Printer Friendly

A mathematical model: preventing active and passive attacks in mobile banking scenario.

INTRODUCTION

M-commerce is defined as the delivery of trusted transaction services over mobile devices for the exchange of services between consumers, merchants and financial institutions. Mobile Commerce is an evolving area of E Commerce, where users can interact with the service providers through a mobile and Wireless network, using mobile device for information retrieval and transaction processing. Therefore in the nearby future, almost all transactions are made via portable devices like smart phones and digital wallets. The issues occurring in now a day getting increased with vulnerable attacks like shoulder surfing, screen shots while hitting the keyboards or man in the middle attack. Analysis with stringent experiments is conducted all over the world to avoid or at least to reduce these types of open environment as well as passive attacks as shown in the fig 1 a.

[FIGURE 1 OMITTED]

2. Literature Review:

2.1 Drag-and-Type: A New Method for Typing with Virtual Keyboards on Small Touch screens T. KWON et.al. (2130).

It developed unique drag and tap and drag and drop model in the mobile virtual keyboard with small flat touch screen enables those consumers to navigate various kinds of services and applications very easily, promptly, and intuitively with their fingers. The small touch screen is also changing the way of typing alphanumeric characters on those devices. Without a physical keyboard, today's smart phones popularly present virtual keyboards, aka software keyboards based on the high-resolution of small touch screens, e.g., 4.8"1280*720 pixels (306 ppi) and 3.5"640*960 pixels (326 ppi) in commodities. To input alphanumeric keys (PIN), for example, consumers may tap their fingers on the small virtual keyboard through the small touch screen but there exist at least two concerns that strongly motivate this study

The problem of drag and tap or drag and type with random key order would take too much time say 20 to 30 sec on an average. It may lead to session time out and increased error rate while typing. It does not is not focus onwhich mechanism is captured the Biometric data andno secure encryption algorithm is provided to transmitthe biometric fingerprint image to the server side. Italso does not focus on the Fuzzy logic threshold level rules.

2.2 On the Privacy Risks of Virtual Keyboards: Automatic Reconstruction of Typed Input from Compromising Reflections. RAGURAMet al (2002).

This paper discusses about the security breaches occurring via shoulder surfing attacks. Most of the surfing can be compromised by using camera and direct reflections from the sun glasses wear by the customer or end user in the public or crowd places.

The shoulder surfer can capture video using surveillance camera using his/her high end smart phone or web camera. From various point of scale or distance using perfect camera the shoulder surfer can eves drop the data entered by the customer/end user. One disadvantage here wants to discuss that if the virtual key entered is visual echo hided one means, the surveillance camera lost compromising criteria.

3. System Design:

To protect the password or Pin, the starting point (login PIN) itself considered as to be secure. In order to resist against the attacker (shoulder surfer), the keyboard of the mobile should have random keys for the attacker to guess the exact password and it should highly probable to type for the original user as shown in the fig 2.

3.1 Existing system in mobile virtual keyboard:

A smart phone is now becoming a part of electronics consumer's lives and turns out to be one of the most popularly used consumer electronic devices. Its small flat touch screen enables those consumers to navigate various kinds of services and applications very easily, promptly, and intuitively with their fingers. The small touch screen is also changing the way of typing alphanumeric characters on those devices. Without a physical keyboard, today's smart phones popularly present virtual keyboards, aka software keyboards based on the high-resolution of small touch screens, e.g., 4.8"1280*720 pixels (306 ppi) and 3.5"640*960 pixels (326 ppi) in commodities. To input alphanumeric keys for example, consumers may tap their fingers on the small virtual keyboard through the small touch screen but there exist at least two concerns that strongly motivate this study RAGURAM et al (2002).

[FIGURE 2 OMITTED]

First, the smart phone users are frequently experiencing difficulties and also many errors in typing alphanumeric keys (PIN) with their thick thumbs because a small virtual keyboard even with the reduced set of touchable keys can only provide tiny size keys to the users (Go, K. and Y. Endo, 2007). Unfortunately, such a larger key may only allow a partial keyboard layout having the reduced set of keys on the small touch screen, e.g., separate layouts for alphabets and numeric (and/or special) characters, and pop-up keys for rendering more characters on the keys at best. Note that the partial keyboard layout requires a number of switches between distinct layouts.

[FIGURE 3 OMITTED]

As illustrated in Fig. 3.1.1-(a), even worse, a visual echo, i.e., the most widely used response method on the virtual keyboard, can be occluded and hidden under the thick thumb with blunt touch. Second, the consumers are susceptible to malicious people nearby or spyware inside as discussed by Cai and H. Chen et. al.: Key Logger Aug 2011. They can capture the key input, particularly secret input such as a password, in mobile environments. As illustrated in Fig. 3.1.1-(b), when the visual echo is eminently shown bigger, the malicious people nearby can read what actually was entered by the consumer. This is called a shoulder-surfing attack that is more effective in a crowded place. In this paper, the two concerns regarding accuracy and security motivated the authors to develop a new style of typing.The full layout of the virtual keyboard presented on the small touch screens. It was found that the proposed method can particularly be used for accurate and secure typing on the small touch screen regarding securitysensitive consumer electronics applications.

