ScreenPass: Secure Password Entry on Touchscreen Devices Dongtao - - PowerPoint PPT Presentation

screenpass secure password entry on touchscreen devices
SMART_READER_LITE
LIVE PREVIEW

ScreenPass: Secure Password Entry on Touchscreen Devices Dongtao - - PowerPoint PPT Presentation

Aug 17, 2023 343 likes •570 views

D u k D u k e S y y s s t t e e m s ScreenPass: Secure Password Entry on Touchscreen Devices Dongtao Liu Duke University May 2012 Joint work with: Ryan Scudellari, Eduardo Cuervo, and Landon P. Cox D u D u k k e e S y s t s t e m

slide-1
SLIDE 1

D u D u k k e e S y s t s t e m s m s

D u D u k k e S y y s s t t e e m s

ScreenPass: Secure Password Entry on Touchscreen Devices

Dongtao Liu Duke University May 2012

Joint work with: Ryan Scudellari, Eduardo Cuervo, and Landon P. Cox

slide-2
SLIDE 2

Passwords in smartphones

slide-3
SLIDE 3

imo.com mint.com Real Sync FriendCaster

Buggy? Malicious?

slide-4
SLIDE 4

Taint tracking

  • TaintDroid [OSDI '10]
  • Taint-tracking extension for Android
  • Monitor propagation of tagged data
  • Apply taint tracking to passwords?
  • Properly tagged passwords
  • Release policy for passwords
slide-5
SLIDE 5

Challenges to tag passwords

  • Data tracked in TaintDroid prototype
  • API calls with well-defined semantics
  • Password input
  • Through character-stream interfaces
  • A mix of sensitive & non-sensitive data
  • How to tag password?
  • Secure attestation sequence (SAS): ‘@@’
  • Require TCB to handle all text inputs
slide-6
SLIDE 6

Challenges to tag passwords

  • Software keyboard spoofing
  • Touchscreen devices
  • Reserve area for trusted signal
  • Screen real-estate is precious
  • Signals are easy to ignore
slide-7
SLIDE 7

ScreenPass

  • To enforce all text input handled by TCB
  • Apply OCR analysis to detect spoofed keyboard
  • Restrict WHAT apps can write instead of WHERE
  • To properly tag passwords
  • Special secure input method
  • Associate secure domain with password

OCR

slide-8
SLIDE 8

Untrusted App Text-input widget Input Method Framework System service ScreenPass System service ScreenPass IME Android Window Manager Frame Checker Software Keyboard (9) <x, y>  ‘a’ Secure Domain Bar (7) taint=‘facebook’ (1) Get IME (2) Start IME (3) Set check=‘false’ Get check (4) Display Keyboard (5) Display Domain Bar (6) ‘facebook.com’ (8) <x, y> (10) ‘a’ tagged with ‘facebook.com’

slide-9
SLIDE 9

ScreenPass IME UI

slide-10
SLIDE 10

Detecting spoofed keyboards

  • FrameChecker
  • A separate thread within SurfaceFlinger
  • Check frame buffer to recognize keyboard
  • Optimizations
  • Omit: pwd mode/no change/no touch
  • Spatial: check bottom 320X480 screen
  • Temporal: sleep for random intervals
  • Code: NEON 128-bit SIMD instructions
slide-11
SLIDE 11

Detecting spoofed keyboards

  • Apply OCR to recognize keyboard
  • Characters should be clear
  • Sequence should be fixed
  • Tesseract OCR
  • Open source OCR project
  • Port to Android platform
slide-12
SLIDE 12

Detecting spoofed keyboards

RG BA RG BA

Stage 1 Frame Squash Stage 2 Frame Analysis Stage 3 Sleep

OCR Engine

slide-13
SLIDE 13

Evaluation

  • Is monitoring passwords useful?
  • Android app study
  • What attacks can ScreenPass detect?
  • Attack tests
  • How fast can ScreenPass check frames?
  • Analyzing performance
  • How often should ScreenPass check?
  • Frame rate drop & energy overhead
slide-14
SLIDE 14

Evaluation: App study

  • Study 30 apps from:
  • App pool of popular apps from all categories
  • Top apps from search by keywords
  • “password”, “dating”, and “online game”
slide-15
SLIDE 15

Evaluation: App study

Application Type

Outside the domain Plaintext

  • ver

network Plaintext to file

Pageonce Finance

MessengerWithYou Communication

Meebo IM Communication

Picassatools Social

Skout Social

√ √

Match.com "Dating"

Myyearbook.com "Dating"

Chess.com "Online Game"

√ √

slide-16
SLIDE 16

Evaluation: Attacks

  • Static Attacks
  • Dynamic Attacks
  • Alternating blocks of

1x1, 2x2, 4x4, and 8x8 pixels

slide-17
SLIDE 17

Evaluation: Analysis time

50 100 150 200 250 300 General App Drawer Video Labyrinth Winds of Steel Run Time (ms)

Average time to analyze one frame

slide-18
SLIDE 18

Evaluation: Frame rate

Average frame rate observed

10 20 30 40 50 60 App drawer Video Pinball Labyrinth Winds of Steel Frame Rate (frame/sec) stock 0ms 500ms 1000ms

slide-19
SLIDE 19

Evaluation: Energy

10 20 30 40 50 60 70 80 90 General App Drawer Video Pinball Labyrinth Winds of Steel Power (Joules) stock 0ms 500ms 1000ms

Energy consumed over one minute

slide-20
SLIDE 20

Related Work

  • Taint tacking
  • TaintDroid [OSDI '10]
  • DTA++ [NDSS '11]
  • Phishing & UI spoofing
  • EGELMAN, S. et al [CHI '08]
  • SCHECHTER, S. E. et all [SP '07]
  • WU, M. et al [CHI '06]
slide-21
SLIDE 21

Conclusion

  • Minimize hardware assumptions
  • Apply OCR/CV to solve UI spoofing
  • Maximize display utilization
  • Restrict what apps can write
  • Minimize user burden
  • Do not rely on user efforts to detect attacks
  • ScreenPass is practical

– Useful/Robust to attacks/Fast – Acceptable overhead