
Abstract
PINs and patterns remain among the most widely used knowledge-based authentication schemes. As thermal cameras become ubiquitous and affordable, we foresee a new form of threat to user privacy on mobile devices. Thermal cameras allow performing thermal attacks, where heat traces, resulting from authentication, can be used to reconstruct passwords. In this work we investigate in details the viability of exploiting thermal imaging to infer PINs and patterns on mobile devices. We present a study (N=18) where we evaluated how properties of PINs and patterns influence their thermal attacks resistance. We found that thermal attacks are indeed viable on mobile devices; overlapping patterns significantly decrease successful thermal attack rate from 100% to 16.67%, while PINs remain vulnerable (>72% success rate) even with duplicate digits. We conclude by recommendations for users and designers of authentication schemes on how to resist thermal attacks.
Item Type: | Conference or Workshop Item (Speech) |
---|---|
EU Funded Grant Agreement Number: | 683008 |
EU Projects: | Horizon 2020 > ERC Grants > ERC Consolidator Grant > ERC Grant 683008: AMPLIFY - Amplifying Human Perception Through Interactive Digital Technologies |
Form of publication: | Submitted Version |
Keywords: | mobile authentication, thermal imaging, touchscreens |
Faculties: | Mathematics, Computer Science and Statistics > Computer Science |
Subjects: | 000 Computer science, information and general works > 004 Data processing computer science |
URN: | urn:nbn:de:bvb:19-epub-68285-3 |
Place of Publication: | New York, NY, USA |
Language: | English |
Item ID: | 68285 |
Date Deposited: | 24. Jul 2019, 05:49 |
Last Modified: | 13. Aug 2024, 12:58 |