Teclanômade: Uma solução de autenticação para usuários de dispositivos inteligentes baseada em Teclados Nômades
Abstract
Smart devices are becoming increasingly more relevant. This growing importance calls for tools able to provide effective authentication systems between users and their respective devices. In this paper, we claim that state-ofthe-art approaches are either vulnerable to known attacks or do not fully meet usability needs. To address this problem, we came up with Teclanômade, an User-to-Device authentication scheme based on itinerant keyboards. Compared to current proposals, Teclanômade improves usability by keeping the traditional relative position of keys. Privacy provision, by its turn, stems from our keyboard's nomadic nature. Specifically, privacy is preserved by making the keyboard move to a different spot on the screen each time it is activated. Our results indicate the overhead incurred by using Teclanômade is on average 0,5 seconds.References
Alexandrescu, A. (2001). Modern C++ Design: Generic Programming and Design Patterns Applied. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA.
Andriotis, P., Tryfonas, T., and Yu, Z. (2014). Breaking the android pattern lock screen with neural networks and smudge attacks.
Arif, A. S. and Mazalek, A. (2013). A tap and gesture hybrid method for authenticating smartphone users. In International Conference on Human-Computer Interaction with Mobile Devices and Services (MobileHCI’13).
Ashton, K. (2009). That ‘internet of things’ thing. RFiD Journal.
Atzori, L., Iera, A., and Morabito, G. (2010). The internet of things: A survey. Computer networks.
Aviv, A. J., Gibson, K., Mossop, E., Blaze, M., and Smith, J. M. (2010). Smudge attacks on smartphone touch screens. In 4th USENIX Conference on Offensive Technologies (WOOT’10), pages 1–7.
Gamma, E., Helm, R., Johnson, R., and Vlissides, J. (1995). Design Patterns: Elements of Reusable Object-oriented Software. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA.
Jakobsson, M., Shi, E., Golle, P., and Chow, R. (2009). Implicit authentication for mobile devices. In Proceedings of the 4th USENIX Conference on Hot Topics in Security, pages 9–9, Berkeley, CA, USA. USENIX Association.
Maggi, F., Volpatto, A., Gasparini, S., Boracchi, G., and Zanero, S. (2011). Poster: fast, automatic iphone shoulder surfing. In Conference on Computer and Communications Security (CCS’11).
Mazurek, M., Komanduri, S., Vidas, T., Bauer, L., Christin, N., Cranor, L., Kelley, P., Shay, R., and Ur, B. (2013). Measuring password guessability for an entire university. In Conference on Computer and Communications Security (CCS’13).
O’Gorman, L. (2003). Comparing passwords, tokens, and biometrics for user authentication. 91(12):2019–2040.
Raguram, R., White, A. M., Goswami, D., Monrose, F., and Frahm, J.-M. (2011). iSpy: Automatic reconstruction of typed input from compromising reflections. In Conference on Computer and Communications Security (CCS’11), pages 527–536.
Smith, R. E. (2001). Authentication: from passwords to public keys. Addison-Wesley Longman Publishing Co., Inc.
Todorov, D. (2007). Mechanics of user identification and authentication: Fundamentals of identity management. CRC Press.
Wangham, M. S., Domenech, M. C., and de Mello, E. R. (2013). Infraestrutura de autenticação e de autorização para internet das coisas. In Minicursos, volume 1 of 13th Brazilian Symposium on Information and Computer System Security (SBSeg’13). SBC.
Wiedenbeck, S., Waters, J., Sobrado, L., and Birget, J.-C. (2006). Design and evaluation of a shoulder-surfing resistant graphical password scheme. In International Working Conference on Advanced Visual Interfaces (AVI’06).
Yue, Q., Ling, Z., Liu, B., Fu, X., and Zhao, W. (2014). Blind recognition of touched keys on mobile devices. In Conference on Computer and Communications Security (CCS’14).
