Abstract
As smart phones are becoming widely used, a variety of services to store and use important information such as photos and financial information are now provided. User authentication to protect this information is increasingly important. The commonly used 4-digit PIN, however, is vulnerable to the Brute Force Attack, Shoulder-Surfing Attack, and Recording Attack. Various authentication techniques are being developed in order to solve these problems. However, the technique that provides perfect protection, even from the Recording Attack, is not yet known, and in most cases, a password can be exposed by multiple Recording Attacks. This paper proposes a new user authentication method that protects against a Recording Attack from spyware on the user's smart phone. The proposed method prevents password exposure by multiple Recording Attacks, is implemented on a real Android phone, and has been evaluated for usability.
Highlights
A smart phone is different from feature phones in that it has a mobile OS that makes it possible to freely install and remove applications just as for personal computers
The Recording Attack is a type of Shoulder-Surfing Attack [2] where the attacker records the entire user authentication process including ID and password input for a service
The proposed method has been developed for the smart phone environment and ensures safety from the Shoulder-Surfing Attack, Brute Force Attack [3], Smudge Attack [4], and Recording Attack that threaten user authentication
Summary
A smart phone is different from feature phones in that it has a mobile OS that makes it possible to freely install and remove applications just as for personal computers. This malware could expose information in the smart phone, and invade privacy or cause financial damage Among these types of malware, spyware could exist which leaks the authentication screen and touch coordinates of the user. This paper proposes an authentication method devised such that the password cannot be taken even when the entire authentication screen is recorded and exposed This method generates and authenticates a onetime password that is changed each time according to prior knowledge of the user without the need for separate hardware and includes wrong information in the inputted password, making it possible to prevent the exposure of the correct password to the attacker. The proposed method has been developed for the smart phone environment and ensures safety from the Shoulder-Surfing Attack, Brute Force Attack [3], Smudge Attack [4], and Recording Attack that threaten user authentication
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Distributed Sensor Networks
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
