Vulnerability Analysis on the Image-Based Authentication Through the PS/2 Interface

  • Insu Oh
  • Kyungroul Lee
  • Sun-Young Lee
  • Kyunghwa Do
  • Hyo beom Ahn
  • Kangbin YimEmail author
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 773)


The mouse is one of the most widely used I/O devices on a computer. Most user authentication methods are password-based through the keyboard, but there exists a vulnerability through which passwords are exposed through data input, such as keyloggers. Thus, image-based authentication, which authenticates through data input from a mouse, has been discovered. Image-based authentication method is widely used in various Web sites and Internet banking services. This paper analyzes the vulnerability of image-based authentication, which is based on the input data through the mouse. This paper also analyzes an experiment where passwords are exposed by taking mouse data through the PS/2 controller, and we also implemented the proof-of-concept tool and confirm the result of mouse data exposure in the image-based authentication applied in the Internet banking service.



This research was supported by the Basic Science Research Program through the National Research Foundation of Korea (NRF) that is funded by the Ministry of Education (NRF-2015R1D1A1A01057300).


  1. 1.
    Lee, K., Bae, K., Yim, K.: Hardware approach to solving password exposure problem through keyboard sniff. In: Proceedings of the Academic Science Research, WASET, Singapore, 26–28 August 2009Google Scholar
  2. 2.
    Lee, S., Lee, K., Yim, K.: Security assessment of keyboard data based on Kaspersky product. In: Proceedings of the International Conference on Broadband and Wireless Computing, Communication (2016)Google Scholar
  3. 3.
    Sagiroglu, S., Canbek, G.: Keyloggers. IEEE Technol. Soc. Mag. 28(3) (2009)CrossRefGoogle Scholar
  4. 4.
    Oh, I., Lee, K., Yim, K.: Security assessment of the image-based authentication using screen-capture tools. In: Proceedings of the International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), Torino, Italy, 10–12 July 2017Google Scholar
  5. 5.
    Akula, S., Devisetty, V.: Image based registration and authentication system. In: Proceedings of Midwest Instruction and Computing Symposium, Morris, USA, 16–17 April 2004Google Scholar
  6. 6.
    Almuairfi, S., Veeraraghavan, P., Chilamkurti, N.: A novel image-based implicit password authentication system (IPAS) for mobile and non-mobile devices. Math. Comput. Model. 58, 1 (2013)CrossRefGoogle Scholar
  7. 7.
    Eljetlawi, A.M., Ithnin, N.: Graphical password: comprehensive study of the usability features of the recognition base graphical password methods. In: Proceedings of the IEEE International Conference on Convergence and Hybrid Information Technology (ICCIT), Busan, South Korea, 11–13 November 2008Google Scholar
  8. 8.
    Lee, H., Lee, Y., Lee, K., Yim, K.: Security assessment on the mouse data using mouse loggers. In: Proceedings of the International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA), Asan, South Korea, 5–7 November 2016Google Scholar
  9. 9.
    Chapweske, A.: Computer-engineering (2003)Google Scholar
  10. 10.
    Chapweske, A.: Computer-engineering (1999)Google Scholar
  11. 11.
    Chen, X.: Analysis and application of PS/2 device interface protocol. J. Int. Electron. Elem. 4 (2004)Google Scholar
  12. 12.
    Lee, K., Oh, I., Yim, K.: A protection technique for screen image-based authentication protocols utilizing the SetCursorPos function. In: Proceedings of the World conference on Information Security Applications (WISA), Jeju Island, Korea, 24–26 August 2017Google Scholar
  13. 13.
    Lee, K., Yim, K.: Vulnerability analysis on the image-based authentication: through the WM_INPUT message. In: Proceedings of the International Workshop on Convergence Information Technology (IWCIT), Busan, Korea, 21–23 December 2017Google Scholar
  14. 14.
    Lee, K., Yim, K.: A protection technique for screen image-based authentication utilizing the WM_INPUT message. In: Proceedings of the Korea Society of Computer Information (KSCI) Conference, Busan, South Korea, 11–13 January 2018Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2019

Authors and Affiliations

  • Insu Oh
    • 1
  • Kyungroul Lee
    • 2
  • Sun-Young Lee
    • 1
  • Kyunghwa Do
    • 3
  • Hyo beom Ahn
    • 4
  • Kangbin Yim
    • 1
    Email author
  1. 1.Department of Information Security EngineeringSoonchunhyang UniversityAsanSouth Korea
  2. 2.R&BD Center for Security and Safety Industries (SSI)Soonchunhyang UniversityAsanSouth Korea
  3. 3.Department of SoftwareKonkuk UniversitySeoulSouth Korea
  4. 4.Division of Information and Telecommunication EngineeringKongju National UniversityChonanSouth Korea

Personalised recommendations