| 摘要: | 近年來,智慧型手機幾乎成為不可或缺的物品,人類的生活逐漸與智慧型手機息息相關。使用者於智慧型手機使用的功能中,其中一些活動涉及使用者的重要隱私,如果手機遭竊取,盜竊者將能執行應用程式並偷取隱私資訊,這對使用者必有莫大的傷害。智慧型手機給生活帶來便利的同時,安全性也成為重要議題。
在手機使用者身分驗證機制中,生物識別驗證方法逐漸取代傳統驗證,確立使用者的獨特性來提供更可靠的驗證方法。多數有關於生物識別的研究較著重於系統的辨識準確度以及效能,然而,身為身分驗證系統,安全性必然也是重要的議題。生物識別驗證雖然提供更可靠、安全的機制,但與其他驗證系統一樣,存在漏洞及被入侵的風險。其中,輸入階段攻擊是最顯而易見的,特別是使用者偽造攻擊(Impersonation Attack),攻擊者透過模仿、偽造合法使用者的生物特徵,將此特徵輸入至特徵接收器,欺騙驗證系統為合法使用者本人,借此入侵系統。在一些基於行為特徵的生物識別報告中,也提出入侵者可能透過模仿合法使用者行為通過系統驗證。欲提升基於行為的生物識別系統的安全性,特徵模仿類型攻擊必然為重要的課題。
本研究參考其他基於行為特徵之生物識別系統研究使用者偽造攻擊的方法,確認目前基於操作行為之智慧型手機驗證系統能藉由模仿合法使用者行為偽造成合法使用者本人進行非法存取。為了針對此問題改善系統,本研究找尋行為可能容易模仿之使用者,並嘗試分析不同使用者之個人驗證模型中重要特徵的數量,觀察是否與使用者行為的容易被模仿程度有關。
;In recent years, smartphones have become indispensable for human. Daily life is closely related to smartphones. Among the application used by the user on the smart-phone, some of the functions involve the user’s important privacy. If the smartphone is stolen, the thief will be able to execute the application and steal private information, which will do great harm to the user. While smart phones bring convenience to life, security has also become an important issue.
In the smartphone authentication, biometrics gradually replaces traditional authentication, provides a more reliable solution by establishing the uniqueness of the user. Most research on biometrics focuses on the accuracy and performance. However, as an authentication system, security must also be an important issue. Although biometrics provides a more reliable and safe mechanism, like other authentication systems, there are potential risks. The input level attack is the most obvious, especially the impersonation attack. The attacker invades the system by mimicking and forging the biological characteristics of the legal user, sends the fake characteristic into the receiver, deceiving the authentication system as the legal user himself. In some survey of behavioral biometrics, it mentioned that attackers may pass the authentication by mimicking the behavior of legal users. To improve the security of behavioral biometric systems, Mimicking attacks must be an important issue.
In this study, we refer to the research method of impersonation attack on other type of behavior biometrics to confirm that current touch-based behavioral authen-tication may get illegal access by mimicking legal user’s behavior. To solve this problem, we seek out the user whose behavior may be easy to mimic, and try to analyze the amount of important feature in the individual of different users to see if there is a relation to the extent of easily mimic for a user. |
