跳到主要內容

臺灣博碩士論文加值系統

(44.222.189.51) 您好!臺灣時間:2024/05/24 18:32
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:林俊豪
研究生(外文):Jyun-Hao Lin
論文名稱:PIN與圖形通行碼之動態擊鍵特徵系統-實作於相容Android平台之手機
論文名稱(外文):Keystroke Dynamic PIN-based and Graphical-based Authentication System - Implemented in Android Compatible Phone
指導教授:張庭毅程于芳程于芳引用關係
指導教授(外文):Ting-Yi ChangYufang Cheng
學位類別:碩士
校院名稱:國立彰化師範大學
系所名稱:數位學習研究所
學門:教育學門
學類:教育科技學類
論文種類:學術論文
論文出版年:2011
畢業學年度:99
語文別:英文
論文頁數:37
中文關鍵詞:身分驗證動態擊鍵特徵驗證系統擊鍵時間特徵擊鍵壓力特徵擊鍵面積特徵圖形通行碼
外文關鍵詞:identity authenticationkeystroke dynamics-based authenticationkeystroke time featurekeystroke pressure featurekeystroke size featuregraphical password
相關次數:
  • 被引用被引用:0
  • 點閱點閱:302
  • 評分評分:
  • 下載下載:9
  • 收藏至我的研究室書目清單書目收藏:0
近年來,觸控式行動裝置的應用越來越廣泛,人們可以從任何地方便利地存取各式各樣的資料與資訊,此類裝置所使用的使用者身分驗證方式為PIN-based(Person Identification Number)驗證。然而,PIN僅由4到8位數字所組成,導致PIN很容易遭受猜測攻擊及肩窺攻擊等威脅。許多研究利用動態擊鍵特徵驗證系統(Keystroke Dynamics-based Authentication;KDA)為PIN-based驗證提供額外的安全性驗證,其驗證方式不僅判斷PIN是否正確,亦驗證個人的擊鍵特徵是否一致。但不同於傳統文字通行碼透過標準QWERTY鍵盤入,行動裝置中不同大小或設計之輸入裝置會影響PIN-based動態擊鍵驗證系統之成效。本研究中,使用者於相同的人機介介面輸入其PIN;如此一來,這些擊鍵特徵不會因為輸入設備之差易影響而使驗證準確性受到影響。除了傳統的擊鍵時鍵特徵外,本研究發現兩項觸控式行動裝置之新特徵,分別稱之為擊鍵"壓力"特徵與擊鍵"面積"特徵。本研究利用上述之擊鍵特徵改善PIN-based動態擊鍵特徵系統之擊鍵資料品質。另一方面,本研究提出一套圖形通行碼動態擊鍵特徵驗證,此系統利用圖形通行碼,提高通行碼空間並使用上述之擊鍵壓力特徵改善資料品質,使用者亦於相同的人機介面中輸入其圖形通行碼。如此一來,圖形通行碼動態擊鍵驗證系統可進一步改善行動裝置之PIN-based安全性。
Since the touch screen handheld mobile devices have become
widely used, people are able to conveniently access various data and information anywhere. Most user authentication methods for these mobile devices are PIN-based (Person Identification Number) authentication. However, PINs consist of 4 to 8 numbers and then it suffers from guessing and shoulder surfing attacks easily. Many studies have employed the KDA (Keystroke Dynamics-based Authentication) system, which verifies PIN correctness and also verifies the corresponding individual keystroke features. It provides additional security verification for PIN-based authentication. Unfortunately, unlike the text-based
password KDA systems in QWERTY keyboards, different keypad sizes or layouts of mobile devices affect the PIN-based KDA system utility. In this study, the accuracy of authenticating the keystroke features are not affected by inconsistent keypads since the PINs is entered via the identical size of human-computer interface. Moreover, except for the original keystroke time features in the KDA systems, two novel keystroke features are found in touch screen handheld mobile devices, which are called "pressure" features and "size" features. This study uses these features to improve the keystroke data quality of PIN-based KDA system. On the other hand, we propose a new graphical-based password KDA system for touch screen handheld mobile devices. The proposed system uses graphical password to enlarge the password space size and uses the pressure features to improve the keystroke data quality. A user also enter his/her graphical password via the identical size of human-computer interface. Under this situation, the graphical-based password KDA system is able to promote the
PIN-based KDA system utility in touch screen handheld mobile
devices.
