{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T00:46:04Z","timestamp":1760143564475,"version":"build-2065373602"},"reference-count":30,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2024,2,15]],"date-time":"2024-02-15T00:00:00Z","timestamp":1707955200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"National Research Foundation of Korea (NRF)","award":["NRF-2021R1A4A2001810","2021RIS-002","1345370809"],"award-info":[{"award-number":["NRF-2021R1A4A2001810","2021RIS-002","1345370809"]}]},{"name":"National Research Foundation of Korea (NRF)","award":["NRF-2021R1A4A2001810","2021RIS-002","1345370809"],"award-info":[{"award-number":["NRF-2021R1A4A2001810","2021RIS-002","1345370809"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>In computer systems, user authentication technology is required to identify users who use computers. In modern times, various user authentication technologies, including strong security features based on ownership, such as certificates and security cards, have been introduced. Nevertheless, password-based authentication technology is currently mainly used due to its convenience of use and ease of implementation. However, according to Verizon\u2019s \u201c2022 Data Breach Investigations Report\u201d, among all security incidents, security incidents caused by password exposures accounted for 82%. Hence, the security of password authentication technology is important. Consequently, this article analyzes prior research on keyboard data attacks and defense techniques to draw the fundamental reasons for keyboard data attacks and derive countermeasures. The first prior research is about stealing keyboard data, an attack that uses machine learning to steal keyboard data to overcome the limitations of a C\/D bit attack. The second prior research is an attack technique that steals keyboard data more efficiently by expanding the features of machine learning used in the first prior research. In this article, based on previous research findings, we proposed a keyboard data protection technique using GAN, a Generative Adversarial Network, and verified its feasibility. To summarize the results of performance evaluation with previous research, the machine learning-based keyboard data attack based on the prior research exhibited a 96.7% attack success rate, while the study\u2019s proposed method significantly decreased the attack success rate by approximately 13%. Notably, in all experiments, the average decrease in the keyboard data classification performance ranged from a minimum of \u221229% to a maximum of 52%. When evaluating performance based on maximum performance, all performance indicators were found to decrease by more than 50%.<\/jats:p>","DOI":"10.3390\/s24041229","type":"journal-article","created":{"date-parts":[[2024,2,15]],"date-time":"2024-02-15T05:55:59Z","timestamp":1707976559000},"page":"1229","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Keyboard Data Protection Technique Using GAN in Password-Based User Authentication: Based on C\/D Bit Vulnerability"],"prefix":"10.3390","volume":"24","author":[{"given":"Jaehyuk","family":"Lee","sequence":"first","affiliation":[{"name":"Process Development Team, Fescaro, Suwon 16512, Republic of Korea"}]},{"given":"Wonbin","family":"Jeong","sequence":"additional","affiliation":[{"name":"Department of Information Security Engineering, Mokpo National University, Muan 58554, Republic of Korea"}]},{"given":"Kyungroul","family":"Lee","sequence":"additional","affiliation":[{"name":"Department of Information Security Engineering, Mokpo National University, Muan 58554, Republic of Korea"}]}],"member":"1968","published-online":{"date-parts":[[2024,2,15]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Conklin, A., Dietrich, G., and Walz, D. (2004, January 5\u20138). Password-based authentication: A system perspective. Proceedings of the IEEE 37th Annual Hawaii International Conference on System Sciences, Big Island, HI, USA.","DOI":"10.1109\/HICSS.2004.1265412"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"112505","DOI":"10.1109\/ACCESS.2019.2932400","article-title":"Recent Trends in User Authentication\u2014A Survey","volume":"8","author":"Shah","year":"2019","journal-title":"IEEE Access"},{"key":"ref_3","unstructured":"Ur, B., Kelley, P.G., Komanduri, S., Lee, J., Maass, M., Mazurek, M.L., Passaro, T., Shay, R., Vidas, T., and Bauer, L. (2012, January 8\u201310). How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation. Proceedings of the 21st USENIX Security Symposium (USENIX Security 12), Bellevue, WA, USA."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"5452870","DOI":"10.1155\/2019\/5452870","article-title":"Authentication and Authorization for Mobile IoT Devices Using Biofeatures: Recent Advances and Future Trends","volume":"2019","author":"Ferrag","year":"2019","journal-title":"Secur. Commun. Netw."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"78","DOI":"10.1145\/2699390","article-title":"Passwords and the Evolution of Imperfect Authentication","volume":"58","author":"Bonneau","year":"2015","journal-title":"Commun. ACM"},{"key":"ref_6","unstructured":"Dule, C.S., Rajasekharaiah, K.M., and Prashanth, B. (2020). IOP Conference Series: Materials Science and Engineering, IOP Publishing."},{"key":"ref_7","first-page":"2","article-title":"Hardware Approach to Solving Password Exposure Problem Through Keyboard Sniff","volume":"1","author":"Lee","year":"2009","journal-title":"Interfaces"},{"key":"ref_8","unstructured":"Kim, H., Huh, J., and Anderson, R. (2023, November 15). On the Security of Internet Banking in South Korea. Available online: https:\/\/ora.ox.ac.uk\/objects\/uuid:e3cf724a-ab9a-4f5a-87d0-b028e58fac7a."