Department of Computer and Information Security, Sejong University, Seoul 05006, Korea.
Department of Computer and Information Security, and Convergence Engineering for Intelligent Drone, Sejong University, Seoul 05006, Korea.
Sensors (Basel). 2021 Mar 23;21(6):2242. doi: 10.3390/s21062242.
Authentication methods using personal identification number (PIN) and unlock patterns are widely used in smartphone user authentication. However, these authentication methods are vulnerable to shoulder-surfing attacks, and PIN authentication, in particular, is poor in terms of security because PINs are short in length with just four to six digits. A wide range of research is currently underway to examine various biometric authentication methods, for example, using the user's face, fingerprint, or iris information. However, such authentication methods provide PIN-based authentication as a type of backup authentication to prepare for when the maximum set number of authentication failures is exceeded during the authentication process such that the security of biometric authentication equates to the security of PIN-based authentication. In order to overcome this limitation, research has been conducted on keystroke dynamics-based authentication, where users are classified by analyzing their typing patterns while they are entering their PIN. As a result, a wide range of methods for improving the ability to distinguish the normal user from abnormal ones have been proposed, using the typing patterns captured during the user's PIN input. In this paper, we propose unique keypads that are assigned to and used by only normal users of smartphones to improve the user classification performance capabilities of existing keypads. The proposed keypads are formed by randomly generated numbers based on the Mersenne Twister algorithm. In an attempt to demonstrate the superior classification performance of the proposed unique keypad compared to existing keypads, all tests except for the keypad type were conducted under the same conditions in earlier work, including collection-related features and feature selection methods. Our experimental results show that when the filtering rates are 10%, 20%, 30%, 40%, and 50%, the corresponding equal error rates (EERs) for the proposed keypads are improved by 4.15%, 3.11%, 2.77%, 3.37% and 3.53% on average compared to the classification performance outcomes in earlier work.
身份验证方法使用个人识别号码 (PIN) 和解锁模式广泛应用于智能手机用户身份验证。然而,这些身份验证方法容易受到肩窥攻击,特别是 PIN 身份验证在安全性方面较差,因为 PIN 长度只有四到六位数字。目前正在进行广泛的研究,以检查各种生物识别身份验证方法,例如使用用户的面部、指纹或虹膜信息。然而,这种身份验证方法将基于 PIN 的身份验证作为一种备份身份验证类型,以便在身份验证过程中超过最大设置的身份验证失败次数时准备,从而使生物识别身份验证的安全性等同于基于 PIN 的身份验证的安全性。为了克服这一限制,已经对基于按键动力学的身份验证进行了研究,其中通过分析用户输入 PIN 时的打字模式对用户进行分类。结果,提出了许多方法来提高区分正常用户和异常用户的能力,这些方法使用用户输入 PIN 时捕获的打字模式。在本文中,我们提出了仅分配给和仅由智能手机的正常用户使用的独特键盘,以提高现有键盘的用户分类性能。所提出的键盘是基于 Mersenne Twister 算法随机生成的数字形成的。为了证明与现有键盘相比,所提出的独特键盘的分类性能更优,除了键盘类型外,所有测试都在早期工作相同的条件下进行,包括收集相关特征和特征选择方法。我们的实验结果表明,当过滤率为 10%、20%、30%、40%和 50%时,与早期工作的分类性能结果相比,所提出的键盘的平均等错误率 (EER) 分别提高了 4.15%、3.11%、2.77%、3.37%和 3.53%。
