randompad usability of randomized mobile keypads for
play

RandomPad: Usability of Randomized Mobile Keypads for Defeating - PowerPoint PPT Presentation

Nov 09, 2023 •11 likes •361 views

RandomPad: Usability of Randomized Mobile Keypads for Defeating Inference Attacks Saturday 29th April, 2017. IMPS 2017, Paris, France. Anindya Maiti , Kirsten Crager , Murtuza Jadliwala , Jibo He , Kevin Kwiat and Charles

  1. RandomPad: Usability of Randomized Mobile Keypads for Defeating Inference Attacks Saturday 29th April, 2017. IMPS 2017, Paris, France. Anindya Maiti † , Kirsten Crager † , Murtuza Jadliwala † , Jibo He † , Kevin Kwiat ⋄ and Charles Kamhoua ⋄ † Wichita State University, Wichita, KS, USA ⋄ Air Force Research Laboratory, Rome, NY, US

  2. Table of Contents 1. Introduction 2. Randomization Strategies 3. Human Factors 4. Study 5. Evaluation 6. Discussions and Conclusion 2

  3. Introduction

  4. Side-Channel Inference Attacks on Mobile Device Keypads Indirect observation techniques used by ‘attackers’ to obtain victim’s personal information (such as passwords, credit card details, SSN/NIR, etc.) from their typing actions. 4

  5. Types of Keystroke Inference Attacks 1/2 Based on time delays between audio feedback of keystrokes [8]. Sun et al. [29] used video recordings of the backside of a tablet to infer typed keystrokes. Simon et al. [24] used microphone to detect touch events, while the camera is used to estimate the smartphone’s orientation, and correlate it to the position of the digit tapped by user. Zhang et al. [33] analyzed finger smudges left on the touch screen surface to infer touch patterns, with remarkable success. 5

  6. Types of Keystroke Inference Attacks 2/2 Motion sensor-based attacks on mobile keypads: • On-Device: Cai et al. [4] and Owusu et al. [18] used accelerometer and gyroscope for keystroke inference. • Off-Device: Maiti et al. [17] used user’s smartwatch motion sensors for keystroke inference. 6

  7. How to Protect Smartphone Keystroke Privacy? Interestingly, all these attacks share one common assumption: the numeric keypad employed by the target user has a standardized key layout known to the adversary . Solution: Randomizing the keyboard layout from the default to something different. 7

  8. Randomization Strategies

  9. Randomization Strategies We propose five representative strategies spanning from purely-random to partially-random keypad layouts. The latter preserves some characteristics of the default layout, to achieve a favorable security-usability trade-off. For stronger security, keypad randomization can be performed either at the beginning of every keystroke or at the beginning of each typing session. 9

  10. Randomization Strategies - Sequence Randomization (a) (b) (c) Figure 1: Examples of (a) Row Randomization (RR), (b) Column Randomization (CR), and (c) Individual Key Randomization (IKR) 10

  11. Randomization Strategies - Size and Location Randomization (a) (b) (c) Figure 2: Examples of (a) Key Size Randomization (KSR) and (b) Key Location Randomization (KLR), and (c) The hidden 7 × 6 grid layout used in KSR and KLR. 11

  12. Security Analysis of the Randomization Strategies Table 1: Security assurance of the five proposed randomization strategies. Lower rank is better security. Randomization Correct Entire Keypad Security Strategy Guessing Probability Assurance Rank 12! = 2 . 08 × 10 − 9 1 IKR 1 1 RR 4! = 0 . 04167 2 1 KLR 16 = 0 . 0625 3 1 KSR 12 = 0 . 08333 4 1 CR 3! = 0 . 16667 5 12

  13. Human Factors

  14. Design Principles Against Side-Channel Attacks Cai et al. [5] pointed out the following desirable properties in any defense solution: • Security: solution must protect against side-channel attacks, • Usability: ideally, solution should require no extra effort from users and if extra effort is unavoidable, it should not disrupt the users’ work flow, • Backward and Forward Compatibility: no or minimal modification to existing applications and operating systems, • Performance: no or minimal overhead, and • Versatility: should be deployable on various types of mobile hardware, software, and user interfaces. 14