Abstract in Chinese i
Abstract in English iii
List of Figures viii
List of Tables ix
1 Introduction 1
1.1 Background and Motivation . . . . . . . . . . . . . . . . . . . . 1
1.2 Scope of This Thesis . . . . . . . . . . . . . . . . . . . . . . . . 4
1.3 Organization of the Study . . . . . . . . . . . . . . . . . . . . . 6
2 Related Work 7
2.1 Graphical-based Password Authentication . . . . . . . . . . . . 7
2.2 Keystroke Dynamic-based Authentication . . . . . . . . . . . . . 10
3 Methodology 15
3.1 Enrollment Phase . . . . . . . . . . . . . . . . . . . . . . . . . . 16
3.1.1 PIN-based KDA System . . . . . . . . . . . . . . . . . . 16
3.1.2 Graphical-based Password KDA System . . . . . . . . . 16
3.2 Classifier Building Phase . . . . . . . . . . . . . . . . . . . . . . 20
3.3 Authentication Phase . . . . . . . . . . . . . . . . . . . . . . . . 21
4 Experimental Result 23
4.1 Implementation Environment . . . . . . . . . . . . . . . . . . . 23
4.2 PIN-based KDA System Utility . . . . . . . . . . . . . . . . . . 24
4.3 Graphical-based Password KDA System Utility . . . . . . . . . 26
4.4 Comparison of Related Works . . . . . . . . . . . . . . . . . . . 29
5 Conclusion 32


List of Figures
1.1 Users enter the data via touch screen handheld mobile 5
2.1 The flow chart of keystroke dynamics-based authentication 10
2.2 The relationships of five evaluation criteria 14
3.1 The human-computer interface for a user to enter his/her PIN 17
3.2 The human-computer interface for a user to enter his/her graph-
ical password 18
3.3 Keystroke time features. pressure feature, and size feature when
a user enters a PIN ‘1234’ 19
4.1 The experiment results of PIN-based KDA system by ROC curve 25
4.2 The experiment results of graphical-based password KDA sys-
tem by ROC curve 28
List of Tables
4.1 The related data with the most balanced optimum threshold of
PIN-based KDA system 25
4.2 The average time (ms) of the building classifier phase and the
authentication phase identity verification for different digits of
PINs and different combinations of features 26
4.3 The related data with the most balanced optimum threshold of
graphical-based password KDA system 27
4.4 The average time (ms) of the building classifier phase and the
authentication phase for different numbers of photos for graph-
ical passwords and different combinations of features 28
4.5 Comparison of related works 31
[1] L. C. F. Ara´ujo, L. H. R. Sucupira, M. G. Liz´arraga, L. L. Ling, and J. B. T. Yabu-Uti, “User authentication through typing biometrics features,” IEEE Transactions on Signal Processing, vol. 53, no. 2, pp. 851–855, 2005.
[2] S. A. Bleha, C. Slivinsky, and B. Hussien, “Computer-access security systems using keystroke dynamics,” IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 12, no. 12, pp. 1217–1222, 1990.
[3] G. E. Blonder, Graphical Passwords, United States Patent 5559961, 1996.
[4] G. C. Boechat, J. C. Ferreira, and E. C. B. C. Filho, “Authentication personal,” in IEEE International Conference on Intelligent and Advanced Systems, pp. 254–256, 2007.
[5] S. Brostoff and M. A. Sasse, “Are passfaces more usable than passwords? a field trial investigation,” in People and Computers XIV - Usability or Else: Proceedings of HCI, pp. 405–424, 2000.
[6] P. Campisi, E. Maiorana, M. Lo Bosco, and A. Neri, “User authentication using keystroke dynamics for cellular phones,” IET Signal Processing, vol. 3, no. 4, pp. 333–341, 2009.
[7] T. Y. Chang, M. S. Hwang, and W. P. Yang, “A communication-efficient
three-party password authenticated key exchange protocol,” Information Sciences, vol. 181, pp. 217–226, January 2011.
[8] T. Y. Chang, W. P. Yang, and M. S. Hwang, “Simple authenticated key agreement and protected password change protocol,” Computers & Mathematics with Applications, vol. 49, no. 5-6, pp. 703–714, 2005.
[9] T. Y. Chang and Y. J. Yang, “A simple keystroke dynamics-based authentication system using means and standard deviation,” accepted (March 16, 2011) to appear in Journal of Internet Technology, 2011.
[10] T. Y. Chang, Y. J. Yang, and C. C. Peng, “A personalized rhythm clickbased authentication system,” Information Management and Computer Security, vol. 18, no. 2, pp. 72–85, 2010.
[11] N. L. Clarke and S. M. Furnell, “Advanced user authentication for mobile devices,” Computers & Security, vol. 26, no. 2, pp. 109–119, 2007.
[12] N. L. Clarke and S. M. Furnell, “Authenticating mobile phone users using keystroke analysis,” International Journal of Information Security, vol. 6, no. 1, pp. 1–14, 2007.
[13] R. Dhamija and A. Perrig, “D´ej`a vu: A user study using images for authentication,” in 9th USENIX Security Symposium, vol. 9, 2000.
[14] T. Fawcett, “An introduction to roc analysis,” Pattern Recognition Letters, vol. 27, no. 8, pp. 861–874, 2006.
