Affiliation:
1. Department of Information Security Engineering, Mokpo National University, Muan 58554, Republic of Korea
2. Department of Information Security Engineering, Soonchunhyang University, Asan 31538, Republic of Korea
Abstract
Online security threats have arisen through Internet banking hacking cases, and highly sensitive user information such as the ID, password, account number, and account password that is used for online payments has become vulnerable. Many security companies have therefore researched protection methods regarding keyboard-entered data for the introduction of defense techniques. Recently, keyboard security issues have arisen due to the production of new malicious codes by attackers who have combined the existing attack techniques with new attack techniques; however, a keyboard security assessment is insufficient here. The research motivation is to serve more secure user authentication methods by evaluating the security of information input from the keyboard device for the user authentication, including Internet banking service. If the authentication information input from the keyboard device is exposed during user authentication, attackers can attempt to illegal login or, worst, steal the victim’s money. Accordingly, in this paper, the existing and the new keyboard-attack techniques that are known are surveyed, and the results are used as the basis for the implementation of sample malicious codes to verify both a security analysis and an assessment of secure keyboard software. As a result of the experiment, if the resend command utilization attack technique is used, 7 out of 10 companies’ products expose keyboard information, and only 1 company’s products detect it. The fundamental reason for these vulnerabilities is that the hardware chip related to the PS/2 interface keyboard does not provide security facilities. Therefore, since keyboard data exposure does not be prevented only by software, it is required to develop a hardware chip that provides security facilities.
Funder
National Research Foundation of Korea
Korea Government
Subject
Electrical and Electronic Engineering,Biochemistry,Instrumentation,Atomic and Molecular Physics, and Optics,Analytical Chemistry
Reference23 articles.
1. Ecommerce Guide (2023, March 22). Ecommerce Statistics for Retailers and Online Shopping in 2022. Available online: https://ecommerceguide.com/ecommerce-statistics.
2. European Payments Council (2023, March 22). 2022 Payment Threats and Fraud Trends Report. Available online: https://www.europeanpaymentscouncil.eu/sites/default/files/kb/file/2022-12/EPC183-22%20v1.0%202022%20Payments%20Threats%20and%20Fraud%20Trends%20Report.pdf.
3. Lee, K., and Yim, K. (2020). Cybersecurity threats based on machine learning-based offensive technique for password authentication. Appl. Sci., 10.
4. Hardware Approach to Solving Password Exposure Problem through Keyboard Sniff;Lee;Int. J. Electr. Comput. Eng.,2009
5. Yim, K. (2010, January 15–18). A new noise mingling approach to protect the authentication password. Proceedings of the 2010 International Conference on Complex, Intelligent and Software Intensive Systems, Krakow, Poland.
Cited by
4 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献