Adam J. Aviv
ABSTRACT
Touch screens are an increasingly common feature on personal computing devices, especially smartphones, where size and user interface advantages accrue from consolidating multiple hardware components (keyboard, number pad, etc.) into a single software definable user interface. Oily residues, or smudges, on the touch screen surface, are one side effect of touches from which frequently used patterns such as a graphical password might be inferred.
In this paper we examine the feasibility of such smudge attacks on touch screens for smartphones, and focus our analysis on the Android password pattern. We first investigate the conditions (e.g., lighting and camera orientation) under which smudges are easily extracted. In the vast majority of settings, partial or complete patterns are easily retrieved. We also emulate usage situations that interfere with pattern identification, and show that pattern smudges continue to be recognizable. Finally, we provide a preliminary analysis of applying the information learned in a smudge attack to guessing an Android password pattern.
- Android 2.2 platform highlights. http:// developer.android.com/sdk/android-2.2- highlights.html.Google Scholar
- D. Davis, F. Monrose, and M. K. Reiter. On user choice in graphical password schemes. In USENIX Sec'04, 2004. Google ScholarDigital Library
- A. M. DeAlvare. A framework for password selection. In UNIX Security Workshop II, 1998.Google Scholar
- H. Gao, X. Guo, X. Chen, L. Wang, and X. Liu. Yagp: Yet another graphical password strategy. Computer Security Applications Conference, Annual, 0:121-129, 2008. Google ScholarDigital Library
- S. Gutta, J. R. Huang, H. Wechsler, and B. Takacs. Automated face recognition. volume 2938, pages 20-30. SPIE, 1997.Google Scholar
- D. L. Hall and J. Llinas. An introduction to multisensory data fusion. Proc. IEEE, 85(1), January 1997.Google Scholar
- F. Hunter and P. Fuqua. Light: Science and Magic: An Introduction to Photographic Lighting. Focal Press, 1997.Google Scholar
- S. Impedovo, L. Ottaviano, and S. Occhinegro. Optical character recognition - a survey. International Journal of Pattern Recognition and Artificial Intelligence (IJPRAI), 5(1-2):1-24, 1991.Google Scholar
- R. Jenkins and A. Burton. 100% accuracy in automatic face recognition. Science, 319(5862):435, January 2008.Google Scholar
- I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A. D. Rubin. The design and analysis of graphical passwords. In USENIX Sec'99, pages 1-1, Berkeley, CA, USA, 1999. USENIX Association. Google ScholarDigital Library
- D. V. Klein. Foiling the cracker: A survey of, and improvements to, password security. In USENIX Sec'90, 1990.Google Scholar
- B. Laxton, K. Wang, and S. Savage. Reconsidering physical key secrecy: Teleduplication via optical decoding. In CCS, October 2008. Google ScholarDigital Library
- J. Mantas. An overview of character recognition methodologies. Pattern Recognition, 19(6):425-430, 1986.Google ScholarCross Ref
- S. Mori, H. Nishida, and H. Yamada. Optical Character Recognition. John Wiley & Sons, Inc., New York, NY, USA, 1999. Google ScholarDigital Library
- R. Morris and K. Thompson. Password security: a case history. Communications of the ACM, 22(11):594-597, 1979. Google ScholarDigital Library
- K. Renaud and A. D. Angeli. Visual passwords: Cure-all or snake-oil. Communications of the ACM, 52(12):135-140, December 2009. Google ScholarDigital Library
- J. Thorpe and P. van Oorschot. Graphical dictionaries and the memorable sapce of graphical passwords. In USENIX Sec'04, August 2004. Google ScholarDigital Library
- J. Thorpe and P. C. van Oorschot. Human-seeded attacks and exploiting hot-spots in graphical passwords. In USENIX Sec'07, 2007. Google ScholarDigital Library
- M. Zalewski. Cracking safes with thermal imaging, 2005. http://lcamtuf.coredump.cx/tsafe/.Google Scholar
Recommendations
Keyboard with tactile feedback on smartphone touch screen
AVI '18: Proceedings of the 2018 International Conference on Advanced Visual InterfacesPressing buttons on a smartphone touch screen is difficult if you are not looking at the screen. We developed a numerical keyboard that provides a tactile feedback using phone short vibrations. The feedback is provided both when the user swipes the ...
Tactile interfaces for small touch screens
UIST '03: Proceedings of the 16th annual ACM symposium on User interface software and technologyWe present the design, implementation, and informal evaluation of tactile interfaces for small touch screens used in mobile devices. We embedded a tactile apparatus in a Sony PDA touch screen and enhanced its basic GUI elements with tactile feedback. ...
Direct manipulation video navigation on touch screens
MobileHCI '14: Proceedings of the 16th international conference on Human-computer interaction with mobile devices & servicesDirect Manipulation Video Navigation (DMVN) systems allow a user to directly drag an object of interest along its motion trajectory and have been shown effective for space-centric video browsing tasks. This paper designs touch-based interface techniques ...
Comments