
2014, 9(4), pp.483-491
Publisher : Korea Knowledge Information Technology Society
Research Area : Interdisciplinary Studies > Interdisciplinary Research
Published : August 31, 2014

Iksu Kim ¹, Choi, Jong Myung ²

¹숭실대학교
²목포대학교

Accredited

ABSTRACT

According to recent studies, data generated from smartphone’s built-in accelerometer and gyroscope sensors can be used to infer users’ passwords. Currently, the secure keypad which is being used in smartphone apps is vulnerable to password attacks using sensor data. In this paper, we propose a secure keypad against password guessing attacks with accelerometer and gyroscope sensors. In the keypad, the rows of keys on the proposed keypad is randomly changed whenever a user inputs a letter of the password. Accordingly, it is very difficult to find out the user’ password using accelerometer and gyroscope sensor data. Moreover, the proposed keypad uses fake key buttons to further reduce the success rate of the attack. Users do not have to memorize fake keys. Users only need to touch the fake keys on the proposed keypad when they input their passwords. Because attackers cannot distinguish fake keys from touched keys, they cannot find out users’ passwords with accelerometer and gyroscope sensors. Therefore users can safely use a variety of internet services.

KEYWORDS

Secure keypads, Password guessing attacks, Randomized keypads, Smartphones, Accelerometer sensors, Gyroscope sensors

Citation status

* References for papers published after 2023 are currently being built.

[web] / The power of smart phones / http://www.etoday.co.kr/news/section/newsview.php?idxno=777734

[confproc] E. Owusu / 2012 / ACCessory: Password inference using accelerometers on smartphones / Proceedings of the 12th Workshop on Mobile Computing Systems & Applications

[confproc] L. Cai / 2011 / TouchLogger: Inferring keystrokes on touch screen from smartphone motion / Proceedings of the 6th USENIX conference on Hot topics in security

[confproc] Z. Xu / 2012 / TapLogger:Inferring user inputs on smartphone touchscreens using on-board motion sensors / Proceedings of the 5th ACM conference on Security and Privacy in Wireless and Mobile Networks : 113~124

[confproc] E. Miluzzo / 2012 / TapPrints: Your finger taps have fingerprints / Proceedings of the 10th international conference on Mobile systems, applications, and services : 323~336

[confproc] A. J. Aviv / 2012 / Practicality of accelerometer side channels on smartphones / Proceedings of the 28th Annual Computer Security Applications Conference : 41~50

[journal] D. Lee / 2011 / Security analysis on the keypad for smartphones / Review of KIISC 21(7) : 30~37

[journal] 김익수 / 2014 / Randomized Keypad against Password Guessing Attacks with Motion Sensors / 한국지식정보기술학회 논문지 / 한국지식정보기술학회 9(1) : 75~83

[confproc] A. J. Aviv / 2010 / Smudge attacks on smartphone touch screens / Proceedings of the USENIX 4th Workshop on Offensive Technologies

[journal] Y. Ryu / 2010 / Usability evaluation of randomized keypad / Journal of Usability Studies 5(2) : 65~75

KJCKorea
Journal Central

Journal of Knowledge Information Technology and Systems 2023 KCI Impact Factor : 0.89