  15. Evaluation Goals Time required for completing a typing task and the number of errors made during the task, while using RandomPad. User-provided subjective workload and usability measures using NASA-TLX [10] and SUS [3]. Effect of additional visual cues in form of contrasting shades of gray [13][30] to represent each of the keys. 15

  16. Study

  17. Study - Participants Table 2: Demographics and preferences of 100 participants. 56% Female Gender 44% Male 33% Employed Occupation 67% Student Smartphone 26% Less than 5 Years Ownership Duration 74% More than 5 Years 59% iOS (iPhone) Current Smartphone 41% Android Willingness to Use 22% In Favor Random Keypad 78% Not in Favor (Before Study) 17

  18. Study - Task Dictated Typing • Visually and acoustically dictated sequences of pseudo-random single digit numbers. • Repeated for default, randomized and gray-scale keypads. Natural Typing • Participants were instructed to type information already known to them such as zip code (5 digits), phone number without area code (7 digits), birth date (8 digits), etc. • Repeated for default, randomized and gray-scale keypads. 18

  19. Evaluation

  20. Results - Typing Speed 1100.0 1100.0 1000.0 1000.0 AVERAGE TYPING TIME (MS) AVERAGE TYPING TIME (MS) 900.0 900.0 800.0 800.0 700.0 700.0 600.0 600.0 500.0 500.0 CR IKR KLR KSR RR CR IKR KLR KSR RR RANDOMIZATION TYPE RANDOMIZATION TYPE Default Randomized Gray-scale Default Randomized Gray-scale Randomized keypads do increase task completion times, by approximately 21% for dictated and 16% for natural typing. CR < KLR < RR < IKR < KSR 20

  21. Results - Typing Accuracy 100.0 100.0 99.0 99.0 98.0 98.0 97.0 97.0 ACCURACY (%) ACCURACY (%) 96.0 96.0 95.0 95.0 94.0 94.0 93.0 93.0 92.0 92.0 91.0 91.0 90.0 90.0 CR IKR KLR KSR RR CR IKR KLR KSR RR RANDOMIZATION TYPE RANDOMIZATION TYPE Default Randomized Gray-scale Default Randomized Gray-scale It may be concluded that the task completion time was traded-off for higher accuracy by the participants. 21

  22. Results - Learning Curve In order to analyze if the typing performance (speed and accuracy) improves with more usage of the randomized keypad, we compare the average per key typing time for the first and last ten numbers typed with RandomPad, in the natural typing session. The overall mean drop in per key typing time is recorded as − 163 . 09 ms, with p < 0 . 001. However, we did not observe any significant improvement in accuracy. 22

  23. Results - Perceived Workload 60.0 50.0 NASA-TLX SCORE 40.0 30.0 20.0 10.0 0.0 CR IKR KLR KSR RR RANDOMIZATION TYPE Default Randomized Gray-scale KLR is reported to take the least effort compared to the other four randomization strategies on the NASA-TLX. KLR < CR < IKR < KSR < RR 23

  24. Results - Perceived Usability 100.0 90.0 80.0 70.0 SUS SCORE 60.0 50.0 40.0 30.0 20.0 10.0 0.0 CR IKR KLR KSR RR RANDOMIZATION TYPE Default Randomized Gray-scale KLR is again reported to be the most usable compared to the other four randomization strategies on the SUS. KLR > CR > IKR > KSR > RR 24

  25. Results - Gray-Scale On the NASA-TLX and SUS scores, there are no significant differences between the randomized keypads without gray-scale shading versus randomized keypads with gray-scale shading Thus, contrasting gray-scale shades on the keypad does not lower the perceived workload or improve the perceived usability of RandomPad. However, gray-scale keypads could be potentially improved by adjusting and optimizing this contrast between the different shades [34]. 25

  26. Results - Are Users Going to Use it? In the initial pre-survey recorded before the participants were introduced to side-channel keystroke inference attacks, only 22% of the participants reported that they would be willing to use a randomized version of the keypad. After completing the experimental trials, as many as 80% of the participants reported in the post-survey that they would be willing to use a randomized keypad in order to protect their privacy. 26

