Zhen Ling,Junzhou Luo,Yaowen Liu,Ming Yang,Kui Wu,Xinwen Fu

DOI: https://doi.org/10.1109/INFOCOM.2018.8485939

2018-01-01

Abstract:Smart mobile devices have become an integral part of people's life and users often input sensitive information on these devices. However, various side channel attacks against mobile devices pose a plethora of serious threats against user security and privacy. To mitigate these attacks, we present a novel secure Rack-of-Device (BoD) input system, SecTap, for mobile devices. To use SecTap, a user tilts her mobile device to move a cursor on the keyboard and tap the back of the device to secretly input data. We design a tap detection method by processing the stream of accelerometer readings to identify the user's taps in real time. The orientation sensor of the mobile device is used to control the direction and the speed of cursor movement. We also propose an obfuscation technique to randomly and effectively accelerate the cursor movement. This technique not only preserves the input performance but also keeps the adversary from inferring the tapped keys. Extensive empirical experiments were conducted on different smart phones to demonstrate the usability and security on both Android and iOS platforms.

Matthew Lakier,Dimcho Karakashev,Yixin Wang,Ian Goldberg

DOI: https://doi.org/10.48550/arXiv.1908.09165

2019-08-25

Abstract:Smartphones store a significant amount of personal and private information, and are playing an increasingly important role in people's lives. It is important for authentication techniques to be more resistant against two known attacks called shoulder surfing and smudge attacks. In this work, we propose a new technique called 3D Pattern. Our 3D Pattern technique takes advantage of a new input paradigm called pre-touch, which could soon allow smartphones to sense a user's finger position at some distance from the screen. We implement the technique and evaluate it in a pilot study (n=6) by comparing it to PIN and pattern locks. Our results show that although our prototype takes about 8 seconds to authenticate, it is immune to smudge attacks and promises to be more resistant to shoulder surfing.

Cryptography and Security,Human-Computer Interaction

Qinggang Yue,Zhen Ling,Xinwen Fu,Benyuan Liu,Kui Ren,Wei Zhao

DOI: https://doi.org/10.1145/2660267.2660288

2014-01-01

Abstract:In this paper, we introduce a novel computer vision based attack that automatically discloses inputs on a touch-enabled device while the attacker cannot see any text or popup in a video of the victim tapping on the touch screen. We carefully analyze the shadow formation around the fingertip, apply the optical flow, deformable part-based model (DPM), k-means clustering and other computer vision techniques to automatically locate the touched points. Planar homography is then applied to map the estimated touched points to a reference image of software keyboard keys. Recognition of passwords is extremely challenging given that no language model can be applied to correct estimated touched keys. Our threat model is that a webcam, smartphone or Google Glass is used for stealthy attack in scenarios such as conferences and similar gathering places. We address both cases of tapping with one finger and tapping with multiple fingers and two hands. Extensive experiments were performed to demonstrate the impact of this attack. The per-character (or per-digit) success rate is over 97% while the success rate of recognizing 4-character passcodes is more than 90%. Our work is the first to automatically and blindly recognize random passwords (or passcodes) typed on the touch screen of mobile devices with a very high success rate.

Kai Wang,Richard Mitev,Chen Yan,Xiaoyu Ji,Ahmad-Reza Sadeghi,Wenyuan Xu

2022-01-01

Abstract:Capacitive touchscreens have become the primary human-machine interface for personal devices such as smartphones and tablets. In this paper, we present GhostTouch, the first active contactless attack against capacitive touchscreens. Ghost Touch uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it. By tuning the parameters of the electromagnetic signal and adjusting the antenna, we can inject two types of basic touch events, taps and swipes, into targeted locations of the touchscreen and control them to manipulate the underlying device. We successfully launch the Ghost Touch attacks on nine smartphone models. We can inject targeted taps continuously with a standard deviation of as low as 14.6 x 19.2 pixels from the target area, a delay of less than 0.5s and a distance of up to 40mm. We show the real-world impact of the Ghost Touch attacks in a few proof-of-concept scenarios, including answering an eavesdropping phone call, pressing the button, swiping up to unlock, and entering a password. Finally, we discuss potential hardware and software countermeasures to mitigate the attack.

