검색 상세

모바일 환경에서 훔쳐보기 공격에 강한 그래픽 패스워드 인증 기법

A graphic password scheme resistant to shoulder surfing attack in mobile environment

  • 문건영 (아주대학교 일반대학원 컴퓨터 공학과)

초록/요약

훔쳐보기 공격(Shoulder surfing attack)은 인증이나 주요정보를 다루고 있는 사용자 몰래 뒤에서 훔쳐보거나 불법 카메라를 이용하여 녹화하는 등의 방식으로 타인의 개인정보를 얻어내는 공격 방식을 말한다. 이 공격은 최근 모바일 기기(mobile device)의 보급 속도가 빨라지고 휴대성이 증대되면서 점점 더 큰 보안 문제로 떠오르고 있다. 본 논문에서는 터치 방식의 입력을 지원하는 모바일 기기로 인증을 수행하는 환경에서 훔쳐보기 공격에 강한 새로운 그래픽 패스워드(graphical password) 방식을 제안 한다. 제안 방식은 경로를 이용하여 패스 이미지(pass image)를 순서대로 선택하는 동시에 마인 이미지(mine image)를 선택하지 않는 방식으로 경로를 만들어 인증을 시도한다.

more

목차

본문 차례
제 1 장 서론 ························································································ 1
제 2장 관련 연구 ·················································································· 2
제 3 장 제안 방식 ················································································ 8
제 1 절 기본 동작 방식 ······································································ 8
제 2 절 어플리케이션 아이콘 사용 ······················································ 12
제 3 절 이미지 재배치 기능 ······························································· 13
제 4 장 텍스트 기반 패스워드와의 비교 실험 ·········································· 15
제 1 절 패스워드 생성 시간 ······························································· 17
제 2 절 패스워드 입력 시간 ······························································· 18
제 3 절 패스워드 입력 실패 ······························································· 23
제 4 절 기억 용이성 ········································································· 28
제 5 절 훔쳐보기 공격 ······································································ 31
제 5 장 안전성 분석 ············································································ 33
제 1 절 패스워드의 크기 ··································································· 33
제 2 절 무작위 대입 공격 ·································································· 35
제 3 절 스머지 공격 ········································································· 36
제 4 절 훔쳐보기 공격 ······································································ 37
제 5 절 사전 공격 ············································································ 38
제 6 장 결론 ······················································································ 40
제 7 장 추후 연구 ··············································································· 41
참고문헌 ····························································································· 42
Abstract ···························································································· 45

more

목차

그림 차례
그림 1. 설정된 이미지 ··········································································· 9
그림 2. 인증에 성공 ·············································································· 9
그림 3 인증에 실패 ·············································································· 9
그림 4. 두 개의 이미지 조합에 의해 인증이 불가능한 경우 ······················· 13
그림 5. 세 개의 이미지 조합에 의해 인증이 불가능한 경우 ······················· 13
그림 6. 새로운 패스워드 생성 시간 ························································ 18
그림 7. 인증 횟수별 평균 인증 시간 ······················································ 20
그림 8. 적응 기간 분리에 따른 평균 인증 시간 ······································· 21
그림 9. 1주차 인증 실패 요인별 분류 ···················································· 24
그림 10. 2주차 인증 실패 요인별 분류 ··················································· 26
그림 11. 인증 성공률 ·········································································· 27
그림 12. 기억 용이성에 관한 성공 비율 ················································· 30
그림 13. 훔쳐보기 공격의 성공률 ·························································· 32

more

목차

표 차례
표 1. 패스워드 방식간 특징 비교 ···························································· 6
표 2 L에 따른 경로의 개수 ··································································· 34
표 3. L별 무작위 대입 공격의 성공 및 실패 비율 ···································· 35
표 4. L별 훔쳐보기 공격의 성공 비율 ···················································· 38

more
반출 Meta View 목록