| Summary: | As smart phones are becoming widely used, a variety of services to store and use important information such as photos and financial information are now provided. User authentication to protect this information is increasingly important. The commonly used 4-digit PIN, however, is vulnerable to the Brute Force Attack, Shoulder-Surfing Attack, and Recording Attack. Various authentication techniques are being developed in order to solve these problems. However, the technique that provides perfect protection, even from the Recording Attack, is not yet known, and in most cases, a password can be exposed by multiple Recording Attacks. This paper proposes a new user authentication method that protects against a Recording Attack from spyware on the user's smart phone. The proposed method prevents password exposure by multiple Recording Attacks, is implemented on a real Android phone, and has been evaluated for usability.
|
|---|