Man Zhou,Yuting Zhou,Shuao Su,Qian Wang,Qi Li,Shengshan Hu,Chunwu Yu,Zhengxiong Li

DOI: https://doi.org/10.1109/tmc.2023.3338148

IF: 6.075

2024-01-01

IEEE Transactions on Mobile Computing

Abstract:Pattern lock is widely used for user authentication in mobile devices due to its simplicity and ease of remembering. However, it is vulnerable to various attacks, e.g. , shoulder surfing attacks. In this paper, we propose FingerPattern, a novel enhanced pattern lock authentication system by using friction sound as a second authentication factor. When the user inputs the pattern by swiping his/her fingertip on the screen, the friction sound is generated based on the user's fingerprint and is unique. Thus, FingerPattern can identify and rule out the illegality by utilizing fingerprint-dependent friction sound even if the adversary has inferred the pattern. By this method, FingerPattern secures pattern lock without the need for a change in user unlocking habits. Extensive experiments demonstrate that FingerPattern can identify legitimate users with 97.5% TAR in one attempt and defend against various attacks ( e.g. , only 16.8% FAR in five attempts even if the adversary can clearly spy on the user's unlocking process). FingerPattern can be incorporated into the existing pattern lock of mobile devices, which is cost-free. Furthermore, a user experience study shows that FingerPattern is well-received by users.

Yang Zhang,Peng Xia,Junzhou Luo,Zhen Ling,Benyuan Liu,Xinwen Fu

DOI: https://doi.org/10.1145/2381934.2381947

2012-01-01

Abstract:Oily residues left by tapping fingers on a touch screen may breach user privacy. In this paper, we introduce the fingerprint attack against touch-enabled devices. We dust the touch screen surface to reveal fingerprints, and use an iPhone camera to carefully photograph fingerprints while striving to remove the virtual image of the phone from the fingerprint image. We then sharpen the fingerprints in an image via various image processing techniques and design effective algorithms to automatically map fingerprints to a keypad in order to infer tapped passwords. Extensive experiments were conducted on iPad, iPhone and Android phone and the results show that the fingerprint attack is effective and efficient in inferring passwords from fingerprint images. To the best of our knowledge, we are the first using fingerprint powder on touch screen and inferring passwords from fingerprints. Video at http://www.youtube.com/watch?v=vRUbJIcV9vg shows the dusting process on iPhone and video at http://www.youtube.com/watch?v=6jS6KroER3Y shows the dusting process on iPad. After dusting, password characters for login are clearly disclosed.

Huijie Chen,Fan Li,Wan Du,Song Yang,Matthew Conn,Yu Wang

DOI: https://doi.org/10.1145/3411809

2020-01-01

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies

Abstract:Inputting a pattern or PIN code on the touch screen is a popular method to prevent unauthorized access to mobile devices. However, these sensitive tokens are highly susceptible to being inferred by various types of side-channel attacks, which can compromise the security of the private data stored in the device. This paper presents a second-factor authentication method, TouchPrint, which relies on the user's hand posture shape traits (dependent on the individual different posture type and unique hand geometry biometrics) when the user inputs PIN or pattern. It is robust against the behavioral variability of inputting a passcode and places no restrictions on input manner (e.g., number of the finger touching the screen, moving speed, or pressure). To capture the spatial characteristic of the user's hand posture shape when input the PIN or pattern, TouchPrint performs active acoustic sensing to scan the user's hand posture when his/her finger remains static at some reference positions on the screen (e.g., turning points for the pattern and the number buttons for the PIN code), and extracts the multipath effect feature from the echo signals reflected by the hand. Then, TouchPrint fuses with the spatial multipath feature-based identification results generated from the multiple reference positions to facilitate a reliable and secure MFA system. We build a prototype on smartphone and then evaluate the performance of TouchPrint comprehensively in a variety of scenarios. The experiment results demonstrate that TouchPrint can effectively defend against the replay attacks and imitate attacks. Moreover, TouchPrint can achieve an authentication accuracy of about 92% with only ten training samples.

