Keyboard Data Protection Technique Using GAN in Password-Based User Authentication: Based on C/D Bit Vulnerability
Author:
Lee Jaehyuk1, Jeong Wonbin2, Lee Kyungroul2
Affiliation:
1. Process Development Team, Fescaro, Suwon 16512, Republic of Korea 2. Department of Information Security Engineering, Mokpo National University, Muan 58554, Republic of Korea
Abstract
In computer systems, user authentication technology is required to identify users who use computers. In modern times, various user authentication technologies, including strong security features based on ownership, such as certificates and security cards, have been introduced. Nevertheless, password-based authentication technology is currently mainly used due to its convenience of use and ease of implementation. However, according to Verizon’s “2022 Data Breach Investigations Report”, among all security incidents, security incidents caused by password exposures accounted for 82%. Hence, the security of password authentication technology is important. Consequently, this article analyzes prior research on keyboard data attacks and defense techniques to draw the fundamental reasons for keyboard data attacks and derive countermeasures. The first prior research is about stealing keyboard data, an attack that uses machine learning to steal keyboard data to overcome the limitations of a C/D bit attack. The second prior research is an attack technique that steals keyboard data more efficiently by expanding the features of machine learning used in the first prior research. In this article, based on previous research findings, we proposed a keyboard data protection technique using GAN, a Generative Adversarial Network, and verified its feasibility. To summarize the results of performance evaluation with previous research, the machine learning-based keyboard data attack based on the prior research exhibited a 96.7% attack success rate, while the study’s proposed method significantly decreased the attack success rate by approximately 13%. Notably, in all experiments, the average decrease in the keyboard data classification performance ranged from a minimum of −29% to a maximum of 52%. When evaluating performance based on maximum performance, all performance indicators were found to decrease by more than 50%.
Funder
National Research Foundation of Korea
Reference30 articles.
1. Conklin, A., Dietrich, G., and Walz, D. (2004, January 5–8). Password-based authentication: A system perspective. Proceedings of the IEEE 37th Annual Hawaii International Conference on System Sciences, Big Island, HI, USA. 2. Recent Trends in User Authentication—A Survey;Shah;IEEE Access,2019 3. Ur, B., Kelley, P.G., Komanduri, S., Lee, J., Maass, M., Mazurek, M.L., Passaro, T., Shay, R., Vidas, T., and Bauer, L. (2012, January 8–10). How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation. Proceedings of the 21st USENIX Security Symposium (USENIX Security 12), Bellevue, WA, USA. 4. Authentication and Authorization for Mobile IoT Devices Using Biofeatures: Recent Advances and Future Trends;Ferrag;Secur. Commun. Netw.,2019 5. Passwords and the Evolution of Imperfect Authentication;Bonneau;Commun. ACM,2015
|
|