NomadiKey: User Authentication for Smart Devices based on Nomadic Keys
Resumo
The growing importance of smart devices calls for effective user authentication mechanisms. In this paper, we argue that state-of-the-art authentication mechanisms are either vulnerable to known attacks or do not fully meet usability needs. To address this problem we design NomadiKey, a user-to-device authentication mechanism based on nomadic keyboard keys. NomadiKey increases security level by placing keys at different screen coordinates each time it is activated. Besides, NomadiKey preserves usability by maintaining the traditional relative position of keys. To increase security even further, we also design an extension to NomadiKey, called NomadiKey++, that employs out-of-band channels to protect the user from shoulder-surfing attacks.
Referências
Arif, A. S. and Mazalek, A. (2013). A Tap and Gesture Hybrid Method for Authenticating Smartphone Users. In MobileHCI.
Aviv, A. J., Gibson, K., Mossop, E., Blaze, M., and Smith, J. M. (2010). Smudge Attacks on Smartphone Touch Screens. In WOOT.
Bojinov, H. and Boneh, D. (2011). Mobile Token-based Authentication on a Budget. In HotMobile.
Cotta, L., Fernandes, A. L., Melo, L. T. C., Saggioro, L. F. Z., Martins, F., Neto, A. L. M., Loureiro, A. A. F., Ítalo Cunha, and Oliveira, L. B. (2016). NomadiKey: User Authentication for Smart Devices based on Nomadic Keys. In ICC.
Dell’Amico, M., Michiardi, P., and Roudier, Y. (2010). Password Strength: An Empirical Analysis. In INFOCOM.
Egelman, S., Jain, S., Portnoff, R. S., Liao, K., Consolvo, S., and Wagner, D. (2014). Are You Ready to Lock? In CCS.
Haque, S. M. T., Wright, M., and Scielzo, S. (2013). Passwords and Interfaces: Towards Creating Stronger Passwords by Using Mobile Phone Handsets. In SPSM.
Harbach, M., von Zezschwitz, E., Fichtner, A., Luca, A. D., and Smith, M. (2014). It’s a hard lock life: A field study of smartphone (un)locking behavior and risk perception. In SOUPS.
Mock, K., Hoanca, B., Weaver, J., and Milton, M. (2012). Real-time Continuous Iris Recognition for Authentication Using an Eye Tracker. In CCS.
Neto, A. L. M., Fernandes, A. L., Martins, F., Melo, L. T., Cotta, L., Saggioro, L. F. Z., Loureiro, A. A., and Oliveira, L. B. (2015). Teclanômade: Uma Solução de Autenticação para Usuários de Dispositivos Inteligentes baseada em Teclados Nômades. In SBSeg.
Pan, S., Chen, A., and Zhang, P. (2013). Securitas: User Identification Through RGB-NIR Camera Pair on Mobile Devices. In SPSM.
Rostami, M., Juels, A., and Koushanfar, F. (2013). Heart-to-Heart (H2H): Authentication for Implanted Medical Devices. In CCS.
Wang, H., Lymberopoulos, D., and Liu, J. (2015). Sensor-based User Authentication. In EWSN.
Yue, Q., Ling, Z., Fu, X., Liu, B., Ren, K., and Zhao, W. (2014). Blind Recognition of Touched Keys on Mobile Devices. In CCS.
Aviv, A. J., Gibson, K., Mossop, E., Blaze, M., and Smith, J. M. (2010). Smudge Attacks on Smartphone Touch Screens. In WOOT.
Bojinov, H. and Boneh, D. (2011). Mobile Token-based Authentication on a Budget. In HotMobile.
Cotta, L., Fernandes, A. L., Melo, L. T. C., Saggioro, L. F. Z., Martins, F., Neto, A. L. M., Loureiro, A. A. F., Ítalo Cunha, and Oliveira, L. B. (2016). NomadiKey: User Authentication for Smart Devices based on Nomadic Keys. In ICC.
Dell’Amico, M., Michiardi, P., and Roudier, Y. (2010). Password Strength: An Empirical Analysis. In INFOCOM.
Egelman, S., Jain, S., Portnoff, R. S., Liao, K., Consolvo, S., and Wagner, D. (2014). Are You Ready to Lock? In CCS.
Haque, S. M. T., Wright, M., and Scielzo, S. (2013). Passwords and Interfaces: Towards Creating Stronger Passwords by Using Mobile Phone Handsets. In SPSM.
Harbach, M., von Zezschwitz, E., Fichtner, A., Luca, A. D., and Smith, M. (2014). It’s a hard lock life: A field study of smartphone (un)locking behavior and risk perception. In SOUPS.
Mock, K., Hoanca, B., Weaver, J., and Milton, M. (2012). Real-time Continuous Iris Recognition for Authentication Using an Eye Tracker. In CCS.
Neto, A. L. M., Fernandes, A. L., Martins, F., Melo, L. T., Cotta, L., Saggioro, L. F. Z., Loureiro, A. A., and Oliveira, L. B. (2015). Teclanômade: Uma Solução de Autenticação para Usuários de Dispositivos Inteligentes baseada em Teclados Nômades. In SBSeg.
Pan, S., Chen, A., and Zhang, P. (2013). Securitas: User Identification Through RGB-NIR Camera Pair on Mobile Devices. In SPSM.
Rostami, M., Juels, A., and Koushanfar, F. (2013). Heart-to-Heart (H2H): Authentication for Implanted Medical Devices. In CCS.
Wang, H., Lymberopoulos, D., and Liu, J. (2015). Sensor-based User Authentication. In EWSN.
Yue, Q., Ling, Z., Fu, X., Liu, B., Ren, K., and Zhao, W. (2014). Blind Recognition of Touched Keys on Mobile Devices. In CCS.
Publicado
02/07/2017
Como Citar
SOUZA, Artur; CUNHA, Ítalo; OLIVEIRA, Leonardo B..
NomadiKey: User Authentication for Smart Devices based on Nomadic Keys. In: CONCURSO DE TRABALHOS DE INICIAÇÃO CIENTÍFICA DA SBC (CTIC-SBC), 36. , 2017, São Paulo.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2017
.
p. 2472-2481.
