Presented by: Tom Staley. About Paper by Emiliano Miluzzo Alexander Varshavsky Suhrid Balakrishnan Romit Roy Choudhury Originally presented at MobiSys2012,

Slides:

Advertisements

Similar presentations

Security for Mobile Devices

Advertisements

Setting Up and Using Your GENCom Mobile Client for iPad

You Sale Distribution & Monitoring Product. It’s Only One Step … Take it Agenda  Introduction to Mass Distribution Environment  System Overview  System.

Data Mining Classification: Alternative Techniques

6218 Mobile Devices- Are They Secure Enough for our Patient's Data? Presented By Aaron Hendriks, CISSP Other: Employee of University Health Network, Toronto,

The purpose of this PowerPoint presentation, is to help the user make the connection between a SmartPhone (iPhone or Droid) and software games written.

Single-stroke Language-Agnostic Keylogging using Stereo-Microphones and Domain Specific Machine Learning Sashank Narain Amirali Sanatinia Guevara.

Tom Parker Project Manager Identity Management Team IT Security Group.

PAYware Mobile Android Comparison June Discussion Topics Obtaining the App PAYware Mobile App.

IPhone vs. the Ocean vs. Upstage vs.… CTIA Wireless 2007: iPhone casts shadow over competition.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

SPAM DETECTION USING MACHINE LEARNING Lydia Song, Lauren Steimle, Xiaoxiao Xu.

 The Weka The Weka is an well known bird of New Zealand..  W(aikato) E(nvironment) for K(nowlegde) A(nalysis)  Developed by the University of Waikato.

Presented by: Z.G. Huang May 04, 2011 Did You See Bob? Human Localization using Mobile Phones Romit Roy Choudhury Duke University Durham, NC, USA Ionut.

Introduction Our Topic: Mobile Security Why is mobile security important?

Signatures As Threats to Privacy Brian Neil Levine Assistant Professor Dept. of Computer Science UMass Amherst.

A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.

Shu Chen,Yan Huang Department of Computer Science & Engineering University of North Texas Denton, TX 76207, USA Recognizing Human Activities from Multi-Modal.

July 25, 2010 SensorKDD Activity Recognition Using Cell Phone Accelerometers Jennifer Kwapisz, Gary Weiss, Samuel Moore Department of Computer &

ANALYTICS BUSINESS INTELLIGENCE SOFTWARE STATISTICS Kreara Solutions | 9 years | 60 members | ISO 9001:2008.

Using Mobile Phones To Write In Air

TEMPLATE DESIGN © Detecting User Activities Using the Accelerometer on Android Smartphones Sauvik Das, Supervisor: Adrian.

Presented by: Tom Staley. Introduction Rising security concerns in the smartphone app community Use of private data: Passwords Financial records GPS locations.

TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion Liang Cai and Hao Chen UC Davis.

AUTHORS: ASAF SHABTAI, URI KANONOV, YUVAL ELOVICI, CHANAN GLEZER, AND YAEL WEISS "ANDROMALY": A BEHAVIORAL MALWARE DETECTION FRAMEWORK FOR ANDROID.

Julien Freudiger, PARC (A Xerox Company)

25th District Assembly 2015 – Save the Trees | 1.

TapPrints: Your Finger Taps Have Fingerprints Emiliano Miluzzo*, Alex Varshavsky*, Suhrid Balakrishnan*, Romit R. Choudhury + * at&t Labs – Research, USA.

2014 CCSA Mobile Conference App To Download the App: Search “confservices” in the app store available on your device App will prompt you for an event.

Using Mobile Phones to Write in Air

The Online Activity Module User Account and Contact Us June 5, 2013.

Apple Pay Breakfast briefing 6 October Apple Pay now accepted In store In-app purchases Transport for London.

Influence of Mobile Devices on Password Composition and Authentication Performance Paper by: Emanuel von Zezschwitz, University of Munich, Germany Alexander.

By Gianluca Stringhini, Christopher Kruegel and Giovanni Vigna Presented By Awrad Mohammed Ali 1.

The Second Life of a Sensor: Integrating Real-World Experience in Virtual Worlds using Mobile Phones Mirco Musolesi, Emiliano Miluzzo, Nicholas D. Lane,

Apple Pay Breakfast briefing 6 October Apple Pay now accepted In store In-app purchases Transport for London.

ITunes Setup without Credit Card. This tutorial is for those wanting to setup a new iTunes account with Apple Inc. without using a credit card. From the.

Computers and the Internet Chromebook Booklet 1. What is a Chromebook? A Chromebook is a computer.

Srinivas Cheekati( ) Instructor: Dr. Dong-Chul Kim

It’s your birthday!!! Practice with Decision Structures and Random Generator.

Wireless and Mobile Security

How Your Customers Will Pay Online & by Phone

PAYware Mobile Android Comparison June 2013 For Internal Use Only.

Borja Sanz, Igor Santos, Carlos Laorden, Xabier Ugarte-Pedrero and Pablo Garcia Bringas The 9th Annual IEEE Consumer Communications and Networking Conference.