  27. Discussions and Conclusion

  28. Privacy-Usability Trade-Off 1/2 Table 3: Usability rankings of the five randomization strategies calculated using average typing speed, workload (lower better) and perceived usability (higher better). Lower least rank is better usability. Randomi- Typing Perceived Summed Workload zation Speed Usability Usability Rank Rank Strategy Rank Rank (Least Rank) KLR 2 1 1 4 (1) CR 1 2 2 5 (2) IKR 4 3 3 10 (3) KSR 5 4 4 13 (4) RR 3 5 5 13 (4) 28

  29. Privacy-Usability Trade-Off 2/2 Comparing Table 1 (Security Analysis) and 3 (Usability Analysis), we see that KLR ranks relatively highest on both (3 + 1 = 4) tied with IKR (1 + 3 = 4), followed by RR (2 + 4 = 6), CR (5 + 2 = 7), and KSR (4 + 4 = 8), respectively. In other words, KLR and IKR provides the best balance between security and usability, while KSR provides the least. 29

  30. Future Work Prevent visual channel attacks using randomized augmented reality keyboards (PerCom’17 Workshop). Publicly available RandomPad plug-in for Android smartphones. 30

  31. Conclusion We proposed the use of randomized keypads for typing sensitive information on mobile device keypads. Increased task completion time. Perceived to be less usable and more work. However, the learning curve associated with randomized keypads can improve user performance and usability with prolonged use. Interestingly, even with the degraded usability of randomized keypads, participants were willing to use it for improved privacy. 31

  32. Appendix

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Usability and Small Screens SWEN-444 iPhone Android Windows Phone 8 The phrase mobile

Usability and Small Screens SWEN-444 iPhone Android Windows Phone 8 The phrase mobile

Usability and Small Screens SWEN-444 iPhone Android Windows Phone 8 The phrase mobile usability is pretty much an oxymoron. It's neither easy nor pleasant to use the Web on mobile devices. designing for mobile is hard

337 views • 14 slides
New Techniques for Usability Evaluation of Mobile Systems Jesper Kjeldskov &amp; Jan Stage

New Techniques for Usability Evaluation of Mobile Systems Jesper Kjeldskov &amp; Jan Stage

New Techniques for Usability Evaluation of Mobile Systems Jesper Kjeldskov &amp; Jan Stage Department of Computer Science Aalborg University Denmark Background Mobile technologies and systems PDAs, wearables, mobile phones, tablet

537 views • 17 slides
Usability and Accessibility CS 4720 Web &amp; Mobile

Usability and Accessibility CS 4720 Web &amp; Mobile

Usability and Accessibility CS 4720 Web &amp; Mobile Systems CS 4720 What makes a good interface? Don't say anything but SIS. What

735 views • 27 slides
A Framework for Remote Usability Evaluation on Mobile Devices Bachelorarbeit in Informatik

A Framework for Remote Usability Evaluation on Mobile Devices Bachelorarbeit in Informatik

Technische Universitt Mnchen A Framework for Remote Usability Evaluation on Mobile Devices Bachelorarbeit in Informatik Daniel Bader Technische Universitt Mnchen Introduction Usability - An indicator for the ease of use and

785 views • 56 slides
SunyoungKim,PhD Last class Normans design principles Recap. Usability Usability is a

SunyoungKim,PhD Last class Normans design principles Recap. Usability Usability is a

Human-Computer Interaction 18. Design Mobile Design Principles SunyoungKim,PhD Last class Normans design principles Recap. Usability Usability is a measure of the effectiveness, efficiency and satisfaction with which specified

921 views • 75 slides
EVALUATING THE USABILITY OF A MOBILE APPLICATION FOR SELF-MANAGEMENT OF UNHEALTHY ALCOHOL USE

EVALUATING THE USABILITY OF A MOBILE APPLICATION FOR SELF-MANAGEMENT OF UNHEALTHY ALCOHOL USE

EVALUATING THE USABILITY OF A MOBILE APPLICATION FOR SELF-MANAGEMENT OF UNHEALTHY ALCOHOL USE Eric Hawkins, PhD, Anissa Danner, MSW, Aline Lott, MA, Carol Malte, MSW, Patrick Dulin, PhD, John Fortney, PhD, George Sayre, PsyD, John Baer, PhD

