臺灣博碩士論文加值系統

隨著智慧型裝置在生活中漸漸普及，使用者可隨時隨地使用智慧型裝置作為網路服務的平台，代表著有越來越多的隱私訊息會存在於裝置中，因此現有的智慧型裝置已有搭配各種不同的身分驗證方法，但系統常用的身分認證存有一大難題－肩窺攻擊。因此許多預防肩窺攻擊的方法被提出，但是有些方法太過複雜造成使用不易，所以我們希望認證系統能不造成使用上負擔，並能達到防禦肩窺攻擊，且對於其他的攻擊行為也能達到足夠的安全性。
本研究提出了一個能防禦肩窺攻擊之多點觸控手勢認證系統，藉由智慧型裝置觸控螢幕擷取使用者多點觸控之手勢，使用者能在驗證時改變手勢混淆攻擊者，使攻擊者即使觀察也無法得知使用者所使用來通過認證之手勢密碼。我們的方法確實能改善能防禦肩窺攻擊，並能提高系統之安全性。

In recent years, due to the popularity of smartphones, users can use smart devices as a platform for internet services anywhere and anytime. That is to say, a growing number of private messages will be stored on smart devices, so smart devices have been used with many different methods of authentication. But common authentication system is difficult to against shoulder surfing attacks. Many types of research were proposed to resist shoulder surfing attack, but some methods are too complicated.
In this study, we proposed a multi-touch gesture authentication system to shoulder surfing attack defense. We use the touch screen to capture user behavior-touch gestures. Users can change the verification gestures to confuse the attacker during verification. Even the attacker can observe the verification process, but he cannot know the correct password gestures. Our approach can defense shoulder surfing attacks and improve the security of the system.

摘要 i
Abstract ii
致謝 iii
目錄 iv
圖目錄 vi
表目錄 vii
第一章 緒論 1
第二章 相關文獻 8
2.1 Color pass 8
2.2 Tictocpin 10
2.3行動裝置防肩窺攻擊之身分認證機制 12
2.4 Graphical keystroke dynamic authentication system 13
2.5 Finger-drawn pin authentication 14
2.6 Multi-touch behavioral authentication 15
2.7 Behavioral user authentication 16
2.8 Multitouch gesture authentication 17
2.9 Effect of posture and device on the performance authentication systems 18
2.10 Behavior authentication performance 19
第三章 多點觸控手勢認證機制 20
3.1多點觸控手勢認證機制 20
3.2實驗 27
第四章 基於使用者行為之防肩窺攻擊行動裝置認證機制 40
4.1多組手勢認證 40
4.2基於使用者行為之防肩窺攻擊行動裝置認證機制 41
4.3實驗 45
第五章 結論 49
參考文獻 50