[15] R. S. Gaines, W. Lisowski, S.J. Press, and N. Shapiro, “Authentication by keystroke timing: Some preliminary results,” in Rand Report R-256-NSF. Rand Corporation, 1980.
[16] S. Haider, A. Abbas, and A. K. Zaidi, “A multi-technique approach for user identification through keystroke dynamics,” in IEEE International Conference on System, Man, and Cybernetics, pp. 1336–1341, 2000.
[17] N. Harun, W. L. Woo, and S. S. Dlay, “Performance of keystroke biometrics authentication system using artificial neural network (ann) and distance classifier method,” in International Conference on Computer and Communication Engineering (ICCCE), pp. 1–6, 2010.
[18] S. Hocquet, J. Y. Ramel, and H. Cardot, “User classification for keystroke dynamics authentication,” in Advances in Biometrics, pp. 531–539, Lecture Notes in Computer Science 4642, 2009.
[19] D. Hosseinzadeh and S. Krishnan, “Gaussian mixture modeling of keystroke patterns for biometric applications,” IEEE Transactions on Systems, Man, and Cybernetics-Part C: Applications and Reviews, vol. 38, pp. 816–826, Nov. 2008.
[20] W. Hu, X. P.Wu, and G. H.Wei, “The security analysis of graphical passwords,” in 2010 International Conference on Communications and Intelligence Information Security, pp. 200–203, 2010.
[21] S. Hwang, S. Cho, and S. Park, “Keystroke dynamics-based authentication for mobile devices,” . Computers & Security, vol. 28, no. 1-2, pp. 85–93, 2009.
[22] S. Hwang, H. Lee, and S. Cho, “Improving authentication accuracy using artificial rhythms and cues for keystroke dynamics-based authentication,” Expert Systems with Applications, vol. 36, no. 7, pp. 10649–10656, 2009.
[23] W. A. Jansen, “Authenticating users on handheld devices,” in Canadian Information Technology Security Symposium, 2003.
[24] W. A. Jansen, “Authenticating mobile device users through image selection,” in Data Security, 2004.
[25] I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A. D. Rubin, “The design and analysis of graphical passwords,” in 8th USENIX Security Symposium, 1999.
[26] K. S. Killourhy and R. A. Maxion, “Comparing anomaly-detection algorithms for keystroke dynamics,” in IEEE/IFIP International Conference on Dependable Systems & Networks, pp. 125–134, 2009.
[27] J. M. Mandler and G. H. Ritchey, “Long-term memory for pictures,” Journal of Experimental Psychology: Human Learning and Memory, vol. 3, no. 4, pp. 386–396, 1977.
[28] R. Meier, Professional Android 2 Application Development, John Wiley & Sons Inc., 2010.
[29] F. Monrose and A. D. Rubin, “Keystroke dynamics as a biometric for authentication,” Future Generation Computer Systems, vol. 16, no. 4, pp. 351–359, 2000.
[30] M. S. Obaidat and S. Member, “A multilayer neural network system for computer access security,” IEEE Transactions on System, Man, and Cybernetics, vol. 24, no. 5, pp. 806–813, 1994.
[31] K. Revett, S. T. de Magalh´aes, and H. M. D. Santos, “Enhancing login security through the use of keystroke input dynamics,” in Advances in Biometrics, pp. 661–667, Lecture Notes in Computer Science 3832, 2005.
[32] W. G. De Ru and J. H. P. Eloff, “Enhanced password authentication through fuzzy logic,” IEEE Expert: Intelligent Systems and Their Applications, vol. 12, no. 6, pp. 38–45, 1997.
[33] H. Saevanee and P. Bhatarakosol, “User authentication using combination of behavioral biometrics over the touchpad acting like touch screen of mobile device,” in Computer and Electrical Engineering, pp. 82–86, 2008.
[34] D. H. Shih and T. C. Lin, “User authentication system by using keystroke dynamics,” in International Conference on Pacific Rim Management 18th Annual Meeting, pp. 102–115, 2008.
[35] L. Sobrado and J. C. Birget, “Graphical passwords,” in The Rutgers Scholar, An Electronic Bulletin for Undergraduate Research, vol. 4, 2002.
[36] A. F. Syukri, E. Okamoto, and M. Mambo, “A user identification system using signature written with mouse,” in 3rd Australasian Conference on Information Security and Privacy, pp. 403–441, 1998.
[37] S.Wiedenbeck, J.Waters, J. C. Birget, A. Brodskiy, and N. Memon, “Authentication using graphical passwords: Basic results,” in 11th Human Computer Interaction International (HCII), 2005.
[38] S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy, and N. Memon, “Passpoints: Design and longitudinal evaluation of a graphical password system,” International Journal of Human-Computer Studies, vol. 63, no. 1-2, pp. 102–127, 2005.
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top