Vulnerability Analysis on the Image-Based Authentication Through the PS/2 Interface
The mouse is one of the most widely used I/O devices on a computer. Most user authentication methods are password-based through the keyboard, but there exists a vulnerability through which passwords are exposed through data input, such as keyloggers. Thus, image-based authentication, which authenticates through data input from a mouse, has been discovered. Image-based authentication method is widely used in various Web sites and Internet banking services. This paper analyzes the vulnerability of image-based authentication, which is based on the input data through the mouse. This paper also analyzes an experiment where passwords are exposed by taking mouse data through the PS/2 controller, and we also implemented the proof-of-concept tool and confirm the result of mouse data exposure in the image-based authentication applied in the Internet banking service.
This research was supported by the Basic Science Research Program through the National Research Foundation of Korea (NRF) that is funded by the Ministry of Education (NRF-2015R1D1A1A01057300).
- 1.Lee, K., Bae, K., Yim, K.: Hardware approach to solving password exposure problem through keyboard sniff. In: Proceedings of the Academic Science Research, WASET, Singapore, 26–28 August 2009Google Scholar
- 2.Lee, S., Lee, K., Yim, K.: Security assessment of keyboard data based on Kaspersky product. In: Proceedings of the International Conference on Broadband and Wireless Computing, Communication (2016)Google Scholar
- 4.Oh, I., Lee, K., Yim, K.: Security assessment of the image-based authentication using screen-capture tools. In: Proceedings of the International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), Torino, Italy, 10–12 July 2017Google Scholar
- 5.Akula, S., Devisetty, V.: Image based registration and authentication system. In: Proceedings of Midwest Instruction and Computing Symposium, Morris, USA, 16–17 April 2004Google Scholar
- 7.Eljetlawi, A.M., Ithnin, N.: Graphical password: comprehensive study of the usability features of the recognition base graphical password methods. In: Proceedings of the IEEE International Conference on Convergence and Hybrid Information Technology (ICCIT), Busan, South Korea, 11–13 November 2008Google Scholar
- 8.Lee, H., Lee, Y., Lee, K., Yim, K.: Security assessment on the mouse data using mouse loggers. In: Proceedings of the International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA), Asan, South Korea, 5–7 November 2016Google Scholar
- 9.Chapweske, A.: Computer-engineering (2003)Google Scholar
- 10.Chapweske, A.: Computer-engineering (1999)Google Scholar
- 11.Chen, X.: Analysis and application of PS/2 device interface protocol. J. Int. Electron. Elem. 4 (2004)Google Scholar
- 12.Lee, K., Oh, I., Yim, K.: A protection technique for screen image-based authentication protocols utilizing the SetCursorPos function. In: Proceedings of the World conference on Information Security Applications (WISA), Jeju Island, Korea, 24–26 August 2017Google Scholar
- 13.Lee, K., Yim, K.: Vulnerability analysis on the image-based authentication: through the WM_INPUT message. In: Proceedings of the International Workshop on Convergence Information Technology (IWCIT), Busan, Korea, 21–23 December 2017Google Scholar
- 14.Lee, K., Yim, K.: A protection technique for screen image-based authentication utilizing the WM_INPUT message. In: Proceedings of the Korea Society of Computer Information (KSCI) Conference, Busan, South Korea, 11–13 January 2018Google Scholar