GazeTouchPIN: Protecting Sensitive Data on Mobile Devices Using Secure Multimodal Authentication

Although mobile devices provide access to a plethora of sensitive data, most users still only protect them with PINs or patterns, which are vulnerable to side-channel attacks (e.g., shoulder surfing). How-ever, prior research has shown that privacy-aware users are willing to take further steps to protect their private data. We propose GazeTouchPIN, a novel secure authentication scheme for mobile devices that combines gaze and touch input. Our multimodal approach complicates shoulder-surfing attacks by requiring attackers to ob-serve the screen as well as the user’s eyes to and the password. We evaluate the security and usability of GazeTouchPIN in two user studies (N=30). We found that while GazeTouchPIN requires longer entry times, privacy aware users would use it on-demand when feeling observed or when accessing sensitive data. The results show that successful shoulder surfing attack rate drops from 68% to 10.4%when using GazeTouchPIN

DETECTING GESTURES UTILIZING MOTION SENSOR DATA AND MACHINE LEARNING

A computing device is described that uses motion data from motion sensors to detect gestures or user inputs, such as out-of-screen user inputs for mobile devices. In other words, the computing device detects gestures or user touch inputs at locations of the device that do not include a touch screen, such as anywhere on the surface of the housing or the case of the device. The techniques described enable a computing device to utilize a standard, existing motion sensor (e.g., an inertial measurement unit (IMU), accelerometer, gyroscope, etc.) to detect the user input and determine attributes of the user input. Motion data generated by the motion sensor (also referred to as a movement sensor) is processed by an artificial neural network to infer attributes of the user input. In other words, the computing device applies a machine-learned model to the motion data (also referred to as sensor data or motion sensor data) to classify or label the various attributes, characteristics, or qualities of the input. In this way, the computing device utilizes machine learning and motion data to classify attributes of the user input or gesture utilizing motion sensors without the need for additional hardware, such as touch-sensitive devices and sensors

28 frames later: predicting screen touches from back-of-device grip changes

We demonstrate that front-of-screen targeting on mobile phones can be predicted from back-of-device grip manipulations. Using simple, low-resolution capacitive touch sensors placed around a standard phone, we outline a machine learning approach to modelling the grip modulation and inferring front-of-screen touch targets. We experimentally demonstrate that grip is a remarkably good predictor of touch, and we can predict touch position 200ms before contact with an accuracy of 18mm

TACTILE TEXTURES FOR BACK OF SCREEN GESTURE DETECTION USING MOTION SENSOR DATA AND MACHINE LEARNING

A computing device is described that uses motion data from motion sensors to detect gestures or user inputs, such as out-of-screen user inputs for mobile devices. In other words, the computing device detects gestures or user touch inputs at locations of the device that do not include a touch screen, such as anywhere on the surface of the housing or the case of the device. A tactile texture is applied to a housing of the computing device or a case that is coupled to the housing. The tactile texture causes the computing device to move in response to a user input applied to the tactile texture, such as when a user’s finger slides over the tactile texture. A motion sensor (e.g., an inertial measurement unit (IMU), accelerometer, gyroscope, etc.) generates motion data in response to detecting the motion of the computing device. The motion data is processed by an artificial neural network to infer attributes of the user input. In other words, the computing device applies a machine-learned model to the motion data (also referred to as sensor data or motion sensor data) to classify or label the various attributes, characteristics, or qualities of the input. In this way, the computing device utilizes machine learning and motion data to classify attributes of the user input or gesture utilizing motion sensors without the need for additional hardware, such as touch-sensitive devices and sensors

Conceivable security risks and authentication techniques for smart devices

With the rapidly escalating use of smart devices and fraudulent transaction of users’ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques

Extending the Touchscreen Pattern Lock Mechanism with Duplicated and Temporal Codes

We investigate improvements to authentication on mobile touchscreen phones and present a novel extension to the widely used touchscreen pattern lock mechanism. Our solution allows including nodes in the grid multiple times, which enhances the resilience to smudge and other forms of attack. For example, for a smudge pattern covering 7 nodes, our approach increases the amount of possible lock patterns by a factor of 15 times. Our concept was implemented and evaluated in a laboratory user test (n = 36). The test participants found the usability of the proposed concept to be equal to that of the baseline pattern lock mechanism but considered it more secure. Our solution is fully backwards-compatible with the current baseline pattern lock mechanism, hence enabling easy adoption whilst providing higher security at a comparable level of usability

Why aren't users using protection? Investigating the usability of smartphone locking

One of the main reasons why smartphone users do not adopt screen locking mechanisms is due to the inefficiency of entering a PIN/pattern each time they use their phone. To address this problem we designed a context-sensitive screen locking application which asked participants to enter a PIN/pattern only when necessary, and evaluated its impact on efficiency and satisfaction. Both groups of participants, who prior to the study either locked or did not lock their phone, adopted our application and felt that unlocking their phone only when necessary was more efficient, did not annoy them and offered a reasonable level of security. Participants responded positively to the option of choosing when a PIN/pattern is required in different contexts. Therefore, we recommend that designers of smartphone locking mechanisms should consider ceding a reasonable level of control over security settings to users to increase adoption and convenience, while keeping smartphones reasonably secure

Review of Networking and Tangible Security Techniques for Domestic IoT Devices and Initial Ideas

The number of connected devices including Internet of Things (IoTs) on the Internet is growing fast. According to recent Gartner research, the estimated number of IoT devices is 5.8 billion in 2020 (Gartner, 2019). The countries that are leading the way to IoT deployment include North America, Western Europe and China (Kandaswamy and Furlonger, 2018). By 2024, the number of Machine-2-Machine (M2M) connections between these devices are expected to reach 27 billion in 2024 (Kandaswamy and Furlonger, 2018). This growth in M2M connectivity is expected to result from wide range of application areas such as smart cities, smart infrastructure, smart energy among many others (Hassija et al., 2019).This wide spread of IoTs has sparked significant research interest to understand various implications (Airehrour et al., 2016; Neshenko et al., 2019; Hassija et al., 2019). IoTs enable the integration between many objects in our daily life (Aazam et al., 2016; Alaba et al., 2017) such as sensors, objects, wearable devices and other types of machines. IoT devices are capable of communicating directly with one another and sharing data without direct human intervention (Crabtree et al., 2018). These “things” could be any traditional objects such as home appliance (e.g. microwave, fridge) or tiny sensor (e.g. humidity or health sensors). The devices are capable of constant collections of various sensitive and personal data about many aspect of our lives due to its pervasive deployment (Ren et al., 2019).This paper provides an overview of the literature relating to securing IoT with an emphasis on usability from a user perspective as well as approaches to securing access to these devices over the Internet. Although IoT deployment occurs in various settings, i.e. industrial IoT deployment, we mainly focus in this paper on private residential home deployment (i.e. consumer IoTs). We assume that in such settings, users are mostly not experts in security IoT or the underlying networking principles.This paper is organized as follows: section II discusses various protocols and networking security tools (e.g. firewall and Virtual Private Network (VPN)). Section II-D discusses various approaches to simplify cyber-security by using user-centred approaches. In section III, we present a number of existing including enterprise-grade solutions that could be adopted to secure remote access to IoT devices in domestic settings