Kaishun Wu,Yandao Huang,Wenqiang Chen,Lin Chen,Xinyu Zhang,Lu Wang,Rukhsana Ruby

DOI: https://doi.org/10.1109/tmc.2020.2976007

IF: 6.075

2021-06-01

IEEE Transactions on Mobile Computing

Abstract:Smart wristband has become a dominant device in the wearable ecosystem, providing versatile functions such as fitness tracking, mobile payment, and transport ticketing. However, the small form-factor, low-profile hardware interfaces and computational resources limit their capabilities in security checking. Many wristband devices have recently witnessed alarming vulnerabilities, e.g., personal data leakage and payment fraud, due to the lack of authentication and access control. To fill this gap, we propose a secure text pin input system, namely Taprint, which extends a virtual number pad on the back of a user's hand. Taprint builds on the key observation that the hand "landmarks", especially finger knuckles, bear unique vibration characteristics when being tapped by the user herself. It thus uses the tapping vibrometry as biometrics to authenticate the user, while distinguishing the tapping locations. Taprint reuses the inertial measurement unit in the wristband, "overclocks" its sampling rate with the cubic spline interpolation to extrapolate fine-grained features, and further refines the features to enhance the uniqueness and reliability. Extensive experiments on 128 users demonstrate that Taprint achieves a high accuracy (96 percent) of keystrokes recognition. It can authenticate users, even through a single-tap, at extremely low error rate (2.2 percent), and under various practical usage disturbances.

computer science, information systems,telecommunications

Zhenkun Zhou,Jiangqin Wu

DOI: https://doi.org/10.1145/2512349.2514912

2013-01-01

Abstract:This paper presents Sidelock, a tangible authentication prototype on mobile devices. Grasp events and finger gestures are sensed by twenty capacitive sensors on left and right sides. They were used in a two-phase authentication process, in which grasp pattern wakes up devices and a 1-D template-based gesture recognizer verifies if input matches pre-defined password templates. Compared with other popular authentication approachers like PINs or grid lock, Sidelock has much larger password space and approximate recognition speed, with only 5.3% critical errors. The prototype could be minimized and embedded broadly in many common mobile devices. The user feedback suggests it is an memorable and acceptable authentication method.

M S A Noman Ranak,Saiful Azad,Nur Nadiah Hanim Binti Mohd Nor,Kamal Z Zamli

DOI: https://doi.org/10.1371/journal.pone.0186940

IF: 3.7

2017-10-30

PLoS ONE

Abstract:Due to recent advancements and appealing applications, the purchase rate of smart devices is increasing at a higher rate. Parallely, the security related threats and attacks are also increasing at a greater ratio on these devices. As a result, a considerable number of attacks have been noted in the recent past. To resist these attacks, many password-based authentication schemes are proposed. However, most of these schemes are not screen size independent; whereas, smart devices come in different sizes. Specifically, they are not suitable for miniature smart devices due to the small screen size and/or lack of full sized keyboards. In this paper, we propose a new screen size independent password-based authentication scheme, which also offers an affordable defense against shoulder surfing, brute force, and smudge attacks. In the proposed scheme, the Press Touch (PT)-a.k.a., Force Touch in Apple's MacBook, Apple Watch, ZTE's Axon 7 phone; 3D Touch in iPhone 6 and 7; and so on-is transformed into a new type of code, named Press Touch Code (PTC). We design and implement three variants of it, namely mono-PTC, multi-PTC, and multi-PTC with Grid, on the Android Operating System. An in-lab experiment and a comprehensive survey have been conducted on 105 participants to demonstrate the effectiveness of the proposed scheme.

