Vulnerability Analysis Challenges of the Mouse Data Based on Machine Learning for Image-Based User Authentication

With the change from the pre-internet era to online society, user authentication technology is required, and for that, password-based authentication technology is generally used. However, the technology has vulnerabilities and security threats that cannot ensure security and reliability, due to the exposure of the keyboard data that comprises a password input from the keyboard. In order to settle this problem, image-based authentication technology has emerged; but the password input from the mouse is not secure, due to the exposure of the mouse data. This problem has led to the emergence of mouse data protection technology. This technology protects mouse data by generating a large number of random mouse positions at any time, thereby inducing an attacker to track any mouse position generated by the defender, even if the attacker takes over the mouse data. Therefore, this mouse protection technology almost completely defends against existing mouse data attack techniques. With mouse data protection technology applied, the challenge of this paper is to verity the feasibility of mouse data attack. For the experiment, we collected both random mouse data generated by the defender and real mouse data input from the user, and verified the security of mouse data using mouse data classification based on machine learning. As a result of the experiment, we have verified the stealing of mouse data by using the proposed method with high quality, even if existing techniques of mouse data attack do not steal real mouse data. The best accuracy is 98%. In other words, the proposed method almost completely classifies the mouse data input from the user. Consequently, this paper derives and verifies the vulnerability and security threat of image-based authentication technology. Moreover, the vulnerability and security threat found in this paper not only constitute a new vulnerability and security threat, but can also be used as a criterion in security analysis and evaluation for image-based authentication technology.

[1]  Kim-Kwang Raymond Choo,et al.  Cyber-physical systems information gathering: A smart home case study , 2018, Comput. Networks.

[2]  Kim-Kwang Raymond Choo,et al.  The Role of the Adversary Model in Applied Security Research , 2019, IACR Cryptol. ePrint Arch..

[3]  Eyke Hüllermeier,et al.  Combining Instance-Based Learning and Logistic Regression for Multilabel Classification , 2009, ECML/PKDD.

[4]  Kyungroul Lee,et al.  A Protection Technique for Screen Image-Based Authentication Protocols Utilizing the SetCursorPos Function , 2017, WISA.

[5]  Kyungroul Lee,et al.  Keyboard Security: A Technological Review , 2011, 2011 Fifth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[6]  R.E. Newman,et al.  Security analysis of and proposal for image-based authentication , 2005, Proceedings 39th Annual 2005 International Carnahan Conference on Security Technology.

[7]  Lawrence O. Hall,et al.  A Comparison of Decision Tree Ensemble Creation Techniques , 2007 .

[8]  Alexander J. Smola,et al.  Learning with kernels , 1998 .

[9]  Zhi-Hua Zhou,et al.  ML-KNN: A lazy learning approach to multi-label learning , 2007, Pattern Recognit..

[10]  Kyungroul Lee,et al.  Vulnerability Analysis on the Image-Based Authentication Through the PS/2 Interface , 2018, IMIS.

[11]  Insoo Koo,et al.  Sensor Fault Classification Based on Support Vector Machine and Statistical Time-Domain Features , 2017, IEEE Access.

[12]  Sara Matzner,et al.  An application of machine learning to network intrusion detection , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[13]  Hideki Koike,et al.  Awase-E: Image-Based Authentication for Mobile Phones Using User's Favorite Images , 2003, Mobile HCI.

[14]  Ajinkya Pawar,et al.  Secure Authentication using Anti-Screenshot Virtual Keyboard , 2011 .

[15]  Yuefei Zhu,et al.  A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks , 2017, IEEE Access.

[16]  Kyungroul Lee,et al.  Security Assessment on the Mouse Data using Mouse Loggers , 2016, BWCCA.

[17]  Wm. Arthur Conklin,et al.  Password-based authentication: a system perspective , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.