Current Concerns and the Promise of Grip Gestures Phani Soumya Inguva, Urban Jaklin, Krishna Sindhuja Kalusani, Christian Merchant.

Slides:

Advertisements

Similar presentations

Unit 1 Living in the Digital WorldChapter 2 Which devices should we take? This presentation will cover the following topic: Which devices should we take?

Advertisements

Technical Issues Regarding Near Field Communication Group 16 Tyler Swofford Matthew Kotan.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

SMARTCARDS. What we’ll cover: How does the Smart Card work (layout and operating system)? Security issues for the card holder The present and future of.

Secure Public Instant Messaging (IM): A Survey Mohammad Mannan Paul C. Van Oorschot Digital Security Group School of Computer Science Carleton University,

Topic 6 – Wireless Technology and handheld devices 1)TechMed scenario covers The uses of wireless technologies and handheld devices In the scenario: “Some.

Presented by: Arpit Jain Guided by: Prof. D.B. Phatak.

Introduction Our Topic: Mobile Security Why is mobile security important?

Information Systems Security for the Special Educator MGMT 636 – Information Systems Security.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

1 Introduction to Security Chapter 11 Information Technology (IT) Security.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

GRAPHICAL PASSWORD AUTHENTICATION PRESENTED BY SUDEEP KUMAR PATRA REGD NO Under the guidance of Mrs. Chinmayee Behera.

On the Security of Picture Gesture Authentication Ziming Zhao †‡, Gail-Joon Ahn †‡, Jeong-Jin Seo †, Hongxin Hu § † Arizona State University ‡ GFS Technology.

Biometric User Authentication on Mobile Devices through Gameplay REU fellow: Kirsten Giesbrecht 1, Faculty mentor: Dr. Jonathan Voris 2 Affiliation: 1.Centre.

IT’s private. Ofcom report 80% of UK homes have access to the Internet 76% of UK homes have broadband 40% of UK adults use a smartphone Image by: VEER/Corina.

Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012 Near Field Communication: Experiments with Android Michael Humphries.

Issues in Information Systems Research & Research Methods IL IM Assistant Professor Information Systems Department New Jersey Institute of Technology

Specification section 6.2. What do you need to learn? The application and advantages/disadvantages of the following digital media and new technology in.

Android-Stego: A Novel Service Provider Imperceptible MMS Steganography Technique Robust to Message Loss Authors: Avinash Srinivasan, Jie Wu, and Justin.

3D password Umesh ECE.

BY CHEN YEAH TECK Image-Based Authentication for Mobile Phones: Performance and User Opinions Source: Slippery Brick (2006)

© 2009 Research In Motion Limited Advanced Java Application Development for the BlackBerry Smartphone Trainer name Date.

Specialist communication channel. Sarah-Jane king.

Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.

A Look To The Future Next-Generation User Interfaces By: John Garcia.

06/02/06 Workshop on knowledge sharing using the new WWW tools May 30 – June 2, 2006 GROUP Presentation Group 5 Group Members Ambrose Ruyooka Emmanuel.

Focus On Bluetooth Security Presented by Kanij Fatema Sharme.

1.Research Motivation 2.Existing Techniques 3.Proposed Technique 4.Limitations 5.Conclusion.

Security Issues in Distributed Sensor Networks Yi Sun Department of Computer Science and Electrical Engineering University of Maryland, Baltimore County.

Authentication Lesson Introduction ●Understand the importance of authentication ●Learn how authentication can be implemented ●Understand threats to authentication.

Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.

Secure Unlocking of Mobile Touch Screen Devices by Simple Gestures – You can see it but you can not do it Muhammad Shahzad, Alex X. Liu Michigan State.

1 Data Access Control, Password Policy and Authentication Methods for Online Bank Md. Mahbubur Rahman Alam B. Sc. (Statistics) Dhaka University M. Sc.

Shuffle A Number For Every Occasion getshuffle.com.

A Design of Electronic Payment Authentication Method based on NFC Smartphone Seolhwa Han, Okkyung Choi*, Kangseok Kim, Hongjin Yeh, Taesik Shon Dept. of.

1.Accelerometer:Accelerometer in an iPhone. Definition: An accelerometer is a sensor which measures the tilting motion and orientation of a mobile phone.

