Visible to the public Biblio

Filters: Keyword is smartphone  [Clear All Filters]
2021-03-18
Khan, A., Chefranov, A. G..  2020.  A Captcha-Based Graphical Password With Strong Password Space and Usability Study. 2020 International Conference on Electrical, Communication, and Computer Engineering (ICECCE). :1—6.

Security for authentication is required to give a superlative secure users' personal information. This paper presents a model of the Graphical password scheme under the impact of security and ease of use for user authentication. We integrate the concept of recognition with re-called and cued-recall based schemes to offer superior security compared to existing schemes. Click Symbols (CS) Alphabet combine into one entity: Alphanumeric (A) and Visual (V) symbols (CS-AV) is Captcha-based password scheme, we integrate it with recall-based n ×n grid points, where a user can draw the shape or pattern by the intersection of the grid points as a way to enter a graphical password. Next scheme, the combination of CS-AV with grid cells allows very large password space ( 2.4 ×104 bits of entropy) and provides reasonable usability results by determining an empirical study of memorable password space. Proposed schemes support most applicable platform for input devices and promising strong resistance to shoulder surfing attacks on a mobile device which can be occurred during unlocking (pattern) the smartphone.

2021-01-28
Siddiquie, K., Shafqat, N., Masood, A., Abbas, H., Shahid, W. b.  2020.  Profiling Vulnerabilities Threatening Dual Persona in Android Framework. 2019 International Conference on Advances in the Emerging Computing Technologies (AECT). :1—6.

Enterprises round the globe have been searching for a way to securely empower AndroidTM devices for work but have spurned away from the Android platform due to ongoing fragmentation and security concerns. Discrepant vulnerabilities have been reported in Android smartphones since Android Lollipop release. Smartphones can be easily hacked by installing a malicious application, visiting an infectious browser, receiving a crafted MMS, interplaying with plug-ins, certificate forging, checksum collisions, inter-process communication (IPC) abuse and much more. To highlight this issue a manual analysis of Android vulnerabilities is performed, by using data available in National Vulnerability Database NVD and Android Vulnerability website. This paper includes the vulnerabilities that risked the dual persona support in Android 5 and above, till Dec 2017. In our security threat analysis, we have identified a comprehensive list of Android vulnerabilities, vulnerable Android versions, manufacturers, and information regarding complete and partial patches released. So far, there is no published research work that systematically presents all the vulnerabilities and vulnerability assessment for dual persona feature of Android's smartphone. The data provided in this paper will open ways to future research and present a better Android security model for dual persona.

2020-08-10
Wu, Sha, Liu, Jiajia.  2019.  Overprivileged Permission Detection for Android Applications. ICC 2019 - 2019 IEEE International Conference on Communications (ICC). :1–6.
Android applications (Apps) have penetrated almost every aspect of our lives, bring users great convenience as well as security concerns. Even though Android system adopts permission mechanism to restrict Apps from accessing important resources of a smartphone, such as telephony, camera and GPS location, users face still significant risk of privacy leakage due to the overprivileged permissions. The overprivileged permission means the extra permission declared by the App but has nothing to do with its function. Unfortunately, there doesn't exist any tool for ordinary users to detect the overprivileged permission of an App, hence most users grant any permission declared by the App, intensifying the risk of private information leakage. Although some previous studies tried to solve the problem of permission overprivilege, their methods are not applicable nowadays because of the progress of App protection technology and the update of Android system. Towards this end, we develop a user-friendly tool based on frequent item set mining for the detection of overprivileged permissions of Android Apps, which is named Droidtector. Droidtector can operate in online or offline mode and users can choose any mode according to their situation. Finally, we run Droidtector on 1000 Apps crawled from Google Play and find that 479 of them are overprivileged, accounting for about 48% of all the sample Apps.
2020-08-03
Dai, Haipeng, Liu, Alex X., Li, Zeshui, Wang, Wei, Zhang, Fengmin, Dong, Chao.  2019.  Recognizing Driver Talking Direction in Running Vehicles with a Smartphone. 2019 IEEE 16th International Conference on Mobile Ad Hoc and Sensor Systems (MASS). :10–18.
This paper addresses the fundamental problem of identifying driver talking directions using a single smartphone, which can help drivers by warning distraction of having conversations with passengers in a vehicle and enable safety enhancement. The basic idea of our system is to perform talking status and direction identification using two microphones on a smartphone. We first use the sound recorded by the two microphones to identify whether the driver is talking or not. If yes, we then extract the so-called channel fingerprint from the speech signal and classify it into one of three typical driver talking directions, namely, front, right and back, using a trained model obtained in advance. The key novelty of our scheme is the proposition of channel fingerprint which leverages the heavy multipath effects in the harsh in-vehicle environment and cancels the variability of human voice, both of which combine to invalidate traditional TDoA, DoA and fingerprint based sound source localization approaches. We conducted extensive experiments using two kinds of phones and two vehicles for four phone placements in three representative scenarios, and collected 23 hours voice data from 20 participants. The results show that our system can achieve 95.0% classification accuracy on average.
2020-06-03
Cedillo, Priscila, Camacho, Jessica, Campos, Karina, Bermeo, Alexandra.  2019.  A Forensics Activity Logger to Extract User Activity from Mobile Devices. 2019 Sixth International Conference on eDemocracy eGovernment (ICEDEG). :286—290.