Drawbacks of the Existing System (Random Keyboard with Drag and Drop).

a) Time taken to enter the password or PIN requires more than ordinary entry time.

b) Error rate while typing the password is too high.

c) Session time lapsed due to error and password entry.

3.2 Proposed System of Highest Hit Rate Key Based Partially Ordered Input Method

a) Partial ordered set: In the proposed structure, the key input PIN would be in random but the order of making shuffled keys is different (Raguram et al 2013). To make it partially ordered, by considering PARTIALLY ORDERED SET and LATTICE structure of Hasse diagram to arrange the key according to the number of hits as shown in the fig 3. Let us consider the key inputs as u, v, w, and z. The simple logic in the "poset" (partially ordered set) is number of highest values get placed in the upper bound than the lower bound keys set (Raguram et al 2013).

[FIGURE 4 OMITTED]

b) Hit Rate: From the below fig 3 mentioned, if the key z's hit is more than the hit rate of u, v which is in the middle order of the row in the virtual keyboard fig 4.

[FIGURE 5 OMITTED]

C. Input Interface: It is possible to enter the character accurately with visual selected key echo and vibration feedback (S. Zhai et.al. 2002). A user has to verify the location of the target character keys before touching on the touch screen. When the touch event, e.g., ACTION_DOWN, is occurred, the proposed keyboard hides all keys automatically without an additional action, e.g., pressing the hide key button. So a user has no extra burden to enter the characters with this method.

[FIGURE 6 OMITTED]

4. mplementation and Results: a. Distributive and Non-distributive Lattice:

Boolean values 0 and 1 are the lowest and highest hits measurable counts in the key rows. Let us consider the single value 'a' as the hit or input as shown in the fig 6.1.a.The value has upper bound as 1 and lower bound as 0. If more than one input is typed in the keyboard layout say a set S = {a, b, c, d, e, f, g} as shown in the fig 6.1 b. According to the relations between the input keys (i.e) based on hits occurred in the virtual key, the keys get shuffled and ordered from the lowest row say [R.sub.n-1] to highest [R.sup.I.sub.0]. The basic concept behind this ordering is distributive lattice with their relations. The central row [R.sub.1] has threeinput keys a, d, g. Among those virtual key 'd' has highest relation with other virtual keys.

In the same fig 6.1 a) another set of diagrammatic representation reveals that, an unordered pair of arrangement in fig a. this is sometimes due irregular hit rates of the virtual key inputs.

[FIGURE 7 OMITTED]

Distributive Lattice Algorithm for Retrieval of the covering graph

Data: An ideal tree T (L) = (V,F)

The adjacency list of immediate predecessors, sorted in non-increasing order of their labels, for every vertex I [member of] V in the covering graph G(L) = (V,U) of the corresponding lattice L.
PSEUDOCODE:
begin
for eachk [member of] [1...n] do
     Compute SORT[k] the list of elements with
label k in T(L);
     for k=n downto 1 do
     for each I [member of] SORT[k] do
     ImPred(I)[left arrow]{};
     J' [left arrow] the first element in ImPred(Parent(I)) ;
     WhileJ'[not equal to]I do
     Let J be the child of J' with label k;{J is the
first child of J'}
     ImPred(I)[left arrow]ImPred(I) U {J};
     J'[left arrow]the next element in ImPred(Parent(I));
     ImPred(I) [left arrow]ImPred(I) U Child(I);

     For eachI [member of] SORT [k] do
     Delete I from the list of children of its parent;
     end


If a shoulder surfer especially in the public or crowd environment visualizing your password during the mobile transaction, able to notify the highlighted letter, virtual input key's current location and position, order of entry and row with which the key input has pressed as explained in the fig 2. To avoid all this things, randomized key generation along with that distributive or non-distributive relative partial ordering mechanism is used. In the fig 6.2 (a) given below, the regular orientation of virtual keys in the keyboard layout. Fig 6.2 (b) shows that the random orientation of keys and hiding all the virtual keys while touching the virtual keypad. It will ensure that, the typed password letters are protected from the screen shot attack and man-in-the-middle attack.

