Abstract
This paper focuses on security problems of password-based authentication systems and password exposure by login users following image-based authentication protocols requiring a mouse HID. One of these systems consists of on-screen virtual keyboard authentication protocol, which is commonly utilized by Internet banking services and electronic payment services. Nevertheless, this protocol presents the vulnerability of mouse coordinate data exposure through the GetCursorPos() API. Authentication information involving image-based authentication systems is thus still vulnerable to attacker’s attacks and theft. Accordingly, we propose a security protection technique that utilizes the SetCursorPos() function to introduce random irrelevant mouse coordinate data.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Wikipedia: Computer Mouse. https://en.wikipedia.org/wiki/Computer_mouse
Dadkhah, M., Jazi, M.D.: A novel approach to deal with keyloggers. J. Comput. Sci. Technol. 7(1), 25–28 (2014)
Wikipedia: Virtual Keyboard. https://en.wikipedia.org/wiki/Virtual_keyboard
Parekh, A., Pawar, A., Munot, P., Mantri, P.: Secure authentication using anti-screenshot virtual keyboard. J. Comput. Sci. Issues 8(5), 534–537 (2011)
Braschi, A., Continella, A.: Prometheus: A Web-based Platform for Analyzing Banking Trojans (2014)
Aditya, S., Rohit, B.: Prosecting the citadel botnet revealing the dominance of the zeus descendent (2014)
O’Murchu, L., Gutierrez, F.P.: The evolution of the fileless clickfraud malware Poweliks (2015)
MSDN: GetCursorPos function. https://msdn.microsoft.com/ko-kr/library/windows/desktop/ms648390(v=vs.85).aspx
MSDN: SetCursorPos function. https://msdn.microsoft.com/ko-kr/library/windows/desktop/ms648394(v=vs.85).aspx
Lee, H., Lee, Y., Lee, K., Yim, K.: Security assessment on the mouse data using mouse loggers. Advances on Broad-Band Wireless Computing, Communication and Applications. LNDECT, vol. 2, pp. 387–393. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-49106-6_37
Lee, S., Lee, K., Yim, K.: Security assessment of keyboard data based on Kaspersky product. Advances on Broad-Band Wireless Computing, Communication and Applications. LNDECT, vol. 2, pp. 395–400. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-49106-6_38
Lee, K., Yim, K.: Keyboard security: a technological review. In: Proceedings of the Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), pp. 9–15, June 2011
Lee, K., Choi, Y., Yeuk, H., Yim, K.: Password sniff by forcing the keyboard to replay scan codes. In: Proceedings of the Joint Workshop on Information Security (JWIS), p. 9, August 2010
Lee, K., Bae, K., Yim, K.: Hardware approach to solving password exposure problem through keyboard sniff. In: Proceedings of the Academic Science Research, WASET, pp. 23–25, October 2009
Acknowledgments
This research was supported by the Basic Science Research Program through the National Research Foundation of Korea (NRF) that is funded by the Ministry of Education (NRF-2015R1D1A1A01057300).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Oh, I., Lee, K., Yim, K. (2018). A Protection Technique for Screen Image-Based Authentication Protocols Utilizing the SetCursorPos Function. In: Kang, B., Kim, T. (eds) Information Security Applications. WISA 2017. Lecture Notes in Computer Science(), vol 10763. Springer, Cham. https://doi.org/10.1007/978-3-319-93563-8_20
Download citation
DOI: https://doi.org/10.1007/978-3-319-93563-8_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-93562-1
Online ISBN: 978-3-319-93563-8
eBook Packages: Computer ScienceComputer Science (R0)