Zhang, Y., Xia, P., Luo, J., Ling, Z., Liu, B., and Fu, X. (2012). Fingerprint attack against touch-enabled devices. In 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices.
Andriotis, P., Tryfonas, T., and Yu, Z. (2014). Breaking the android pattern lock screen with neural networks and smudge attacks.
Arif, A. S. and Mazalek, A. (2013). A tap and gesture hybrid method for authenticating smartphone users. In International Conference on Human-Computer Interaction with Mobile Devices and Services (MobileHCI’13).
Ashton, K. (2009). That ‘internet of things’ thing. RFiD Journal.
Atzori, L., Iera, A., and Morabito, G. (2010). The internet of things: A survey. Computer networks.
Aviv, A. J., Gibson, K., Mossop, E., Blaze, M., and Smith, J. M. (2010). Smudge attacks on smartphone touch screens. In 4th USENIX Conference on Offensive Technologies (WOOT’10), pages 1–7.
Gamma, E., Helm, R., Johnson, R., and Vlissides, J. (1995). Design Patterns: Elements of Reusable Object-oriented Software. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA.
Jakobsson, M., Shi, E., Golle, P., and Chow, R. (2009). Implicit authentication for mobile devices. In Proceedings of the 4th USENIX Conference on Hot Topics in Security, pages 9–9, Berkeley, CA, USA. USENIX Association.
Maggi, F., Volpatto, A., Gasparini, S., Boracchi, G., and Zanero, S. (2011). Poster: fast, automatic iphone shoulder surfing. In Conference on Computer and Communications Security (CCS’11).
Mazurek, M., Komanduri, S., Vidas, T., Bauer, L., Christin, N., Cranor, L., Kelley, P., Shay, R., and Ur, B. (2013). Measuring password guessability for an entire university. In Conference on Computer and Communications Security (CCS’13).
O’Gorman, L. (2003). Comparing passwords, tokens, and biometrics for user authentication. 91(12):2019–2040.
Raguram, R., White, A. M., Goswami, D., Monrose, F., and Frahm, J.-M. (2011). iSpy: Automatic reconstruction of typed input from compromising reflections. In Conference on Computer and Communications Security (CCS’11), pages 527–536.
Smith, R. E. (2001). Authentication: from passwords to public keys. Addison-Wesley Longman Publishing Co., Inc.
Todorov, D. (2007). Mechanics of user identification and authentication: Fundamentals of identity management. CRC Press.
Wangham, M. S., Domenech, M. C., and de Mello, E. R. (2013). Infraestrutura de autenticação e de autorização para internet das coisas. In Minicursos, volume 1 of 13th Brazilian Symposium on Information and Computer System Security (SBSeg’13). SBC.
Wiedenbeck, S., Waters, J., Sobrado, L., and Birget, J.-C. (2006). Design and evaluation of a shoulder-surfing resistant graphical password scheme. In International Working Conference on Advanced Visual Interfaces (AVI’06).
Yue, Q., Ling, Z., Liu, B., Fu, X., and Zhao, W. (2014). Blind recognition of touched keys on mobile devices. In Conference on Computer and Communications Security (CCS’14).
Zhang, Y., Xia, P., Luo, J., Ling, Z., Liu, B., and Fu, X. (2012). Fingerprint attack against touch-enabled devices. In 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices.
Published
2015-11-09
How to Cite
NETO, Antonio L. Maia; FERNANDES, Artur Luis; MARTINS, Frederico; MELO, Leandro T. C.; COTTA, Leonardo; SAGGIORO, Luiz Felipe Z.; LOUREIRO, Antonio A. F.; OLIVEIRA, Leonardo B..
Teclanômade: Uma solução de autenticação para usuários de dispositivos inteligentes baseada em Teclados Nômades. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 15. , 2015, Florianópolis.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2015
.
p. 128-141.
DOI: https://doi.org/10.5753/sbseg.2015.20090.
