In computer systems, user authentication technology is required to identify users who use computers. In modern times, various user authentication technologies, including strong security features based on ownership, such as certificates and security cards, have been introduced. Nevertheless, password-based authentication technology is currently mainly used due to its convenience of use and ease of implementation. However, according to Verizon's "2022 Data Breach Investigations Report", among all security incidents, security incidents caused by password exposures accounted for 82%. Hence, the security of password authentication technology is important. Consequently, this article analyzes prior research on keyboard data attacks and defense techniques to draw the fundamental reasons for keyboard data attacks and derive countermeasures. The first prior research is about stealing keyboard data, an attack that uses machine learning to steal keyboard data to overcome the limitations of a C/D bit attack. The second prior research is an attack technique that steals keyboard data more efficiently by expanding the features of machine learning used in the first prior research. In this article, based on previous research findings, we proposed a keyboard data protection technique using GAN, a Generative Adversarial Network, and verified its feasibility. To summarize the results of performance evaluation with previous research, the machine learning-based keyboard data attack based on the prior research exhibited a 96.7% attack success rate, while the study's proposed method significantly decreased the attack success rate by approximately 13%. Notably, in all experiments, the average decrease in the keyboard data classification performance ranged from a minimum of -29% to a maximum of 52%. When evaluating performance based on maximum performance, all performance indicators were found to decrease by more than 50%.
Keywords: keyboard data; machine learning; password; user authentication.