Physical security By Ola Abd el-latif Abbass Hassan.

Unit 32 – Networked Systems Security

How to hack into mobile phones via bluetooth & How to Hack Wireless Internet Connections in 3 Easy Steps PresentedBy Pradosh H.S.

Mobile Device Security Threats Christina Blakley Host Computer Security.

Computer Security Set of slides 8 Dr Alexei Vernitski.

Definition s a set of actions taken to prevent or minimize adverse consequences to assets an entity of importance a weakness in the security system to.

What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources Literature by S. Demetriou et al. Presented.

An Introduction to Biometrics

AUTOMATING HOME SECURITY RYAN C. KRAUSE. BACKGROUND: HOME SECURITY Many providers including, self-building kits ADT, Gaurdian, Xfinity, LifeShield, Protection.

Identification (User Authentication). Model Alice wishes to prove to Bob her identity in order to access a resource, obtain a service etc. Bob may ask.

WELCOME Mobile Applications Testing

On Community-based Authentication Factor

A device tat transfers data from the outside world into a computer

Smart Homes & Buildings.

Authentication Schemes for Session Passwords using Color and Images

Information and Network Security

Mobile Payment Protocol 3D by Using Cloud Messaging

How to Secure Facebook Using Norton. If you are Norton customers and holds a Facebook account, this is how you can secure your account in few simple steps:

The security and vulnerabilities of IoT devices

Internet of Things Vulnerabilities

Anindya Maiti, Murtuza Jadliwala, Jibo He Igor Bilogrevic

NEW PRODUCT INTRODUCTION CONEKT™ Mobile Smartphone Access Control Identification Solution June 2018.

Module 2 OBJECTIVE 14: Compare various security mechanisms.

COEN 351 Authentication.

Mobile Commerce and Ubiquitous Computing

IoT: Privacy and Security

The pitfalls of address randomization in wireless networks

The pitfalls of address randomization in wireless networks

Presentation transcript:

Current Concerns and the Promise of Grip Gestures Phani Soumya Inguva, Urban Jaklin, Krishna Sindhuja Kalusani, Christian Merchant

 Android is dominant in smartphone market  “97 percent of all mobile malware is targeting Android”  “eerily similar to the ramp-up with Windows”  Numbers only increasing: “new threats are nearly quadrupling year-over-year.” (between 2012 and 2013 stats) [9]

 Android “bloatware” (pre-installed by vendors) can cause approximately 60% of the device’s vulnerability issues [13]  In October 2015, reported that over 95% of Android phones can be hacked with MMS message [4]  User authentication for mobile devices remains a prevalent issue as well

 Traditional Multi-factor User Authentication  Something you know (such as a password)  Something you have (such as a smart card)  Something you are (such as a fingerprint or other biometric method)  The problem is… Mobile Users mostly prefer usability to security [2]  To that end, the popularity of smartphones have given rise to the ubiquity of graphical pattern password entry as a valid password

 Aviv, et al. have shown that “smudges” can compromise Android 3x3 graphical login security measures.  Contact point restrictions on the Android graphical login framework limit the security pattern sample space to ~389,000 possibilities down from over 1,000,000 with a truly random ordering.  Pattern was partially identifiable in 92%, fully in 68% of the tested lighting and camera setups. Even in sub-optimal entry conditions, the pattern can be partially extracted in 37% of the setups and fully in 14% of them. [3] Credit: PCWorld

 Graphical password schemes exhibit low-entropy patterns as a result of biased human behavior  Such behavior opens the user for dictionary attacks.  In 20% of cases, Android graphical passwords are less secure than a three digit assigned PIN number.  The experimentation finds that fewer than 300 patterns could account for about 50% of the experiment survey population. [11]

 Graphical patterns are more susceptible to shoulder surfing than text based attacks  Proposed solution, implemented by Ali, et al. [1]  What is wrong with all of these solutions so far in the literature?

Credit: zte.com

Credit: JapanBullet.com

Credit: Mortensen

1.Eyes, grip and gesture together are used to identify user’s intention (consider psyops) [7] 2.Maybe for attendance monitoring in class.

