摘要
隨著智慧型裝置在生活中漸漸普及,使用者可隨時隨地使用智慧型裝置作為網路服務的平台,代表著有越來越多的隱私訊息會存在於裝置中,現有的智慧型裝置雖有搭配各種不同的身分驗證機制,但系統常用的身分認證無法抵擋肩窺攻擊。因此許多預防肩窺攻擊的方法被提出,但是有些方法太過複雜造成使用不易,所以我們希望認證系統能不造成使用上負擔,並能達到防禦肩窺攻擊,且對於其他的攻擊行為也能達到足夠的安全性。本研究提出了一個能防禦肩窺攻擊之多點觸控手勢認證系統,藉由智慧型裝置觸控螢幕擷取使用者多點觸控之手勢,使用者能在驗證時改變手勢混淆攻擊者,使攻擊者即使觀察也無法得知使用者所使用來通過認證之手勢密碼。我們的方法確實能改善能防禦肩窺攻擊,並能提高系統之安全性。
並列摘要
In recent years, due to the popularity of smart phones, users can use smart devices as platforms for internet services anywhere and anytime; therefore increasing number of credential messages are stored on smart devices. Smart devices have many methods of authentication, but there is a major problem - the shoulder-surfing attack. Many researches were proposed to resist shoulder-surfing attacks, but some of them are too complicated and can't prevent attacks record. In this paper, we propose a method to defense shoulder-surfing attacks and recording attacks. We use the touch screen to capture users' behavior-touch gestures. Users can change the verification gestures to confuse the attacker. Even if the attacker can observe or record the verification process, he doesn't know the correct password gestures. Our approach can defense shoulder surfing attacks and improve the security of the system.
延伸閱讀
- 張源平(2007)。建構於系統核心之點擊造假攻擊防禦系統〔碩士論文,國立中央大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0031-0207200917350209
- 沈昱丞(2019)。基於安全性之行動輔助機器人操控系統開發〔碩士論文,國立交通大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0030-0306202016382283
- Lin, C. H. (2008). 行動通訊的安全機制之設計與應用 [master's thesis, National Taichung University of Science and Technology]. Airiti Library. https://www.airitilibrary.com/Article/Detail?DocID=U0061-1811200915323698
- 柯力群、林良宇、王煥文、彭幼玲、葉于榕(2009)。一種用於無線感測網路的新型動態使用者身份認證機制。電腦與通訊,(127),27-34。https://doi.org/10.29917/CCLTJ.200903.0005
- 呂臣恩(2007)。在行動無線射頻辨識系統上的認證機制〔碩士論文,國立清華大學〕。華藝線上圖書館。https://doi.org/10.6843/NTHU.2007.00301