[FIGURE 8 OMITTED]

b. Time complexity for the attacks:

Let us consider the 6*6 array matrix, alphabets (a, b, .z) are 26 letters and numeric values (0, 1,.9) are 10 numbers thus totally 36 alphanumeric keys with their input combination of ([36.sup.8])~O([n.sup.a]). Where, 'n'is the number of combination of input characters (say numbers=0 to 9 and alphabets = a to z).The value of 'a' depends on the number of password length character. Let us consider the sample alphanumeric password '7SIVA951'. The Brute force attack needs O (36a) unit time required to compute. If we want to consider the special characters, the array matrix increases accordingly to 7*7 matrixes etc. For the 6*6 matrix of keys, the password keys entered in the beginning stage is almost random and time taking process. Therefore it took more time to find the exact key input as shown in the fig 7. After one or two time entry level the upcoming regeneration are customer friendly because of lattice relation.

In order to increase the speed of the password entry time and completing the task within the given session, the password PIN should be easily identifiable for the customer only and not for the others.In this matrix given in the fig 7, the highlighted (red colored) letters be the PIN 7NSVL. The first letter would be 7 and so on. At the second time of the entry, the 7 key PIN would be at the first row but shuffled within that row in order to confuse the attacker. The same way all other keys also shuffled in the respective rows by their Partial order number and hits (RANK). During every hit of the touch screen, all the virtual keys getting hided and reshuffled within that row itself as discussed in (S. Wiedenbeck et al May 2006). This causes the adversary getting more complexity to find the correct and complete PIN.

DISCUSSIONS:In table 2, the analysis made with different touch screen size like 3.5", 4", 4.5", 5", 6" touch screen mobile phones. The key letters vary from 3square millimeter to 4.0 millimeter square. The distance between adjacent key letters is average of 0.27 mm.

The discussion considered among various virtual keypad structures like QWERTY, regular, and regular (echo), random keypad, sec3pass (D. S. Tan et.al. 2005) and our proposed hit rate based partial ordered key. The constraints are as follows.

a) Total no. of. Participants =18.

b) Skilled in typing also LITERA TED=11.

c) Semi-skilled in typing also LITERATED=4.

d) Un-skilled in typing also SEMILITERATED=3.

The experimental results shows that the error rate increases when decrease in the size of the touch screen mobiles as shown in the table 2.

Results:

Another important inference obtained from that is the time required to type analphanumeric character of size 8 would be very less in high screened regular keyboard for most of the participants and vice-versa (V. Balakrishnan et al. 2008). The average successful hit of a complete eight digit password in different sized mobiles are also varies accordingly.

While comparing the ordinary random ordered keys with the proposed partial order keys, there is a considerable variation seen between these two variant keyboards. On an average, in the public environment while travelling in a bus or train the end-user must aware about the attackers (anywhere in the open public) and may safeguard their digital wallets like password using this type of indirect password methods.The results corresponding to the input.

Conclusion:

This method was extended to its secure virtual keyboard version called Hit Rate virtual key to deal with shoulder surfing and spyware attacks. The Secure method was more efficient and/or more secure compared to the related authentication methods. The user studies and the attack experiments conducted in this paper confirm that it would be promising to adapt this user friendly random key access method. When a more accurate typing is preferred, and this method when a more accurate and securing typing is required on the consumer electronic devices. Specifically, a secure (and accurate) password entry can be achieved by the Secure input key method. The limitation is it can only resist a touch-based spyware attack. In the future study, a new method will be explored to resist an advanced spyware attack based on recording the whole interactions between consumer and electronic device through the small high-resolution touch screens.

ARTICLE INFO

Article history:

Received 23 July 2015

Accepted 28 August 2015

Available online 25 September 2015

REFRERENCE

Arun prakash, R. et al, 2011. Improved Pin distribution techniques in m-commerce, science direct, GCSE 2011: 28-30.

Balakrishnanm V. and P. Yeow, 2008. A studyof the effect of thumb sizes on mobile phone texting satisfaction, Journal of Usability Studies, 3: 118-128.

Cai, L. and H. Chen, 2011. TouchLogger: Inferring keystrokes on touch screen from smartphone motion, in Proc. USENIX Conference on Hot Topics in Security, San Francisco, USA,

Go, K. and Y. Endo, 2007. "CATKey: Customizable and adaptable touchscreen keyboard with bubble cursor-like visual feedback," in Proc. IFIP TC 13 International Conference on HumanComputer Interaction, Rio de Janeiro, Brazil, LNCS 4662, pp: 493-496.

Ichbian, J.D., 1996. "Method for designing an ergonomic one-finger keyboard and apparatus therefor," In US patent 5487616.

Kwon, T. et al., 2002. Drag-and-Type: A New Method for Typing with Virtual Keyboards on Small Touch screens. IEEE Transactions on Consumer Electronics, 60(1) S. Zhai, M. Hunter, and B. A. Smith, "Performance optimization of virtual keyboards," Human-Computer Interaction, 17.

Kwon, T., S. Na and S. Park, 2013. Drag-andType: A new method for typing with virtual keyboards on small touch screens, in Proc. IEEE International Conference on Consumer Electronics, Las Vegas, USA, pp: 460-461.