Yutong Liu,Linghe Kong,Yifeng Cao,Vahan Sarafian,Long Cheng,Guihai Chen

DOI: https://doi.org/10.1109/padsw.2018.8644559

2018-01-01

Abstract:Smart devices (e.g., smartphones or tablets) have become an indispensable part of our daily lives for conducting mobile payment transactions, and storing both corporate and personal sensitive data. As a result, unauthorized access to smart devices can result in a catastrophic security breach. Lock screen provides the first line of defense against unauthorized access to smart devices, where users typically use the PIN, the pattern of drawing, or biometric to unlock their devices. Unfortunately, recent studies have revealed that individual unlocking methods are insufficient to prevent unauthorized access to smart devices. In this paper, we aim to increase the security barrier of smart device unlocking. We present the Cp 3 , a combined unlocking framework to achieve highly secure and usable authentication for commodity smart devices. We address several challenges of combing unlocking methods from different modalities, such as the high reliability and low latency. We implement a prototype of our approach based on the Android platform, which selects the fingerPrint authentication, bluetooth transmission Power authentication and facial Pattern verification as our typical Combination for the secure unlocking. We have made the source code of our implementation public 1 1 https://goo.gl/oUwSfZ, Real-world experiments demonstrate the effectiveness of our solution. CP3 achieves 88 % accuracy and 2.88s operation latency, which guarantees both good user experience and high security level compared with existing methods.

Tao Feng,Xi Zhao,Bogdan Carbunar,Weidong Shi

DOI: https://doi.org/10.1109/trustcom.2013.272

2013-01-01

Abstract:Due to the increasing popularity of mobile technologies, sensitive user information is often stored on mobile devices. However, the essential task of mobile user authentication is rendered more challenging by the conflicting requirements of security and usability: usable solutions are often insecure, while secure solutions hinder device accessibility. In this paper we propose TAP (Typing Authentication and Protection), a virtual key typing based authentication system for mobile devices that takes steps toward addressing this tradeoff. TAP transparently enhance the security of the mobile device in two stage, the login stage and the post-login stage. In the login stage, TAP leverages the biometric information embedded in the typing habit and hand morphology to accomplish secure user identity management with a simple password. While in the post-login stage, TAP transparently monitors the user's virtual key dynamics behavior to continuously authenticate the user. We evaluated three user studies which compare authentication performance under different virtual key typing settings, without pressure and haptics feedback, with pressure information, and with both pressure and haptics feedback. The experiments demonstrated our TAP can maintain both security and usability for the mobile system.

Qinggang Yue,Zhen Ling,Benyuan Liu,Xinwen Fu,Wei Zhao

DOI: https://doi.org/10.48550/arXiv.1403.4829

2014-03-19

Abstract:In this paper, we introduce a novel computer vision based attack that discloses inputs on a touch enabled device, while the attacker cannot see any text or popups from a video of the victim tapping on the touch screen. In the attack, we use the optical flow algorithm to identify touching frames where the finger touches the screen surface. We innovatively use intersections of detected edges of the touch screen to derive the homography matrix mapping the touch screen surface in video frames to a reference image of the virtual keyboard. We analyze the shadow formation around the fingertip and use the k-means clustering algorithm to identify touched points. Homography can then map these touched points to keys of the virtual keyboard. Our work is substantially different from existing work. We target password input and are able to achieve a high success rate. We target scenarios like classrooms, conferences and similar gathering places and use a webcam or smartphone camera. In these scenes, single-lens reflex (SLR) cameras and high-end camcorders used in related work will appear suspicious. To defeat such computer vision based attacks, we design, implement and evaluate the Privacy Enhancing Keyboard (PEK) where a randomized virtual keyboard is used to input sensitive information.

