Abstract
Abstract
This paper deals with a well-known problem in the area of the smudge attacks: when a user draws a pattern to unlock the pattern lock on a smartphone screen, pattern extraction sometimes becomes difficult owing to the existence of the oily residuals around it. This is because the phone screen becomes obscured by these residuals, which significantly lower the guess rate of the pattern lock. To address this, this paper proposes a novel attack method based on a Convolutional Neural Network (CNN). CNNs are known to exhibit high accuracy in image classification. However, using only CNNs for the attack is not sufficient, because there are 389,112 possible patterns, and training the CNN for all the cases is difficult. We therefore propose two ideas to overcome the aforementioned problem. The first one is the application of ’Screen Segmentation,’ where we divide the screen into four segments to reduce the number of possible patterns to 1470 in each segment. The second is the use of pruning rules, which reduces the number of total pattern cases by combining the patterns in each segment. Furthermore, by applying the Android pattern lock constraints, we reduce the number of possible patterns. To validate the proposed idea, we collected 3500 image data by photographing the screen of Android smartphones and generated 367,500 image data based on their possible combinations. Using those data sets, we conducted an experiment whereby we investigated the success rate of our attack in various situations, dealing with different pattern lock lengths and type of prior application usage. The result shows that up to a pattern lock length of seven, the proposed method has on an average, 79% success rate, which is meaningful result in smudge attacks. In addition, in an ideal case where only the actual pattern lock is entered, without oily residuals, the proposed scheme supports an even higher performance, i.e., a 93% successful guess rate on an average.
- 1. Number of Smartphone Users in Advanced and Emerging Economies . https://www.oberlo.com/statistics/how-many-people-have-smartphones. [Online; Accessed 06 Dec 2019]Google Scholar
- 2. Managing Information Security Risks: The OCTAVE Approach2002BostonAddison-Wesley Longman Publishing Co., Inc.Google Scholar
Digital Library
- 3. Pass-go: a proposal to improve the usability of graphical passwordsIJ Netw. Sec.200872273Google Scholar
- 4. Van Bruggen, D.: Studying the impact of security awareness efforts on user behavior. Ph.D. thesis, University of Notre Dame (2014)Google Scholar
- 5. Smudge attacks on smartphone touch screensWoot2010101Google Scholar
Digital Library
- 6. Cha, S., Kwag, S., Kim, H., Huh, J.H.: Boosting the guessing attack performance on android lock patterns with smudge attacks, In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (ACM, 2017), pp. 313–326 (2017)Google Scholar
- 7. Complexity metrics and user strength perceptions of the pattern-lock graphical authentication methodInternational Conference on Human Aspects of Information Security, Privacy, and Trust2014New YorkSpringer11512610.1007/978-3-319-07620-1_11Google Scholar
Digital Library
- 8. Corning. Mobile users can’t leave their phone alone for six minutes and check it up to 150 times a day. https://www.dailymail.co.uk/news/article-2276752/Mobile-users-leave-phone-minutes-check-150-times-day.html (2013). [Online; Accessed 21 Dec 2020]Google Scholar
- 9. Andriotis, P., Tryfonas, T., Oikonomou, G., Yildiz, C.: A pilot study on the security of pattern screen-lock methods and soft side channel attacks. In: Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp 1–6. ACM, New York (2013)Google Scholar
- 10. Backpropagation applied to handwritten zip code recognitionNeural Comput.19891454110.1162/neco.1989.1.4.541Google Scholar
Digital Library
- 11. Hierarchical Neural Networks for Image Interpretation2003New YorkSpringer10.1007/b11963Google Scholar
- 12. He, K., Zhang, X., Ren, S., Sun, J.: Identity mappings in deep residual networks. In: European Conference on Computer Vision, pp. 630–645. Springer, New York (2016)Google Scholar
- 13. Huang, G., Liu, Z., Van Der Maaten, L., Weinberger, K.Q.: Densely connected convolutional networks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 4700–4708 (2017)Google Scholar
- 14. Efficient classification for multiclass problems using modular neural networksIEEE Trans. Neural Netw.19956111710.1109/72.363444Google Scholar
Digital Library
- 15. Reducing multiclass to binary: a unifying approach for margin classifiersJ. Mach. Learn. Res.20001Dec11318840921013.68175Google Scholar
- 16. Multi-label classification: an overviewInt. J. Data Warehous. Min. (IJDWM)200733110.4018/jdwm.2007070101Google Scholar
Cross Ref
- 17. Lee, H., Kim, S., Kwon, T.: Here is your fingerprint!: Actual risk versus user perception of latent fingerprints and smudges remaining on smartphones. In: Proceedings of the 33rd Annual Computer Security Applications Conference, pp. 512–527. ACM (2017)Google Scholar
- 18. Corning. Corning Gorilla Glass 6 Production Information Sheet. https://www.corning.com/microsites/csm/gorillaglass/PI_Sheets/2020/Corning%20Gorilla%20Glass%206_PI%20Sheet.pdf (2018). [Online; Accessed 15 Oct 2020]Google Scholar
