• PDF / 1,745,320 Bytes
• 7 Pages / 439.37 x 666.142 pts Page_size
• 31 Downloads / 240 Views

DOWNLOAD

REPORT

---

Abstract The latest boom in the prevalence of smartphones has been encouraging various personal services to store and utilize important data such as photos and banking information. Thus, the importance of user authentication has also been growing rapidly. Nevertheless, many problems have arisen as a result of the common method of using a four-digit personal identification number (PIN) because of its potential for being breached by a brute force attack or shouldersurfing attack. Various authentication schemes have been developed to overcome these problems. In this paper, we also propose a new password-based user authentication scheme that utilizes the well-known Minesweeper game, providing better usability as well as greater security. The proposed scheme provides its users a simple method for memorizing their passwords and usable security by allowing them to enter calculated values rather than the password itself.







Keywords Password Usable security Authentication Shoulder-surfing attack

T. Kim  S. Kim  H. Yi  G. Ma  J. H. Yi (&) School of Computer Science and Engineering, Soongsil University, Seoul, Korea e-mail: [email protected] T. Kim e-mail: [email protected] S. Kim e-mail: [email protected] H. Yi e-mail: [email protected] G. Ma e-mail: [email protected]

J. J. (Jong Hyuk) Park et al. (eds.), Multimedia and Ubiquitous Engineering, Lecture Notes in Electrical Engineering 240, DOI: 10.1007/978-94-007-6738-6_29, Ó Springer Science+Business Media Dordrecht(Outside the USA) 2013

227

228

T. Kim et al.

1 Introduction The recent increase in the use of smartphones has been replacing PCs in handling applications as their scope and area of application expands, providing their users with greater comfort. However, there are still many concerns about personal information leakage, viruses, and malware. Thus, there has been a gradual increase in the importance of secure user authentication methods to protect the personal data stored in smartphones. The current password-based authentication measures are user-friendly, but highly vulnerable to shoulder-surfing attacks, brute force attacks, and smudge attacks. Much research has been conducted to resolve these concerns. However, the most of the methods developed [1–4] have been unsuitable for mobile devices, have compromised user-friendliness, or have continued to remain vulnerable to shoulder-surfing attacks. In this paper, we propose a user-friendly security method for mobile devices that provides defense against shoulder-surfing attacks. In addition, we conduct a security analysis through a comparison with previous techniques against brute force and shoulder-surfing attacks. This paper is organized as follows. In Sect. 2, we discuss the suggested password authentication method, which is followed by a safety analysis in Sect. 3. Section 4 concludes the paper.

2 Proposed Scheme Current password authentication schemes do not satisfy both security and usability requirements at the same time. For example, the PIN-Entry [1], DAS [2], and Passfaces [4] methods are secure