Nowadays, mobile devices have become one of the most popular instruments used by a person on its regular life, mainly due to the importance of their applications. In that context, mobile devices store user's personal information and even more data, becoming a personal tracker for daily activities that provides important information about the user. Derived from this gathering of information, many tools are available to use on mobile devices, with the restrain that each tool only provides isolated information about a specific application or activity. Therefore, the present work proposes a tool that allows investigators to obtain a complete report and timeline of the activities that were performed on the device. This report incorporates the information provided by many sources into a unique set of data. Also, by means of an example, it is presented the operation of the solution, which shows the feasibility in the use of this tool and shows the way in which investigators have to apply the tool.

2020-06-01
Pomak, Wiphop, Limpiyakom, Yachai.  2018.  Enterprise WiFi Hotspot Authentication with Hybrid Encryption on NFC- Enabled Smartphones. 2018 8th International Conference on Electronics Information and Emergency Communication (ICEIEC). :247–250.
Nowadays, some workplaces have adopted the policy of BYOD (bring your own device) that permits employees to bring personally owned devices, and to use those devices to access company information and applications. Especially, small devices like smartphones are widely used due to the greater mobility and connectivity. A majority of organizations provide the wireless local area network which is necessary for small devices and business data transmission. The resources access through Wi-Fi network of the organization needs intense restriction. WPA2 Enterprise with 802.1X standard is typically introduced to handle user authentication on the network using the EAP framework. However, credentials management for all users is a hassle for administrators. Strong authentication provides higher security whereas the difficulty of deployment is still open issues. This research proposes the utility of Near Field Communication to securely transmit certificate data that rely on the hybrid cryptosystem. The approach supports enterprise Wi-Fi hotspot authentication based on WPA2-802.1X model with the EAP-TLS method. It also applies multi-factor authentication for enhancing the security of networks and users. The security analysis and experiment on establishing connection time were conducted to evaluate the presented approach.
Utomo, Subroto Budhi, Hendradjaya, Bayu.  2018.  Multifactor Authentication on Mobile Secure Attendance System. 2018 International Conference on ICT for Smart Society (ICISS). :1–5.
BYOD (Bring Your Own Device) trends allows employees to use the smartphone as a tool in everyday work and also as an attendance device. The security of employee attendance system is important to ensure that employees do not commit fraud in recording attendance and when monitoring activities at working hours. In this paper, we propose a combination of fingerprint, secure android ID, and GPS as authentication factors, also addition of anti emulator and anti fake location module turn Mobile Attendance System into Mobile Secure Attendance System. Testing based on scenarios that have been adapted to various possible frauds is done to prove whether the system can minimize the occurrence of fraud in attendance recording and monitoring of employee activities.
2020-03-23
Rustgi, Pulkit, Fung, Carol.  2019.  Demo: DroidNet - An Android Permission Control Recommendation System Based on Crowdsourcing. 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM). :737–738.
Mobile and web application security, particularly the areas of data privacy, has raised much concerns from the public in recent years. Most applications, or apps for short, are installed without disclosing full information to users and clearly stating what the application has access to, which often raises concern when users become aware of unnecessary information being collected. Unfortunately, most users have little to no technical expertise in regards to what permissions should be turned on and can only rely on their intuition and past experiences to make relatively uninformed decisions. To solve this problem, we developed DroidNet, which is a crowd-sourced Android recommendation tool and framework. DroidNet alleviates privacy concerns and presents users with high confidence permission control recommendations based on the decision from expert users who are using the same apps. This paper explains the general framework, principles, and model behind DroidNet while also providing an experimental setup design which shows the effectiveness and necessity for such a tool.
2019-11-26
Ku, Yeeun, Park, Leo Hyun, Shin, Sooyeon, Kwon, Taekyoung.  2018.  A Guided Approach to Behavioral Authentication. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :2237-2239.

