User biometric information‐based secure method for smart devices

Secure mechanisms have been adapted to satisfy the needs of mobile subscribers; however, the mobile environment is quite different from a desktop PC or laptop‐based environment. The existing attack patterns in mobile environments are also quite different, and the countermeasures applied should be enhanced. In regards to usability, the mobile environment is based on mobility, and thus, mobile devices are designed and developed to enhance the owner's efficiency. To avoid forgetting passwords, people are willing to adopt simple alphanumeric‐character combinations, which are easy to remember and convenient to enter. As a result, the passwords have a high probability of being cracked or exposed. In this paper, we study the potential security problems caused by simple and weak passwords, discuss drawbacks of some conventional works, and propose 3 creative schemes to increase the complexity and strength of passwords by applying the envisioned features. Note that our proposals are based on the assumption that the textual passwords are not difficult for users to remember or enter and do not cause inconvenience to users. In other words, the proposed methods can increase the complexity of simple passwords without the awareness of users.

[1]  Andrew Beng Jin Teoh,et al.  Keystroke dynamics in password authentication enhancement , 2010, Expert Syst. Appl..

[2]  Nathan Clarke,et al.  Behaviour profiling for transparent authentication for mobile devices , 2011, ECIW 2011 2011.

[3]  Ted Taekyoung Kwon,et al.  SwitchPIN: Securing smartphone PIN entry with switchable keypads , 2014, 2014 IEEE International Conference on Consumer Electronics (ICCE).

[4]  Ar Kar Kyaw,et al.  Dictionary attack on Wordpress: Security and forensic analysis , 2015, 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec).

[5]  Manuel Medina,et al.  A professional view on ebanking authentication: Challenges and recommendations , 2013, 2013 9th International Conference on Information Assurance and Security (IAS).

[6]  Muhammad Shakir,et al.  S3TFPAS: Scalable shoulder surfing resistant textual-formula base password authentication system , 2010, 2010 3rd International Conference on Computer Science and Information Technology.

[7]  Elham Darbanian,et al.  A graphical password against spyware and shoulder-surfing attacks , 2015, 2015 International Symposium on Computer Science and Software Engineering (CSSE).

[8]  Xin Su,et al.  Case study on password complexity enhancement for smart devices , 2017, 2017 14th IEEE Annual Consumer Communications & Networking Conference (CCNC).

[9]  Marc Alexander Kowtko Biometric authentication for older adults , 2014, IEEE Long Island Systems, Applications and Technology (LISAT) Conference 2014.

[10]  Ross J. Anderson,et al.  A Birthday Present Every Eleven Wallets? The Security of Customer-Chosen Banking PINs , 2012, Financial Cryptography.

[11]  Marek R. Ogiela,et al.  Towards Cognitive Cryptography , 2014, J. Internet Serv. Inf. Secur..

[12]  Daeyoung Kim,et al.  Secure pattern-based authentication against shoulder surfing attack in smart devices , 2015, 2015 Seventh International Conference on Ubiquitous and Future Networks.

[13]  Thomas Plantard,et al.  Certificate-Based Encryption with Keyword Search: Enabling Secure Authorization in Electronic Health Record , 2016, J. Internet Serv. Inf. Secur..

[14]  Marcus Nohlberg Securing Information Assets: Understanding, Measuring and Protecting against Social Engineering Attacks , 2008 .

[15]  Romit Roy Choudhury,et al.  Tapprints: your finger taps have fingerprints , 2012, MobiSys '12.

[16]  Hyunsoo Kwon,et al.  A secure OTP algorithm using a smartphone application , 2015, 2015 Seventh International Conference on Ubiquitous and Future Networks.

[17]  Amitava Das,et al.  Multilingual spoken-password based user authentication in emerging economies using cellular phone networks , 2008, 2008 IEEE Spoken Language Technology Workshop.

[18]  Han-Yu Lin,et al.  Shoulder-surfing-proof graphical password authentication scheme , 2013, International Journal of Information Security.

[19]  Steven Furnell,et al.  Acceptance of Subscriber Authentication Methods For Mobile Telephony Devices , 2002, Comput. Secur..

[20]  Babak Naderi,et al.  Magnetic signatures in air for mobile devices , 2012, Mobile HCI.

[21]  Iksu Kim Keypad against brute force attacks on smartphones , 2012, IET Inf. Secur..

[22]  Rune Gustavsson,et al.  Agents with power , 1999, CACM.

[23]  Tsuyoshi Murata,et al.  {m , 1934, ACML.

[24]  Marek R. Ogiela,et al.  Strategic Information Splitting Using Biometric Patterns , 2012, J. Internet Serv. Inf. Secur..

[25]  Hamed Ketabdar,et al.  MagiSign : User Identification / Authentication Based on 3 D Around Device Magnetic Signatures , 2010 .

[26]  T. Takada FakePointer: An Authentication Scheme for Improving Security against Peeping Attacks Using Video Cameras , 2008, 2008 The Second International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies.

[27]  Hung-Min Sun,et al.  A Shoulder Surfing Resistant Graphical Authentication System , 2018, IEEE Transactions on Dependable and Secure Computing.

[28]  Wei Yang,et al.  A residual feature-based replay attack detection approach for brainprint biometric systems , 2016, 2016 IEEE International Workshop on Information Forensics and Security (WIFS).

[29]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[30]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[31]  Bojan Cukic,et al.  Keystroke Recognition , 2015, Encyclopedia of Biometrics.

[32]  Hao Chen,et al.  TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion , 2011, HotSec.