442 views • 19 slides
Measuring Usability of the Mobile Learning App for the Children Zahid Hussain Quaid-e-Awam

Measuring Usability of the Mobile Learning App for the Children Zahid Hussain Quaid-e-Awam

Measuring Usability of the Mobile Learning App for the Children Zahid Hussain Quaid-e-Awam University, Nawabshah, Pakistan Contents 1. Introduction 2. Related Work 3. Learn English-Sindhi App 4. Methodology 5. Results 6. Conclusions

511 views • 27 slides
Do gma 1 Deliverables from usability professionals must be highly usable Reports,

Do gma 1 Deliverables from usability professionals must be highly usable Reports,

Myths about usability testing Copies of Slides U X Day Graz 2013 F ive use rs will find 85% o f the usability pro ble ms Rolf Molich - and o the r myths abo ut DialogDesign usability te sting Do gma 1 Deliverables from

659 views • 18 slides
Development and Usability of a Samoan Vocabulary Mobile App Raisa Ongosia University of Hawaii

Development and Usability of a Samoan Vocabulary Mobile App Raisa Ongosia University of Hawaii

Development and Usability of a Samoan Vocabulary Mobile App Raisa Ongosia University of Hawaii at Manoa rongosia@hawaii.edu About Me ! Masters Student Learning Design and Technology ! Community Desk Coordinator ! Samoan Background !

736 views • 42 slides
GESTURE-BASED USER AUTHENTICATION FOR MOBILE DEVICES Dennis Guse Quality and Usability Labs, TU

GESTURE-BASED USER AUTHENTICATION FOR MOBILE DEVICES Dennis Guse Quality and Usability Labs, TU

GESTURE-BASED USER AUTHENTICATION FOR MOBILE DEVICES Dennis Guse Quality and Usability Labs, TU Berlin 1 AUTHENTICATION ON MOBILE DEVICES Mobile Devices Interaction style Limitations 2 GESTURE-BASED USER AUTHENTICATION Personalized

239 views • 13 slides
Rigorous Evaluation Usability Testing To Review - What is Usability? A measure of the quality

Rigorous Evaluation Usability Testing To Review - What is Usability? A measure of the quality

Rigorous Evaluation Usability Testing To Review - What is Usability? A measure of the quality of the users experience when interacting with a product or system How usable is the interface? Usability Measures Ease of learning

912 views • 24 slides
Home is Where Your Phone is: Usability Evaluation of Mobile Phone UI for a Smart Home Tiiu

Home is Where Your Phone is: Usability Evaluation of Mobile Phone UI for a Smart Home Tiiu

Home is Where Your Phone is: Usability Evaluation of Mobile Phone UI for a Smart Home Tiiu Koskela, Kaisa Vnnen-Vainio-Mattila &amp; Lauri Lehti Tampere University of Technology Tiiu.Koort@nokia.com Kaisa.Vaananen-Vainio-Mattila@tut.fi

312 views • 5 slides
RHyTHM: A Randomized Hybrid Scheme To Hide in the Mobile Crowd Mohammad Khodaei, Andreas Messing,

RHyTHM: A Randomized Hybrid Scheme To Hide in the Mobile Crowd Mohammad Khodaei, Andreas Messing,

RHyTHM: A Randomized Hybrid Scheme To Hide in the Mobile Crowd Mohammad Khodaei, Andreas Messing, and Panos Papadimitratos Networked Systems Security Group (NSS) www.ee.kth.se/nss Royal Institute of Technology (KTH) Stockholm, Sweden Nov. 28,

361 views • 15 slides
USABILITY INTRODUCTION USABILITY AND USER INTERFACE DESIGN TO BE PREPARED FOR THIS CLASS YOU

USABILITY INTRODUCTION USABILITY AND USER INTERFACE DESIGN TO BE PREPARED FOR THIS CLASS YOU

USABILITY INTRODUCTION USABILITY AND USER INTERFACE DESIGN TO BE PREPARED FOR THIS CLASS YOU WILL HAVE WORKED THROUGH THE LYNDA.COM UX-1 SECTION. FOR THIS CLASS USABILITY WHAT is Usability? WHY is Usability important? USER

611 views • 21 slides
Web Design and Usability CSE 190 M (Web Programming) Spring 2007 University of Washington

