1. Current Concerns and the Promise of Grip Gestures Phani Soumya Inguva, Urban Jaklin, Krishna Sindhuja Kalusani, Christian Merchant

3.  Android is dominant in smartphone market  “97 percent of all mobile malware is targeting Android”  “eerily similar to the ramp-up with Windows”  Numbers only increasing: “new threats are nearly quadrupling year-over-year.” (between 2012 and 2013 stats) [9]

4.  Android “bloatware” (pre-installed by vendors) can cause approximately 60% of the device’s vulnerability issues [13]  In October 2015, reported that over 95% of Android phones can be hacked with MMS message [4]  User authentication for mobile devices remains a prevalent issue as well

6.  Traditional Multi-factor User Authentication  Something you know (such as a password)  Something you have (such as a smart card)  Something you are (such as a fingerprint or other biometric method)  The problem is… Mobile Users mostly prefer usability to security [2]  To that end, the popularity of smartphones have given rise to the ubiquity of graphical pattern password entry as a valid password

7.  Aviv, et al. have shown that “smudges” can compromise Android 3x3 graphical login security measures.  Contact point restrictions on the Android graphical login framework limit the security pattern sample space to ~389,000 possibilities down from over 1,000,000 with a truly random ordering.  Pattern was partially identifiable in 92%, fully in 68% of the tested lighting and camera setups. Even in sub-optimal entry conditions, the pattern can be partially extracted in 37% of the setups and fully in 14% of them. [3] Credit: PCWorld

8.  Graphical password schemes exhibit low-entropy patterns as a result of biased human behavior  Such behavior opens the user for dictionary attacks.  In 20% of cases, Android graphical passwords are less secure than a three digit assigned PIN number.  The experimentation finds that fewer than 300 patterns could account for about 50% of the experiment survey population. [11]

9.  Graphical patterns are more susceptible to shoulder surfing than text based attacks  Proposed solution, implemented by Ali, et al. [1]  What is wrong with all of these solutions so far in the literature?

10. Credit: zte.com

11. Credit: JapanBullet.com

12. Credit: Mortensen

13. 1.Eyes, grip and gesture together are used to identify user’s intention (consider psyops) [7] 2.Maybe for attendance monitoring in class.

14. 3.Maybe for unlocking home doors. 4.WorldKit system  a user performs a swipe gesture on a table or couch surface and instantiates interactors for controlling devices in the living room. [10]

16.  The idea of using pressure sensors in vehicles has become a much discussed (and patented) idea recently. [5]  Google, has also applied for a patent on a version of this idea [6]  Context has been suggested as applicable to semi-autonomous vehicles Credit: Guttersberg Consulting GmbH

18.  Bluetooth is a radio frequency specification for short range point to point/multipoint voice and data transfer.  Bluetooth provides a universal low cost and user friendly communication but had been facing vulnerabilities.  The vulnerabilities include eavesdropping and impersonation causing Denial of Service (DoS), relay attacks and creation of Backdoors.  Bluetooth needed to sophisticate the security requirements by including techniques like authorisation, authentication & encryption.  Bluetooth command and control channel - No Authentication and Authorisation required. [9] Credit: Lacklustre.net

19.  There is no centralised trusted third party for a wireless network.  User authentication becomes harder  Authentication must go across a network without being cracked. Credit: Dreamstime.com Credit: Lincoln.com

21.  The discussed concept of grip gestures collaborated with the pressure sensors in automobiles is the inspiration to propose our solution.  The proposed solution of grip gestures shouldn’t be mistaken with biometric authentication.  Here we use the pressure one applies while holding the steering wheel.  The sense is used to authenticate the user to connect his phone to the bluetooth in the vehicle.  The steering wheel would have 5 different positions which sense the pressure and used to authenticate the user.  Pressure from one’s hand is distinctive. Bluetooth + User Authentication Grip Gestures on Steering wheel Innovative Solutions Calls for

23.  User authentication is an important aspect relating to bluetooth  Improper usage in cars where the bluetooth is paired with a mobile device could lead to access of one’s personal data  We propose the usage of grip authentication technique in the cars using the car’s steering wheel  Technique is safe, innovative and should satisfy our requirement  i.e, providing trustworthy access to one’s bluetooth data.

24. Credit: abbeycentre.ie

25. Credit: mrmediatraining.com

26. [1] M. Ali, et al., “Protecting mobile users from visual privacy attacks,” In Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct Publication(UbiComp '14 Adjunct). ACM, New York, NY, USA, 1-4, 2014 [2] P. Andriotis et al., "A study on usability and security features of the Android pattern lock screen", Information & Computer Security, Vol. 24 Iss 1 pp. 53 - 72, 2016. [3] A. Aviv et al., "Smudge Attacks on Smartphone Touch Screens," in USENIX Workshop on Offensive Technologies, 2010. [4] L. Constantin, “Most Android phones can be hacked with a simple MMS message or multimedia file,” PCWorld, Jul 27, 2015. [5] B. Coxworth. (2015, July 10). Smart steering wheel detects driver drowsiness [Online magazine], Available: http://www.gizmag.com/smart-steering-wheel-driver- drowsiness/38405/http://www.gizmag.com/smart-steering-wheel-driver- drowsiness/38405/ [6] J. Lisseman, “Steering wheel with hand pressure sensing,” U.S. Patent 20110246028 AI, Oct 6, 2011. [7] D. H. Mortensen, “Eyes, grip and gesture as objective indicators of intentions and attention,” in ACM international conference adjnct papers on Ubiquitous computing, New York, NY, 2010, p. 419-420. [8] K. Murao, “Mobile Phone User Authentication with Grip Gestures using Pressure Sensors,” in Proceedings of the 12 th International Conference on Advances in Mobile Computing and Multimedia, New York, NY, 2014. [9] H. Pieterse and M. Olivier, “Bluetooth Command and Control Channel,” Computers & Security 45 (2014), p. 75-83, June 6 2014. [10] D. Reisinger, “Android Security A Glaring Problem: 10 Reasons Why,” Eweek (2014), p. 1., Mar 25, 2014. [11] T. Smirnova, “Grippo: Using Grip Gestures to Repurpose Everyday Objects as Controllers,” M.S. thesis, Comp Sci, Dept., RWTH Aachen University, 2015. [12] S. Uellenbeck et al., "Quantifying the Security of Graphical Passwords: The Case of Android Unlock Patterns," in Proceedings of the 2013 ACM SIGSAC Conference of Computer & Communications Security, New York, NY, 2013. [13] T. R. Weiss, “Android Phones’ Fingerprint Sensors Vulnerable to Hackers,” Eweek (2015), p.1, Aug 9, 2015. [14] L. Wu et al., “The Impact of Vendor Customizations on Android Security” in ACM Conference on Computer and Communications Security, Berlin, Germany, 2013.