- 19. Liaro, S.: Why your brand-new smartphone will scratch just as easily as your old one? https://www.theverge.com/circuitbreaker/2018/10/19/17514174/gorilla-glass-scratch-resistance-google-pixel-3- samsung-galaxy-s9-note (2018). [Online; Accessed 15 Oct 2020]Google Scholar
- 20. Brookes, T.: How to protect and restore your smartphone’s oleophobic coating. https://www.howtogeek.com/662731/how-to-protect-and-restore-your-smartphones- oleophobic-coating/ (2020). [Online; Accessed 15 Oct 2020]Google Scholar
- 21. Amazon Web Service. https://aws.amazon.com/. [Online; Accessed 15 Nov 2019]Google Scholar
- 22. Python Library Opencv. https://pypi.org/project/opencv-python/. [Online; Accessed 15 Nov 2019]Google Scholar
- 23. Python Library Keras. https://www.tensorflow.org/guide/keras. [Online; Accessed 15 Nov 2019]Google Scholar
- 24. Mobile device security. https://www.channelpronetwork.com/article/mobile-device-security-startling-statistics-data -loss-and-data-breaches. [Online; Accessed 15 Nov 2019]Google Scholar
- 25. Smartphone theft vulnerability. https://slate.com/technology/2014/12/smartphone-theft-is-a-big-problem-says-fccs -subcommittee-on-mobile-device-theft-prevention.html. [Online; Accessed 15 Nov 2019]Google Scholar
- 26. A design and implementation of mobile application usage pattern analysis systemJ. Korea Instit. Inf. Commun. Eng.2014189227210.6109/jkiice.2014.18.9.2272Google Scholar
- 27. Ling, C.X., Huang, J., Zhang, H.: Auc: a better measure than accuracy in comparing learning algorithms. In: Conference of the Canadian Society for Computational Studies of Intelligence, pp. 329–341. Springer, New York (2003)Google Scholar
- 28. Liu, Y., Liu, J., Lin, Z., Luo, X., Duan, J.: I know it’s you: Touch behavioral characteristics recognition on smartphone based on pattern password., In PACIS, p. 118 (2015)Google Scholar
- 29. Aviv, A.J., Maguire, J., Prak, J.L.: Analyzing the impact of collection methods and demographics for android’s pattern unlock. In: Proceedings of the Workshop on Usable Security (USEC). Internet Society (2016)Google Scholar
- 30. Ye, G., Tang, Z., Fang, D., Chen, X.,. Kim, K.I, Taylor, B., Wang, Z.: Cracking android pattern lock in five attempts. In: Proceedings of the 2017 Network and Distributed System Security Symposium 2017 (NDSS 17) (Internet Society, 2017) (2017)Google Scholar
- 31. Harbach, M., Von Zezschwitz, E., Fichtner, A., De Luca, A., Smith, M.: It’s a hard lock life: A field study of smartphone (un) locking behavior and risk perception. In: Proceedings of the 10th Symposium on Usable Privacy and Security, pp. 213–230. SOUPS (2014)Google Scholar
- 32. Andriotis, P., Tryfonas, T., Yu, Z.: Poster: breaking the android pattern lock screen with neural networks and smudge attacks. In: Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec’14) (2014)Google Scholar
- 33. Aviv, A.J., Budzitowski, D., Kuber, R.: Is bigger better? comparing user-generated passwords on 3 3 vs. 4 4 grid sizes for android’s pattern unlock. In: Proceedings of the 31st Annual Computer Security Applications Conference, pp. 301–310. ACM (2015)Google Scholar
- 34. Tinylock: Affordable defense against smudge attacks on smartphone pattern lock systemsComput. Sec.20144213710.1016/j.cose.2013.12.001Google Scholar
Cross Ref
- 35. Shoulder-surfing resistant authentication using pass pattern of pattern lockIEICE Trans. Inf. Syst.201810114510.1587/transinf.2017MUP0012Google Scholar
- 36. Intelligent Systems Technologies and Applications2016New YorkSpringer233110.1007/978-3-319-23258-4_3Google Scholar
Cross Ref
- 37. Clickpattern: a pattern lock system resilient to smudge and side-channel attacks.JoWUA20178264Google Scholar
- 38. Smudge-based smart device fingerprint authentication attack studyJ. Korea Instit. Inf. Sec. Cryptol.20182851113Google Scholar
- 39. Abdelrahman, Y., Khamis, M., Schneegass, S., Alt, F.: Stay cool! understanding thermal attacks on mobile-based user authentication. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 3751–3763. ACM (2017)Google Scholar
Index Terms
- A new smart smudge attack using CNN
Recommendations
Boosting the Guessing Attack Performance on Android Lock Patterns with Smudge Attacks
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications SecurityAndroid allows 20 consecutive fail attempts on unlocking a device. This makes it difficult for pure guessing attacks to crack user patterns on a stolen device before it permanently locks itself. We investigate the effectiveness of combining Markov model-...
Enhancing Smartphone Lock Security using Vibration Enabled Randomly Positioned Numbers
ICCA 2020: Proceedings of the International Conference on Computing AdvancementsIn this age of information, we can't think a day without our cell phone which is a very important component in storing data which is mostly personal. In recent times we are using E-banking, E-shopping and personal messaging photo sharing, we use many ...
Investigation of E-voting system using face recognition using convolutional neural network (CNN)
AbstractAn Election is a method of selection of individuals to hold the public office in democracy. Ballot is basically a piece of paper that is used to cast vote during election. In ballot paper voting system each voter uses a ballot paper ...
Highlights- The Election is a method of selection of individuals to hold the public office in democracy.




Comments