A Framework for Detection and Measurement of Phishing Attacks Reporter: Li, Fong Ruei National Taiwan University of Science and Technology 2/25/2016 Slide.

Hardware/Software Basics Test Get out your DIY Test Review.

 Using Touchloggers To Build User Profiles Through Machine Learning Craig Dezangle.

Intro to Digital Technology Review for Final Introduction to Digital Technology Finals Seniors Monday, 5/16 – 2 nd Tuesday 5/17 – 1 st,3 rd Underclassmen.

TABLET PC WILL BE THE FUTURE OF COMPUTER GROUP MEMBERS Shafia Nadeem Syed Muhammad Talha Muhammad Shehriyar Khan Sana Farooq Muhammad Omair.

Mobile phone sensors. Sensors Sensors gyroscope The gyroscope is a sensor that can provide orientation information as well. This sensor can tell how.

Office 2016 and Windows 10: Essential Concepts and Skills

Soteris Demetriou, Whitney Merrill, Wei Yang, Aston Zhang and Carl A

Thanks for being a Hero Customer!

Technical Steps to Install Norton Mobile Security on Android Phone.

AI emerging trend in QA Sanjeev Kumar Jha, Senior Consultant

How To Remove Gmail Account From Android And IOS Device.

Mobile Sensor-Based Biometrics Using Common Daily Activities

ONE® Pages Training Presentation

Chao Xu, Parth H. Pathak, et al. HotMobile’15

Unit 1.6 Systems security Lesson 4

Anindya Maiti, Murtuza Jadliwala, Jibo He Igor Bilogrevic

Practice with Decision Structures

Xin Qi, Matthew Keally, Gang Zhou, Yantao Li, Zhen Ren

Clemson For iOS Devices and Wi-Fi Setup

This presentation document has been prepared by Vault Intelligence Limited (“Vault") and is intended for off line demonstration, presentation and educational.

David Berend, Dr. Shivam Bhasin, Dr. Bernhard Jungk

6. Application Software Security

Raveen Wijewickrama Anindya Maiti Murtuza Jadliwala

How to give Student Voice Surveys

Mole: Motion Leaks through Smartwatch Sensors

Presentation transcript:

Presented by: Tom Staley

About Paper by Emiliano Miluzzo Alexander Varshavsky Suhrid Balakrishnan Romit Roy Choudhury Originally presented at MobiSys2012, June 27, 2012

Introduction Determining location of screen taps using accelerometer and gyroscopes Could lead to attackers using this info to track inputs “TapPrints- a framework for inferring location of taps on mobile devices”

Current State of Sensors Mobile sensors becoming more powerful Many types of data: patient monitoring, localization, context-awareness, etc. Rumored that insurance companies are trying to use dietary patterns to determine cost and coverage of policies

Using Gyroscopes

TapPrints Implemented on Google Nexus S, Apple iPhone 4, Samsung Galaxy Tab 10.1 Over 40,000 taps collected from 10 users over 4 weeks 80-90% accuracy, enough to guess a password

How Data Could be Used Attackers can improve odds by: Applying a spellchecker to guess unknown words Narrowing search to addresses in contact list if the application is running Data can be protected by: Using a rubber case to absorb motions Switching to swiping-based keyboards

Is this a Threat? Attacks could be disguised as any app available on the market Only sensor that requires permission is location Accelerometer and gyroscope largely ignored due to gaming

How to Differentiate Taps

Recognizing Taps TapPrints has to be trained to recognize taps Different methods: k-Nearest Neighbor Multinomial Logistic Regression Support Vector Machines Random Forests Bagged Decision Trees Combine all methods at end to get best results

Collecting Data Used four methods: Icon Taps Sequential Letters Pangrams Repeated Pangrams

Icon Taps Averages: iPhone- 78.7% Nexus- 67.1% Random guess is only 5%

Repetitions Stabilizes at 20 taps/icon 70% accuracy reached at 12 taps Attackers could disguise as a game Could also pre-train to recognize other users’ taps

Letter Tapping Harder than icon taps because letters are smaller and have less separation Average prediction is 65.11% after training using pangrams Random guess is only 3.8%

Letter Confusion Mostly limited to surrounding letters Could be used in a dictionary search to guess words Some letters better than others, e.g. E vs. W

Example of Pangram

Sequential Letters

Letter Repetition More repetitions required because of smaller areas 150 taps to reach 50%

Sensor Efficacy

Possible Solutions Pause sensors when typing Agreements with developers to hold them accountable Have users grant permission to use sensors Rubber cases to absorb motion Swiping-based keyboards

Conclusion Attackers can use software to track user input TapPrints is just an early implementation In future, software will be much more powerful

Bibliography Miluzzo, Emiliano, Alexander Varshavsky, Suhrid Balakrishnan, and Romit Roy Choudhury. "Tapprints: Your Finger Taps Have Fingerprints." MobiSys '12 Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services. MobiSys 2012, United Kingdom, Low Wood Bay, Lake District. New York: ACM, Print.