Raguram et al, 2013. On the Privacy Risks of Virtual Keyboards:Automatic Reconstruction of Typed Input from Compromising Reflections, In IEEE Transactions on Dependable and Secure Computing, 10(3).

(1) Singaravelan N and (2) Bakyalakshmi N

(1) Department of computer science and Engineering, 1Master of Engineering, AMACE, Kancheepuram. India

(2) Department of computer Science and Engineering, Bachelor of Engineering, UCE, ARNI CAMPUS, Tiruvannamaalai, India.

Corresponding Author: R. Arun Prasath, Department of computer science and Engineering, 1Master of Engineering, AMACE, Kancheepuram. India
Table 2: Analysis of password entry time, occurrence of success,
error rate in different sized touch screens

X-AXIS 'DISPLAY SIZE OF TOUCH   3.5"                4.0"
SCREEN AND THEIR KEYBOARD.      REG    RAN   PROP   REG    RAN    PROP
Y-AXIS 'ALPHA NUMERIC SIZE 8

TIME 10 ENTER (SEC)             14.9   17     15     13    16.3   14.7

NO,OF,TRY REQ FOR               2.7    6.1   4.0    2.3     5     3.8
CORRECT ENTRY

AVG ERROR RATE                  2.8    4.3   3.3    2.55   3.90   3.0

X-AXIS 'DISPLAY SIZE OF TOUCH   4.5"                 5"
SCREEN AND THEIR KEYBOARD.      REG    RAN    PROP   REG   RAN    PROP
Y-AXIS 'ALPHA NUMERIC SIZE 8

TIME 10 ENTER (SEC)              12    15.6    13    11     14     12

NO,OF,TRY REQ FOR               1.7    4.8    3.5    1.5   43.    3.3
CORRECT ENTRY

AVG ERROR RATE                  2.4    3.72   2.75   2.1   3.2    2.5

X-AXIS 'DISPLAY SIZE OF TOUCH   6"
SCREEN AND THEIR KEYBOARD.      REG    REG    RAN
Y-AXIS 'ALPHA NUMERIC SIZE 8

TIME 10 ENTER (SEC)             10.5    13    11.2

NO,OF,TRY REQ FOR               1.4    4.1    3.08
CORRECT ENTRY

AVG ERROR RATE                  1.79   2.9    2.33

Fig. 1a: List of parameters and their response RAGURAM et al (2002)

                                  Integrated   MicroSD   Stickers,
                                  NFC                    Fovs

Reliability                       (e)          (c)       (d)
Transaction Speed                 (e)          (e)       (e)
Security                          (e)          (e)       (d)
Ease-of-Use                       (e)          (d)       (d)
Wallet Functionality              (e)          (e)       (a)
Acceptance                        (b)          (b)       (b)
Device Availability               (a)          (d)       (d)
Additional Value Add Application  (d)          (d)       (a)

                                  Bar Codes   Payments in   SMS
                                  Fovs        the Clouds

Reliability                       (b)         (d)            (b)
Transaction Speed                 (d)         (c)            (b)
Security                          (b)         (c)            (c)
Ease-of-Use                       (d)         (c)            (c)
Wallet Functionality              (a)         (e)            (a)
Acceptance                        (b)         (a)            (a)
Device Availability               (e)         (e)            (e)
Additional Value Add Application  (c)         (e)            (a)

Legend

WORST (a) (b) (c) (d) (e) BEST

Fig. 9: The Array Matrix with Random order of keys

Array    C0     C1       C2       C3    C4     C5

RO        7      A       X        6      M      K
R1        D      J       0        5      J      L
R|2       9      4       B        Z      C      G
R3        E      8       Y        Y      Y      H
R1        0      T       R        P      1      3
R5        Q      I       S        U      Y     TV
        SHIFT   TAB   SPL CHAR   CAPS   DEL   ENTER

Fig. 10: Results Obtained For the Proposed Partial Ordered Random
Key Input.

           INPUT TIME(SEC)   USER FRIENDLY   ERROR RATE(no of errors)

REGULAR    10                4               50
RANDOM     25                14              20
secPAS     30                10              25
PROPOSED   21                7               40

Note: Table made from bar graph.
COPYRIGHT 2015 American-Eurasian Network for Scientific Information
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2015 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Singaravelan, N.; Bakyalakshmi, N.
Publication:Advances in Natural and Applied Sciences
Article Type:Report
Date:Aug 1, 2015
Words:3263
Previous Article:A detailed review and approach on prediction of ductile fracture behavior of materials using ANN and DOE techniques.
Next Article:Performance analysis of rotor position estimation of SRM using artificial neural network techniques.
Topics:

Terms of use | Privacy policy | Copyright © 2021 Farlex, Inc. | Feedback | For webmasters