Cryptography and Security

Dai Shi,Dan Tao,Jiangtao Wang,Muyan Yao,Zhibo Wang,Houjin Chen,Sumi Helal

DOI: https://doi.org/10.1145/3448080

2021-01-01

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies

Abstract:Pattern lock has been widely used in smartphones as a simple and effective authentication mechanism, which however is shown to be vulnerable to various attacks. In this paper, we design a novel authentication system for more secure pattern unlocking on smartphones. The basic idea is to utilize various behavior information of the user during pattern unlocking as additional authentication fingerprints, so that even if the pattern password is leaked to an attacker, the system remains safe and protected. To accommodate a variety of user contexts by our system, a context-aware module is proposed to distinguish any of such contexts (e.g., body postures when drawing the pattern) and use it to guide the authentication. Moreover, we design a polyline weighted strategy with overlapping based on the consistency of pattern lock, which analyzes the behavior information of the user during the unlock process in a fine-grained manner and takes an overall consideration the results of different polylines. Based on 14,850 samples collected from 77 participants, we have extensively evaluated the proposed system. The results demonstrate that it outperforms state-of-the-art implicit authentication based pattern lock approaches, and that each key module in our system is effective.

Jingchao Sun,Rui Zhang,Jinxue Zhang,Yanchao Zhang

DOI: https://doi.org/10.48550/arXiv.1402.1216

2014-02-06

Abstract:Mobile authentication is indispensable for preventing unauthorized access to multi-touch mobile devices. Existing mobile authentication techniques are often cumbersome to use and also vulnerable to shoulder-surfing and smudge attacks. This paper focuses on designing, implementing, and evaluating TouchIn, a two-factor authentication system on multi-touch mobile devices. TouchIn works by letting a user draw on the touchscreen with one or multiple fingers to unlock his mobile device, and the user is authenticated based on the geometric properties of his drawn curves as well as his behavioral and physiological characteristics. TouchIn allows the user to draw on arbitrary regions on the touchscreen without looking at it. This nice sightless feature makes TouchIn very easy to use and also robust to shoulder-surfing and smudge attacks. Comprehensive experiments on Android devices confirm the high security and usability of TouchIn.

Cryptography and Security

Xiangyu Xu,Jiadi Yu,Yingying Chen,Qin Hua,Yanmin Zhu,Yi-Chao Chen,Minglu Li

DOI: https://doi.org/10.1145/3372224.3380901

2020-01-01

Abstract:With increasing private and sensitive data stored in mobile devices, secure and effective mobile-based user authentication schemes are desired. As the most natural way to contact with mobile devices, finger touches have shown potentials for user authentication. Most existing approaches utilize finger touches as behavioral biometrics for identifying individuals, which are vulnerable to spoofer attacks. To resist attacks for on-touch user authentication on mobile devices, this paper exploits physical characters of touching fingers by investigating active vibration signal transmission through fingers, and we find that physical characters of touching fingers present unique patterns on active vibration signals for different individuals. Based on the observation, we propose a behavior-irrelevant on-touch user authentication system, TouchPass, which leverages active vibration signals on smartphones to extract only physical characters of touching fingers for user identification. TouchPass first extracts features that mix physical characters of touching fingers and behavior biometrics of touching behaviors from vibration signals generated and received by smartphones. Then, we design a Siamese network-based architecture with a specific training sample selection strategy to reconstruct the extracted signal features to behavior-irrelevant features and further build a behavior-irrelevant on-touch user authentication scheme leveraging knowledge distillation. Our extensive experiments validate that TouchPass can accurately authenticate users and defend various attacks.