User's behavioral biometrics are promising as authentication factors in particular if accuracy is sufficiently guaranteed. They can be used to augment security in combination with other authentication factors. A gesture-based pattern lock system is a good example of such multi-factor authentication, using touch dynamics in a smartphone. However, touch dynamics can be significantly affected by a shape of gestures with regard to the performance and accuracy, and our concern is that user-chosen patterns are likely far from producing such a good shape of gestures. In this poster, we raise this problem and show our experimental study conducted in this regard. We investigate if there is a reproducible correlation between shape and accuracy and if we can derive effective attribute values for user guidance, based on the gesture-based pattern lock system. In more general, we discuss a guided approach to behavioral authentication.

2019-04-01
Celosia, Guillaume, Cunche, Mathieu.  2018.  Detecting Smartphone State Changes Through a Bluetooth Based Timing Attack. Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks. :154–159.
Bluetooth is a popular wireless communication technology that is available on most mobile devices. Although Bluetooth includes security and privacy preserving mechanisms, we show that a Bluetooth harmless inherent request-response mechanism can taint users privacy. More specifically, we introduce a timing attack that can be triggered by a remote attacker in order to infer information about a Bluetooth device state. By observing the L2CAP layer ping mechanism timing variations, it is possible to detect device state changes, for instance when the device goes in or out of the locked state. Our experimental results show that change point detection analysis of the timing allows to detect device state changes with a high accuracy. Finally, we discuss applications and countermeasures.
2019-01-16
Shrestha, P., Shrestha, B., Saxena, N..  2018.  Home Alone: The Insider Threat of Unattended Wearables and A Defense using Audio Proximity. 2018 IEEE Conference on Communications and Network Security (CNS). :1–9.

In this paper, we highlight and study the threat arising from the unattended wearable devices pre-paired with a smartphone over a wireless communication medium. Most users may not lock their wearables due to their small form factor, and may strip themselves off of these devices often, leaving or forgetting them unattended while away from homes (or shared office spaces). An “insider” attacker (potentially a disgruntled friend, roommate, colleague, or even a spouse) can therefore get hold of the wearable, take it near the user's phone (i.e., within radio communication range) at another location (e.g., user's office), and surreptitiously use it across physical barriers for various nefarious purposes, including pulling and learning sensitive information from the phone (such as messages, photos or emails), and pushing sensitive commands to the phone (such as making phone calls, sending text messages and taking pictures). The attacker can then safely restore the wearable, wait for it to be left unattended again and may repeat the process for maximum impact, while the victim remains completely oblivious to the ongoing attack activity. This malicious behavior is in sharp contrast to the threat of stolen wearables where the victim would unpair the wearable as soon as the theft is detected. Considering the severity of this threat, we also respond by building a defense based on audio proximity, which limits the wearable to interface with the phone only when it can pick up on an active audio challenge produced by the phone.

2018-11-19
Ali, S., Khan, M. A., Ahmad, J., Malik, A. W., ur Rehman, A..  2018.  Detection and Prevention of Black Hole Attacks in IOT Amp;Amp; WSN. 2018 Third International Conference on Fog and Mobile Edge Computing (FMEC). :217–226.

Wireless Sensor Network is the combination of small devices called sensor nodes, gateways and software. These nodes use wireless medium for transmission and are capable to sense and transmit the data to other nodes. Generally, WSN composed of two types of nodes i.e. generic nodes and gateway nodes. Generic nodes having the ability to sense while gateway nodes are used to route that information. IoT now extended to IoET (internet of Everything) to cover all electronics exist around, like a body sensor networks, VANET's, smart grid stations, smartphone, PDA's, autonomous cars, refrigerators and smart toasters that can communicate and share information using existing network technologies. The sensor nodes in WSN have very limited transmission range as well as limited processing speed, storage capacities and low battery power. Despite a wide range of applications using WSN, its resource constrained nature given birth to a number severe security attacks e.g. Selective Forwarding attack, Jamming-attack, Sinkhole attack, Wormhole attack, Sybil attack, hello Flood attacks, Grey Hole, and the most dangerous BlackHole Attacks. Attackers can easily exploit these vulnerabilities to compromise the WSN network.