3.Maybe for unlocking home doors. 4.WorldKit system  a user performs a swipe gesture on a table or couch surface and instantiates interactors for controlling devices in the living room. [10]

 The idea of using pressure sensors in vehicles has become a much discussed (and patented) idea recently. [5]  Google, has also applied for a patent on a version of this idea [6]  Context has been suggested as applicable to semi-autonomous vehicles Credit: Guttersberg Consulting GmbH

 Bluetooth is a radio frequency specification for short range point to point/multipoint voice and data transfer.  Bluetooth provides a universal low cost and user friendly communication but had been facing vulnerabilities.  The vulnerabilities include eavesdropping and impersonation causing Denial of Service (DoS), relay attacks and creation of Backdoors.  Bluetooth needed to sophisticate the security requirements by including techniques like authorisation, authentication & encryption.  Bluetooth command and control channel - No Authentication and Authorisation required. [9] Credit: Lacklustre.net

 There is no centralised trusted third party for a wireless network.  User authentication becomes harder  Authentication must go across a network without being cracked. Credit: Dreamstime.com Credit: Lincoln.com

 The discussed concept of grip gestures collaborated with the pressure sensors in automobiles is the inspiration to propose our solution.  The proposed solution of grip gestures shouldn’t be mistaken with biometric authentication.  Here we use the pressure one applies while holding the steering wheel.  The sense is used to authenticate the user to connect his phone to the bluetooth in the vehicle.  The steering wheel would have 5 different positions which sense the pressure and used to authenticate the user.  Pressure from one’s hand is distinctive. Bluetooth + User Authentication Grip Gestures on Steering wheel Innovative Solutions Calls for

 User authentication is an important aspect relating to bluetooth  Improper usage in cars where the bluetooth is paired with a mobile device could lead to access of one’s personal data  We propose the usage of grip authentication technique in the cars using the car’s steering wheel  Technique is safe, innovative and should satisfy our requirement  i.e, providing trustworthy access to one’s bluetooth data.

Credit: abbeycentre.ie

Credit: mrmediatraining.com

[1] M. Ali, et al., “Protecting mobile users from visual privacy attacks,” In Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct Publication(UbiComp '14 Adjunct). ACM, New York, NY, USA, 1-4, 2014 [2] P. Andriotis et al., "A study on usability and security features of the Android pattern lock screen", Information & Computer Security, Vol. 24 Iss 1 pp , [3] A. Aviv et al., "Smudge Attacks on Smartphone Touch Screens," in USENIX Workshop on Offensive Technologies, [4] L. Constantin, “Most Android phones can be hacked with a simple MMS message or multimedia file,” PCWorld, Jul 27, [5] B. Coxworth. (2015, July 10). Smart steering wheel detects driver drowsiness [Online magazine], Available: drowsiness/38405/ drowsiness/38405/ [6] J. Lisseman, “Steering wheel with hand pressure sensing,” U.S. Patent AI, Oct 6, [7] D. H. Mortensen, “Eyes, grip and gesture as objective indicators of intentions and attention,” in ACM international conference adjnct papers on Ubiquitous computing, New York, NY, 2010, p [8] K. Murao, “Mobile Phone User Authentication with Grip Gestures using Pressure Sensors,” in Proceedings of the 12 th International Conference on Advances in Mobile Computing and Multimedia, New York, NY, [9] H. Pieterse and M. Olivier, “Bluetooth Command and Control Channel,” Computers & Security 45 (2014), p , June [10] D. Reisinger, “Android Security A Glaring Problem: 10 Reasons Why,” Eweek (2014), p. 1., Mar 25, [11] T. Smirnova, “Grippo: Using Grip Gestures to Repurpose Everyday Objects as Controllers,” M.S. thesis, Comp Sci, Dept., RWTH Aachen University, [12] S. Uellenbeck et al., "Quantifying the Security of Graphical Passwords: The Case of Android Unlock Patterns," in Proceedings of the 2013 ACM SIGSAC Conference of Computer & Communications Security, New York, NY, [13] T. R. Weiss, “Android Phones’ Fingerprint Sensors Vulnerable to Hackers,” Eweek (2015), p.1, Aug 9, [14] L. Wu et al., “The Impact of Vendor Customizations on Android Security” in ACM Conference on Computer and Communications Security, Berlin, Germany, 2013.