Man Zhou,Qian Wang,Xiu Lin,Yi Zhao,Peipei Jiang,Qi Li,Chao Shen,Cong Wang

DOI: https://doi.org/10.1109/tdsc.2022.3151889

2022-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:PIN authentication is widely used on mobile devices due to its usability and simplicity. However, it is known to be susceptible to shoulder surfing attacks, where an adversary spies the user’s PIN by direct human observation or camera-based recording. This paper proposes PressPIN, a novel enhanced PIN authenticator on mobile devices by sensing pressures from the user’s finger. Since pressure-sensitive touch screens are unavailable on most phones, we leverage the structure-borne propagation of sounds to estimate the pressure on the screen. When the user inputs the PINs, the pressure is extracted from each number to form the $n$ -bit pressure code, where $n$ corresponds to the length of the PIN sequence. The pressure code is difficult to be inferred by snooping or videotaping, and increases the entropy of passwords. In this way, PressPIN provides a low-cost, user-friendly, and more secure solution resistant to shoulder surfing attacks. Our extensive experiments with 30 participants and three types of smartphones demonstrate that PressPIN can authenticate legitimate users with high accuracy (e.g., as high as 96.7% within two trials), and is robust to various types of attacks (e.g., only 2.5% attack success rate even when the adversary can observe the legitimate user’s PIN sequence and finger pressing clearly). Additionally, PressPIN requires no additional hardware (e.g., the pressure sensor) and can be readily integrated into existing authentication systems of mobile devices.

Yuchen Miao,Chaojie Gu,Zhenyu Yan,Sze Yiu Chau,Rui Tan,Qi Lin,Wen Hu,Shibo He,Jiming Chen

DOI: https://doi.org/10.1145/3596264

2023-01-01

Abstract:Secure device pairing is important to wearables. Existing solutions either degrade usability due to the need of specific actions like shaking, or they lack universality due to the need of dedicated hardware like electrocardiogram sensors. This paper proposes TouchKey, a symmetric key generation scheme that exploits the skin electric potential (SEP) induced by powerline electromagnetic radiation. The SEP is ubiquitously accessible indoors with analog-to-digital converters widely available on Internet of Things devices. Our measurements show that the SEP has high randomness and the SEPs measured at two close locations on the same human body are similar. Extensive experiments show that TouchKey achieves a high key generation rate of 345 bit/s and an average success rate of 99.29%. Under a range of adversary models including active and passive attacks, TouchKey shows a low false acceptance rate of 0.86%, which outperforms existing solutions. Besides, the overall execution time and energy usage are 0.44 s and 2.716 mJ, which make it suitable for resource-constrained devices.

Yu Chen,Yiling He

DOI: https://doi.org/10.48550/arXiv.2305.10791

2023-05-18

Cryptography and Security

Abstract:Fingerprint authentication has been widely adopted on smartphones to complement traditional password authentication, making it a tempting target for attackers. The smartphone industry is fully aware of existing threats, and especially for the presentation attack studied by most prior works, the threats are nearly eliminated by liveness detection and attempt limit. In this paper, we study the seemingly impossible fingerprint brute-force attack on off-the-shelf smartphones and propose a generic attack framework. We implement BrutePrint to automate the attack, that acts as a middleman to bypass attempt limit and hijack fingerprint images. Specifically, the bypassing exploits two zero-day vulnerabilities in smartphone fingerprint authentication (SFA) framework, and the hijacking leverages the simplicity of SPI protocol. Moreover, we consider a practical cross-device attack scenario and tackle the liveness and matching problems with neural style transfer (NST). We also propose a method based on neural style transfer to generate valid brute-forcing inputs from arbitrary fingerprint images. A case study shows that we always bypasses liveness detection and attempt limit while 71% spoofs are accepted. We evaluate BrutePrint on 10 representative smartphones from top-5 vendors and 3 typical types of applications involving screen lock, payment, and privacy. As all of them are vulnerable to some extent, fingerprint brute-force attack is validated on on all devices except iPhone, where the shortest time to unlock the smartphone without prior knowledge about the victim is estimated at 40 minutes. Furthermore, we suggest software and hardware mitigation measures.