2018-08-23
Prakash, Y. W., Biradar, V., Vincent, S., Martin, M., Jadhav, A..  2017.  Smart bluetooth low energy security system. 2017 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET). :2141–2146.

The need for security in today's world has become a mandatory issue to look after. With the increase in a number of thefts, it has become a necessity to implement a smart security system. Due to the high cost of the existing smart security systems which use conventional Bluetooth and other wireless technologies and their relatively high energy consumption, implementing a security system with low energy consumption at a low cost has become the need of the hour. The objective of the paper is to build a cost effective and low energy consumption security system using the Bluetooth Low Energy (BLE) technology. This system will help the user to monitor and manage the security of the house even when the user is outside the house with the help of webpage. This paper presents the design and implementation of a security system using PSoC 4 BLE which can automatically lock and unlock the door when the user in the vicinity and leaving the vicinity of the door respectively by establishing a wireless connection between the physical lock and the smartphone. The system also captures an image of a person arriving at the house and transmits it wirelessly to a webpage. The system also notifies the user of any intrusion by sending a message and the image of the intruder to the webpage. The user can also access the door remotely on the go from the website.

2018-06-07
Balaji, V., Kuppusamy, K. S..  2017.  Towards accessible mobile pattern authentication for persons with visual impairments. 2017 International Conference on Computational Intelligence in Data Science(ICCIDS). :1–5.

Security in smartphones has become one of the major concerns, with prolific growth in its usage scenario. Many applications are available for Android users to protect their applications and data. But all these security applications are not easily accessible for persons with disabilities. For persons with color blindness, authentication mechanisms pose user interface related issues. Color blind users find the inaccessible and complex design in the interface difficult to access and interpret mobile locks. This paper focuses on a novel method for providing color and touch sensitivity based dot pattern lock. This Model automatically replaces the existing display style of a pattern lock with a new user preferred color combination. In addition Pressure Gradient Input (PGI) has been incorporated to enhance authentication strength. The feedback collected from users shows that this accessible security application is easy to use without any major access barrier.

2018-04-02
Langone, M., Setola, R., Lopez, J..  2017.  Cybersecurity of Wearable Devices: An Experimental Analysis and a Vulnerability Assessment Method. 2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC). 2:304–309.

The widespread diffusion of the Internet of Things (IoT) is introducing a huge number of Internet-connected devices in our daily life. Mainly, wearable devices are going to have a large impact on our lifestyle, especially in a healthcare scenario. In this framework, it is fundamental to secure exchanged information between these devices. Among other factors, it is important to take into account the link between a wearable device and a smart unit (e.g., smartphone). This connection is generally obtained via specific wireless protocols such as Bluetooth Low Energy (BLE): the main topic of this work is to analyse the security of this communication link. In this paper we expose, via an experimental campaign, a methodology to perform a vulnerability assessment (VA) on wearable devices communicating with a smartphone. In this way, we identify several security issues in a set of commercial wearable devices.

Yusof, M., Saudi, M. M., Ridzuan, F..  2017.  A New Mobile Botnet Classification Based on Permission and API Calls. 2017 Seventh International Conference on Emerging Security Technologies (EST). :122–127.

Currently, mobile botnet attacks have shifted from computers to smartphones due to its functionality, ease to exploit, and based on financial intention. Mostly, it attacks Android due to its popularity and high usage among end users. Every day, more and more malicious mobile applications (apps) with the botnet capability have been developed to exploit end users' smartphones. Therefore, this paper presents a new mobile botnet classification based on permission and Application Programming Interface (API) calls in the smartphone. This classification is developed using static analysis in a controlled lab environment and the Drebin dataset is used as the training dataset. 800 apps from the Google Play Store have been chosen randomly to test the proposed classification. As a result, 16 permissions and 31 API calls that are most related with mobile botnet have been extracted using feature selection and later classified and tested using machine learning algorithms. The experimental result shows that the Random Forest Algorithm has achieved the highest detection accuracy of 99.4% with the lowest false positive rate of 16.1% as compared to other machine learning algorithms. This new classification can be used as the input for mobile botnet detection for future work, especially for financial matters.

2018-03-19
Mart\'ın-Ramos, Pablo, Susano, Maria, da Silva, Pedro S. Pereira, Silva, Manuela Ramos.  2017.  BYOD for Physics Lab: Studying Newton's Law of Cooling with a Smartphone. Proceedings of the 5th International Conference on Technological Ecosystems for Enhancing Multiculturality. :63:1–63:5.