[1]Sebastian Uellenbeck, Markus Dürmuth, Christopher Wolf, and Thorsten Holz, "Quantifying the Security of Graphical Passwords: The Case of Android Unlock Patterns," in Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, 2013, pp. 161-172.
[2]M. Lei, Y. Xiao, S. V. Vrbsky, C.-C. Li, and L. Liu, "A virtual password scheme to protect passwords," in Proceedings of IEEE International Conference on Communications (ICC '08), 2008, pp. 1536–1540.
[3]Y.-L. Chen, W.-C. Ku, Y.-C. Yeh, and D.-M. Liao, "A simple text-based shoulder surfing resistant graphical password scheme," in IEEE International Symposium on Next-Generation Electronics (ISNE‘13), 2013, pp. 161–164.
[4]I. Altiok, S. Uellenbeck, and T. Holz, "GraphNeighbors: Hampering Shoulder-Surfing Attacks on Smartphones," in Sicherheit, 2014, pp. 25–35.
[5]Y. Kita, F. Sugai, M. Park, and N. Okazaki, "Proposal and implementation of a shoulder-surfing attack resistant authentication method using two shift functions," in Proceedings of The Second International Conference on Cyber Security, Cyber Peacefare and Digital Forensic (CyberSec2013), 2013.
[6]S.-H. Kim, J.-W. Kim, S.-Y. Kim, and H.-G. Cho, "A new shoulder-surfing resistant password for mobile environments," in Proceedings of the 5thInternational Conference on Ubiquitous Information Management and Communication, 2011.
[7]M.-K. Lee, "Security Notions and Advanced Method for Human Shoulder-Surfing Resistant PIN-Entry," in IEEE Transactions on Information Forensics and Security, 2014.
[8]H. Yi, Y. Piao, and J. H. Yi, "Touch Logger Resistant Mobile Authentication Scheme Using Multimodal Sensors," in Advanced in Computer Science and its Applications, ed: Springer, 2014, pp. 19–26.
[9]Nilesh Chakraborty, Samrat Mondal, "Color Pass: An Intelligent User Interface to Resist Shoulder Surfing Attack," in Proceedings of the 2014 IEEE Students' Technology Symposium, 2014, pp.13-18.
[10]Taekyoung Kwon, Jin Hong, "Analysis and Improvement of a PIN-Entry Method Resilient to Shoulder-Surfing and Recording Attacks," IEEE Transactions on Information Forensics and Security, vol. 10, 2014, pp. 278–292.
[11]A. Bianchi, I. Oakley, V. Kostakos, and D. S. Kwon, "The phone lock: audio and haptic shoulder-surfing resistant PIN entry methods for mobile devices," in Proceedings of the 5th international conference on Tangible, embedded, and embodied interaction, 2011, pp. 197–200.
[12]T. Perkovic, M. Cagalj, and N. Rakic, "SSSL: shoulder surfing safe login," in 17th International Conference on Software, Telecommunications & Computer Networks (SoftCOM '09), 2009, pp. 270–275.
[13]N. Chakraborty and S. Mondal, "SLASS: Secure Login against Shoulder Surfing," in Recent Trends in Computer Networks and Distributed Systems Security. Springer Berlin Heidelberg, 2014, pp. 346–357.
[14]C.-C. Yao, "Shoulder surfing resistant graphical password scheme," 銘傳大學電腦與通訊工程學系碩士論文, 2011.
[15]蔡卓倫，「行動裝置防肩窺攻擊之身分認證機制」，銘傳大學電腦與通訊工程學系碩士論文，民國103年
[16]Ting-Yi Chang, Cheng-Jung Tsaib, Jyun-Hao Lina, "A graphical-based password keystroke dynamic authentication system for touch screen handheld mobile devices," Journal of Systems and Software, 2012, vol. 85, pp. 1157–1165.
[17]Hataichanok Saevanee, Pattarasinee Bhatarakosol, "User Authentication using Combination of Behavioral Biometrics over the Touchpad acting like Touch screen of Mobile Device," in Proceedings of International Conference on Computer and Electrical Engineering, 2008, pp.82-86.
[18]Toan Van Nguyen, Napa Sae-Bae, Nasir Memon, "Finger-drawn PIN Authentication On Touch Devices," in Proceedings of IEEE International Conference on Image Processing (ICIP), 2014, pp. 5002–5006.
[19]Kumi Nakamura, Kazuhiro Kono, Yoshimichi Ito, Noboru Babaguchi, "Tablet Owner Authentication Based on Behavioral Characteristics of Multi-Touch Actions," in Proceedings of the 21st International Conference on Pattern Recognition, 2012, pp. 3431–3434.
[20]Napa Sae-Bae, Nasir Memon, Katherine Isbister, Kowsar Ahmed, "Multitouch Gesture-Based Authentication," IEEE Transactions on Information Forensics and Security, vol. 9, 2014, pp. 568–582.
[21]Zahid Syed, Jordan Helmick, Sean Banerjee, Bojan Cukic, "Effect of User Posture and Device Size on the Performance of Touch-based Authentication Systems," in Proceedings of IEEE 16th International Symposium on High Assurance Systems Engineering, 2015, pp.10-17.
[22]Chao Shen, Yong Zhang, Xiaohong Guan, Roy A. Maxion, "Performance Analysis of Touch-Interaction Behavior for Active Smartphone Authentication," IEEE Transactions on Information Forensics and Security, vol. 11, 2016, pp. 498–513.