Vulnerability analysis on the image-based authentication through the PS/2 interface

Abstract

The mouse is one of the most widely used I/O devices on a computer. Most user authentication methods are password-based through the keyboard, but there exists a vulnerability through which passwords are exposed through data input, such as keyloggers. Thus, image-based authentication, which authenticates through data input from a mouse, has been discovered. Image-based authentication method is widely used in various Web sites and Internet banking services. This paper analyzes the vulnerability of image-based authentication, which is based on the input data through the mouse. This paper also analyzes an experiment where passwords are exposed by taking mouse data through the PS/2 controller, and we also implemented the proof-of-concept tool and confirm the result of mouse data exposure in the image-based authentication applied in the Internet banking service.