In this paper we discuss a simple and inexpensive method to introduce students to Newton's law of cooling using only their smartphones, according to the Bring-Your-Own-Device philosophy. A popular experiment in basic thermodynamics, both at a high-school and at University level, is the determination of the specific heat of solids and liquids using a water calorimeter, resourcing in many cases to a mercury thermometer. With our approach the analogical instrument is quickly turned into a digital device by analyzing the movement of the mercury with a video tracker. Thus, using very simple labware and the students' smartphones or tablets, it is possible to observe the decay behavior of the temperature of a liquid left to cool at room temperature. The dependence of the time constant with the mass and surface of the liquid can be easily probed, and the results of the different groups in the classroom can be brought together to observe the linear dependence1.

2018-02-28
Wilson, Rodney, Chi, Hongmei.  2017.  A Case Study for Mobile Device Forensics Tools. Proceedings of the SouthEast Conference. :154–157.
Smartphones have become a prominent part of our technology driven world. When it comes to uncovering, analyzing and submitting evidence in today's criminal investigations, mobile phones play a more critical role. Thus, there is a strong need for software tools that can help investigators in the digital forensics field effectively analyze smart phone data to solve crimes. This paper will accentuate how digital forensic tools assist investigators in getting data acquisition, particularly messages, from applications on iOS smartphones. In addition, we will lay out the framework how to build a tool for verifying data integrity for any digital forensics tool.
2018-01-23
Ulz, T., Pieber, T., Steger, C., Lesjak, C., Bock, H., Matischek, R..  2017.  SECURECONFIG: NFC and QR-code based hybrid approach for smart sensor configuration. 2017 IEEE International Conference on RFID (RFID). :41–46.

In smart factories and smart homes, devices such as smart sensors are connected to the Internet. Independent of the context in which such a smart sensor is deployed, the possibility to change its configuration parameters in a secure way is essential. Existing solutions do provide only minimal security or do not allow to transfer arbitrary configuration data. In this paper, we present an NFC- and QR-code based configuration interface for smart sensors which improves the security and practicability of the configuration altering process while introducing as little overhead as possible. We present a protocol for configuration as well as a hardware extension including a dedicated security controller (SC) for smart sensors. For customers, no additional hardware other than a commercially available smartphone will be necessary which makes the proposed approach highly applicable for smart factory and smart home contexts alike.

Dudheria, R..  2017.  Evaluating Features and Effectiveness of Secure QR Code Scanners. 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC). :40–49.

As QR codes become ubiquitous, there is a prominent security threat of phishing and malware attacks that can be carried out by sharing rogue URLs through such codes. Several QR code scanner apps have become available in the past few years to combat such threats. Nevertheless, limited work exists in the literature evaluating such apps in the context of security. In this paper, we have investigated the status of existing secure QR code scanner apps for Android from a security point of view. We found that several of the so-called secure QR code scanner apps merely present the URL encoded in a QR code to the user rather than validating it against suitable threat databases. Further, many apps do not support basic security features such as displaying the URL to the user and asking for user confirmation before proceeding to open the URL in a browser. The most alarming issue that emerged during this study is that only two of the studied apps perform validation of the redirected URL associated with a QR code. We also tested the relevant apps with a set of benign, phishing and malware URLs collected from multiple sources. Overall, the results of our experiments imply that the protection offered by the examined secure QR code scanner apps against rogue URLs (especially malware URLs) is limited. Based on the findings of our investigation, we have distilled a set of key lessons and proposed design recommendations to enhance the security aspects of such apps.

2018-01-16
Guri, M., Mirsky, Y., Elovici, Y..  2017.  9-1-1 DDoS: Attacks, Analysis and Mitigation. 2017 IEEE European Symposium on Security and Privacy (EuroS P). :218–232.

The 911 emergency service belongs to one of the 16 critical infrastructure sectors in the United States. Distributed denial of service (DDoS) attacks launched from a mobile phone botnet pose a significant threat to the availability of this vital service. In this paper we show how attackers can exploit the cellular network protocols in order to launch an anonymized DDoS attack on 911. The current FCC regulations require that all emergency calls be immediately routed regardless of the caller's identifiers (e.g., IMSI and IMEI). A rootkit placed within the baseband firmware of a mobile phone can mask and randomize all cellular identifiers, causing the device to have no genuine identification within the cellular network. Such anonymized phones can issue repeated emergency calls that cannot be blocked by the network or the emergency call centers, technically or legally. We explore the 911 infrastructure and discuss why it is susceptible to this kind of attack. We then implement different forms of the attack and test our implementation on a small cellular network. Finally, we simulate and analyze anonymous attacks on a model of current 911 infrastructure in order to measure the severity of their impact. We found that with less than 6K bots (or \$100K hardware), attackers can block emergency services in an entire state (e.g., North Carolina) for days. We believe that this paper will assist the respective organizations, lawmakers, and security professionals in understanding the scope of this issue in order to prevent possible 911-DDoS attacks in the future.

