论文信息 - Secure Password-based Authentication Method for Mobile Banking Services

Secure Password-based Authentication Method for Mobile Banking Services

Moblie device based financial services are vulnerable to social engineering attacks because of the display screen of mobile devices. In other words, in the case of shoulder surfing, attackers can easily look over a user’s shoulder and expose his/her password. To resolve this problem, a colour-based secure keyboard solution has been proposed. However, it is inconvenient for genuine users to verify their password using this method. Furthermore, password colours can be exposed because of fixed keyboard colours. Therefore, we propose a secure mobile authentication method to provide advanced functionality and strong privacy. Our authentication method is robust to social engineering attacks, especially keylogger and shoulder surfing attacks. According to the evaluation results, our method offers increased security and improved usability compared with existing methods.

Dongmin Choi | Ilyong Chung | Dongkil Tak

[1] Andrew Sears,et al. Data Entry for Mobile Devices Using Soft Keyboards: Understanding the Effects of Keyboard Size and User Tasks , 2003, Int. J. Hum. Comput. Interact..

[2] Patrick J. Flynn,et al. Image understanding for iris biometrics: A survey , 2008, Comput. Vis. Image Underst..

[3] Aziz Mohaisen,et al. Keylogging-Resistant Visual Authentication Protocols , 2014, IEEE Transactions on Mobile Computing.

[4] Dongmin Choi,et al. Virtual Keyboard against Social Engineering Attacks in Smartphones , 2015 .

[5] Hyoung Joong Kim,et al. Designing Password Input System Resistant on Shoulder Surfing Attack with Statistical Analysis , 2012 .

[6] Sung H. Han,et al. Touch key design for one-handed thumb interaction with a mobile phone: Effects of touch key size and touch key location , 2010 .

[7] Do Hyong Koh,et al. Usability evaluation of randomized keypad , 2010 .