},{"key":"ref_9","unstructured":"Lee, S., Lee, K., and Yim, K. (2017). Advances on Broad-Band Wireless Computing, Communication and Applications: Proceedings of the 11th International Conference On Broad-Band Wireless Computing, Communication and Applications (BWCCA\u20132016), Asan, Republic of Korea; 5\u20137 November 2016, Springer International Publishing."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Yim, K. (2010, January 15\u201318). A New Noise Mingling Approach to Protect the Authentication Password. Proceedings of the 2010 International Conference on Complex, Intelligent and Software Intensive Systems, Krakow, Poland.","DOI":"10.1109\/CISIS.2010.185"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"53","DOI":"10.1109\/MSP.2017.2765202","article-title":"Generative Adversarial Networks: An Overview","volume":"35","author":"Creswell","year":"2018","journal-title":"IEEE Signal Process. Mag."},{"key":"ref_12","unstructured":"Chapweske, A. (2023, November 15). The PS\/2 Keyboard Interface. Available online: https:\/\/users.utcluj.ro\/~baruch\/sie\/labor\/PS2\/PS-2_Keyboard_Interface.htm."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Lee, K., and Yim, K. (2023). Vulnerability Analysis and Security Assessment of Secure Keyboard Software to Prevent PS\/2 Interface Keyboard Sniffing. Sensors, 23.","DOI":"10.3390\/s23073501"},{"key":"ref_14","unstructured":"Hamblen, J.O., and Furman, M.D. (2001). Rapid Prototyping of Digital Systems: A Tutorial Approach, Springer."},{"key":"ref_15","first-page":"3","article-title":"When Poll is Better Than Interrupt","volume":"12","author":"Yang","year":"2012","journal-title":"FAST"},{"key":"ref_16","unstructured":"Swindle, J. (1995). ISA System Architecture, Addison-Wesley Professional. [3rd ed.]."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"2038","DOI":"10.1016\/j.patcog.2006.12.019","article-title":"ML-KNN: A Lazy Learning Approach to Multi-label Learning","volume":"40","author":"Zhang","year":"2007","journal-title":"Pattern Recognit."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Lee, K., and Yim, K. (2020). Cybersecurity Threats Based on Machine Learning-Based Offensive Technique for Password Authentication. Appl. Sci., 10.","DOI":"10.3390\/app10041286"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"10925","DOI":"10.1109\/ACCESS.2021.3050239","article-title":"Offensive Security of Keyboard Data Using Machine Learning for Password Authentication in IoT","volume":"9","author":"Lee","year":"2021","journal-title":"IEEE Access"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"211","DOI":"10.1007\/s10994-009-5127-5","article-title":"Combining Instance-Based Learning and Logistic Regression for Multilabel Classification","volume":"76","author":"Cheng","year":"2009","journal-title":"Mach. Learn."},{"key":"ref_21","unstructured":"Sinclair, C., Pierce, L., and Matzner, S. (1999, January 6\u201310). An Application of Machine Learning to Network Intrusion Detection. Proceedings of 15th Annual Computer Security Applications Conference (ACSAC\u201999), Phoenix, AZ, USA."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"21954","DOI":"10.1109\/ACCESS.2017.2762418","article-title":"A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks","volume":"5","author":"Yin","year":"2017","journal-title":"IEEE Access"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"173","DOI":"10.1109\/TPAMI.2007.250609","article-title":"A Comparison of Decision Tree Ensemble Creation Techniques","volume":"29","author":"Banfield","year":"2006","journal-title":"IEEE Trans. Pattern Anal. Mach. Intell."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"1565","DOI":"10.1038\/nbt1206-1565","article-title":"What is a Support Vector Machine?","volume":"24","author":"Noble","year":"2006","journal-title":"Nat. Biotechnol."},{"key":"ref_25","unstructured":"Mirza, M., and Osindero, S. (2014). Conditional Generative Adversarial Nets. arXiv."},{"key":"ref_26","first-page":"10","article-title":"Ctgan vs Tgan? Which One is More Suitable for Generating Synthetic EEG Data","volume":"99","author":"Lee","year":"2021","journal-title":"J. Theor. Appl. Inf. Technol."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Shmelkov, K., Schmid, C., and Alahari, K. How Good is My GAN? In Proceedings of the European Conference on Computer Vision (ECCV), Munich, Germany, 8\u201314 September 2018.","DOI":"10.1007\/978-3-030-01216-8_14"},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"103329","DOI":"10.1016\/j.cviu.2021.103329","article-title":"Pros and Cons of GAN Evaluation Measures: New Developments","volume":"215","author":"Borji","year":"2022","journal-title":"Comput. Vis. Image Underst."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Berger, V.W., and Zhou, Y.Y. (2014). Kolmogorov\u2013Smirnov Test: Overview. Wiley StatsRef Stat. Ref. Online.","DOI":"10.1002\/9781118445112.stat06558"},{"key":"ref_30","unstructured":"Nowozin, S., Cseke, B., and Tomioka, R. (2016). Advances in Neural Information Processing Systems 29 (NIPS), Cornell University."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/24\/4\/1229\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T14:00:01Z","timestamp":1760104801000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/24\/4\/1229"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,2,15]]},"references-count":30,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2024,2]]}},"alternative-id":["s24041229"],"URL":"https:\/\/doi.org\/10.3390\/s24041229","relation":{},"ISSN":["1424-8220"],"issn-type":[{"type":"electronic","value":"1424-8220"}],"subject":[],"published":{"date-parts":[[2024,2,15]]}}}