A Video-based Attack for Android Pattern Lock
作者: Guixin Ye , Zhanyong Tang , Dingyi Fang , Xiaojiang Chen , Willy Wolff
DOI: 10.1145/3230740
关键词:
摘要: Pattern lock is widely used for identification and authentication on Android devices. This article presents a novel video-based side channel attack that can reconstruct locking patterns from video footage filmed using smartphone. As departure previous attacks pattern lock, this new does not require the camera to capture any content displayed screen. Instead, it employs computer vision algorithm track fingertip movement trajectory infer pattern. Using geometry information extracted tracked motions, method accurately small number of (often one) candidate be tested by an attacker. We conduct extensive experiments evaluate our approach 120 unique collected 215 independent users. Experimental results show proposed over 95% in five attempts. discovered that, contrast most people’s belief, complex do offer stronger protection under attacking scenarios. demonstrated fact we are able break all but one (with 97.5% success rate) as opposed 60% simple first attempt.We demonstrate video-side serious concern only graphical also PIN-based passwords, algorithms analysis developed easily adapted target passwords. countermeasure, propose change way constructed used. proposal successfully defeat attack. hope encourage community revisit design practical use lock.
acm.org
sci-hub.se 参考文章(48)
Markus G. Kuhn, Compromising emanations: eavesdropping risks of computer displays ,(2003)
Xinwen Fu, Benyuan Liu, Qinggang Yue, Zhen Ling, Wei Zhao, Blind Recognition of Touched Keys: Attack and Countermeasures. arXiv: Cryptography and Security. ,(2014)
Adam J Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, Jonathan M Smith, None, Smudge attacks on smartphone touch screens WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies. pp. 1- 7 ,(2010)
Abdul Serwadda, Vir V. Phoha, When kids' toys breach mobile phone security computer and communications security. pp. 599- 610 ,(2013) , 10.1145/2508859.2516659
Deian Stefan, Xiaokui Shu, Danfeng (Daphne) Yao, Robustness of keystroke-dynamics based biometrics against synthetic forgeries Computers & Security. ,vol. 31, pp. 109- 121 ,(2012) , 10.1016/J.COSE.2011.10.001
Alexander De Luca, Alina Hang, Frederik Brudy, Christian Lindner, Heinrich Hussmann, Touch me once and i know it's you! Proceedings of the 2012 ACM annual conference on Human Factors in Computing Systems - CHI '12. pp. 987- 996 ,(2012) , 10.1145/2207676.2208544
Jounghoon Beh, David Han, Hanseok Ko, Rule-based trajectory segmentation for modeling hand motion trajectory Pattern Recognition. ,vol. 47, pp. 1586- 1601 ,(2014) , 10.1016/J.PATCOG.2013.11.010
Emanuel von Zezschwitz, Alexander De Luca, Philipp Janssen, Heinrich Hussmann, Easy to Draw, but Hard to Trace?: On the Observability of Grid-based (Un)lock Patterns human factors in computing systems. pp. 2339- 2342 ,(2015) , 10.1145/2702123.2702202
Lionel Standing, Jerry Conezio, Ralph Norman Haber, Perception and memory for pictures: Single-trial learning of 2500 visual stimuli Psychonomic Science. ,vol. 19, pp. 73- 74 ,(1970) , 10.3758/BF03337426
Diksha Shukla, Rajesh Kumar, Abdul Serwadda, Vir V. Phoha, Beware, Your Hands Reveal Your Secrets! computer and communications security. pp. 904- 917 ,(2014) , 10.1145/2660267.2660360