Stay Cool! Understanding Thermal Attacks on Mobile-based User Authentication

被引：71

作者：

Abdelrahman, Yomna ^{[1
]}

Khamis, Mohamed ^{[2
]}

Schneegass, Stefan ^{[1
]}

Alt, Florian ^{[2
]}

机构：

[1] Univ Stuttgart, HCI Grp, Stuttgart, Germany

[2] Ludwig Maximilians Univ Munchen, Ubiquitous Interact Syst Grp, Munich, Germany

来源：

PROCEEDINGS OF THE 2017 ACM SIGCHI CONFERENCE ON HUMAN FACTORS IN COMPUTING SYSTEMS (CHI'17) | 2017年

基金：

欧洲研究理事会;

关键词：

Thermal Imaging; Mobile Authentication; TouchScreens;

D O I：

10.1145/3025453.3025461

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

PINs and patterns remain among the most widely used knowledge-based authentication schemes. As thermal cameras become ubiquitous and affordable, we foresee a new form of threat to user privacy on mobile devices. Thermal cameras allow performing thermal attacks, where heat traces, resulting from authentication, can be used to reconstruct passwords. In this work we investigate in details the viability of exploiting thermal imaging to infer PINs and patterns on mobile devices. We present a study (N = 18) where we evaluated how properties of PINs and patterns influence their thermal attacks resistance. We found that thermal attacks are indeed viable on mobile devices; overlapping patterns significantly decrease successful thermal attack rate from 100% to 16.67%, while PINs remain vulnerable (>72% success rate) even with duplicate digits. We conclude by recommendations for users and designers of authentication schemes on how to resist thermal attacks.

引用

页码：3751 / 3763

页数：13

共 52 条

[1] Investigation of Material Properties for Thermal Imaging-Based Interaction
Abdelrahman, Yomna
Shirazi, Alireza Sahami
Henze, Niels
Schmidt, Albrecht
[J]. CHI 2015: PROCEEDINGS OF THE 33RD ANNUAL CHI CONFERENCE ON HUMAN FACTORS IN COMPUTING SYSTEMS, 2015, : 15 - 18
[2] Alt F., 2015, P 17 INT C HUMAN COM, P316
[3] Alt Florian, 2016, P 15 INT C MOB UB MU
[4] Andriotis P., 2013, Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks, P1, DOI DOI 10.1145/2462096.2462098
[5] [Anonymous], P 28 ANN ACM S US IN
[6] Aviv AJ., 2010, P 4 USENIX C OFF TEC, V10, P1
[7] Bianchi Andrea, 2011, Haptic and Audio Interaction Design. Proceedings 6th International Workshop, HAID 2011, P81, DOI 10.1007/978-3-642-22950-3_9
[8] BIANCHI A, 2011, P 5 INT C TANG EMB E, P197
[9] Counting clicks and beeps: Exploring numerosity based haptic and audio PIN entry
Bianchi, Andrea
Oakley, Ian
Kwon, Dong Soo
[J]. INTERACTING WITH COMPUTERS, 2012, 24 (05) : 409 - 422
[10] Bulling A., 2012, P SIGCHI C HUM FACT, P3011, DOI DOI 10.1145/2207676.2208712

← 1 2 3 4 5 6 →