Web Design and Usability CSE 190 M (Web Programming) Spring 2007 University of Washington

CSE 190 M: Web Design and Usability Page 1 Web Design and Usability CSE 190 M (Web Programming) Spring 2007 University of Washington References: J. Nielsen's Designing Web Usability (2) What is usability? usability: the effectiveness with

187 views • 6 slides
Usability and Eye Tracking Marco Pretorius Usability Manager &amp; Researcher UNISA: School of

Usability and Eye Tracking Marco Pretorius Usability Manager &amp; Researcher UNISA: School of

Usability and Eye Tracking Marco Pretorius Usability Manager &amp; Researcher UNISA: School of Computing Agenda Introduction What is usability? User-centered design Eye tracking Benefits and ROI UNISA usability

931 views • 60 slides
CAVE2 Unity Tutorial CAVE2 unity tutorial on github Omicron Cave example unity scene Cave2

CAVE2 Unity Tutorial CAVE2 unity tutorial on github Omicron Cave example unity scene Cave2

CAVE2 Unity Tutorial CAVE2 unity tutorial on github Omicron Cave example unity scene Cave2 manager CAVE2 interaction CS 491 / DES 400 Creative Coding Computer Science CAVE2 Unity Tutorial

440 views • 21 slides
Science Science The Problem Evidence Evidence

Science Science The Problem Evidence Evidence

Science Science The Problem Evidence Evidence Evidence Evidence About The Problem The Problem The Problem Application Application

383 views • 27 slides
2008 Annual General Meeting Sydney, 25 November 2008 Annual General Meeting Graham Kraehe AO

2008 Annual General Meeting Sydney, 25 November 2008 Annual General Meeting Graham Kraehe AO

2008 Annual General Meeting Sydney, 25 November 2008 Annual General Meeting Graham Kraehe AO Chairman 2008 Annual General Meeting Sydney, 25 November Brambles (BXB) vs ASX200 26 Nov 07 to 21 Nov 08 120.00 BXB ASX200 100.00 80.00

1.19k views • 78 slides
Skin and soft tissue infections Sarah Doernberg, MD, MAS Associate Professor Medical Director of

Skin and soft tissue infections Sarah Doernberg, MD, MAS Associate Professor Medical Director of

Skin and soft tissue infections Sarah Doernberg, MD, MAS Associate Professor Medical Director of Antimicrobial Stewardship Disclosures Consultant: Genentech, Basilea Pharmaceutica Outline Cellulitis Necrotizing infections

1.09k views • 61 slides
One of three programming paradigms We can identify three paradigms: functional programming,

One of three programming paradigms We can identify three paradigms: functional programming,

Object-Oriented Analysis and Design One of three programming paradigms We can identify three paradigms: functional programming, imperative programming and object oriented approach. Object orientation is comparatively young compared to the other

157 views • 5 slides
Sit in groups of exactly 4 Early feedback ck #1 Number yourselves: 1-4 No screens Say your

Sit in groups of exactly 4 Early feedback ck #1 Number yourselves: 1-4 No screens Say your

Sit in groups of exactly 4 Early feedback ck #1 Number yourselves: 1-4 No screens Say your name Prof. Lydia Chilton COMS 4170 11 April 2018 1 Today 10 minutes: Review Critique 40 minutes: Groups of 4 (ten minutes each)

495 views • 36 slides
and more Yang Wu Nara Institute of Science and Technology

and more Yang Wu Nara Institute of Science and Technology

Understanding humans : identity, communication, state, and more Yang Wu Nara Institute of Science and Technology 1 NAIST International Collaborative Laboratory for Robotics Vision For

1.72k views • 116 slides
Haptic Rendering of Textures Katherine J. Kuchenbecker and Heather Culbertson Mechanical

Haptic Rendering of Textures Katherine J. Kuchenbecker and Heather Culbertson Mechanical

Haptic Rendering of Textures Katherine J. Kuchenbecker and Heather Culbertson Mechanical Engineering and Applied Mechanics Haptics Group, GRASP Lab 2014 IEEE Haptics Symposium Sunday Afternoon Tutorial Katherine J. Kuchenbecker, Ph.D. Heather

1.93k views • 147 slides

More recommend