2017-12-20
Lee, W. H., Lee, R. B..  2017.  Implicit Smartphone User Authentication with Sensors and Contextual Machine Learning. 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :297–308.

Authentication of smartphone users is important because a lot of sensitive data is stored in the smartphone and the smartphone is also used to access various cloud data and services. However, smartphones are easily stolen or co-opted by an attacker. Beyond the initial login, it is highly desirable to re-authenticate end-users who are continuing to access security-critical services and data. Hence, this paper proposes a novel authentication system for implicit, continuous authentication of the smartphone user based on behavioral characteristics, by leveraging the sensors already ubiquitously built into smartphones. We propose novel context-based authentication models to differentiate the legitimate smartphone owner versus other users. We systematically show how to achieve high authentication accuracy with different design alternatives in sensor and feature selection, machine learning techniques, context detection and multiple devices. Our system can achieve excellent authentication performance with 98.1% accuracy with negligible system overhead and less than 2.4% battery consumption.

2017-09-19
Song, Chen, Lin, Feng, Ba, Zhongjie, Ren, Kui, Zhou, Chi, Xu, Wenyao.  2016.  My Smartphone Knows What You Print: Exploring Smartphone-based Side-channel Attacks Against 3D Printers. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :895–907.

Additive manufacturing, also known as 3D printing, has been increasingly applied to fabricate highly intellectual property (IP) sensitive products. However, the related IP protection issues in 3D printers are still largely underexplored. On the other hand, smartphones are equipped with rich onboard sensors and have been applied to pervasive mobile surveillance in many applications. These facts raise one critical question: is it possible that smartphones access the side-channel signals of 3D printer and then hack the IP information? To answer this, we perform an end-to-end study on exploring smartphone-based side-channel attacks against 3D printers. Specifically, we formulate the problem of the IP side-channel attack in 3D printing. Then, we investigate the possible acoustic and magnetic side-channel attacks using the smartphone built-in sensors. Moreover, we explore a magnetic-enhanced side-channel attack model to accurately deduce the vital directional operations of 3D printer. Experimental results show that by exploiting the side-channel signals collected by smartphones, we can successfully reconstruct the physical prints and their G-code with Mean Tendency Error of 5.87% on regular designs and 9.67% on complex designs, respectively. Our study demonstrates this new and practical smartphone-based side channel attack on compromising IP information during 3D printing.

2017-08-02
Harbach, Marian, De Luca, Alexander, Egelman, Serge.  2016.  The Anatomy of Smartphone Unlocking: A Field Study of Android Lock Screens. Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems. :4806–4817.

To prevent unauthorized parties from accessing data stored on their smartphones, users have the option of enabling a "lock screen" that requires a secret code (e.g., PIN, drawing a pattern, or biometric) to gain access to their devices. We present a detailed analysis of the smartphone locking mechanisms currently available to billions of smartphone users worldwide. Through a month-long field study, we logged events from a panel of users with instrumented smartphones (N=134). We are able to show how existing lock screen mechanisms provide users with distinct tradeoffs between usability (unlocking speed vs. unlocking frequency) and security. We find that PIN users take longer to enter their codes, but commit fewer errors than pattern users, who unlock more frequently and are very prone to errors. Overall, PIN and pattern users spent the same amount of time unlocking their devices on average. Additionally, unlock performance seemed unaffected for users enabling the stealth mode for patterns. Based on our results, we identify areas where device locking mechanisms can be improved to result in fewer human errors – increasing usability – while also maintaining security.

2017-05-19
Morley, David C., Lawrence, Grayson, Smith, Scott.  2016.  Virtual Reality User Experience As a Deterrent for Smartphone Use While Driving. Proceedings of the 9th ACM International Conference on PErvasive Technologies Related to Assistive Environments. :67:1–67:3.

This study examines the effectiveness of virtual reality technology at creating an immersive user experience in which participants experience first hand the extreme negative consequences of smartphone use while driving. Research suggests that distracted driving caused by smartphones is related to smartphone addiction and causes fatalities. Twenty-two individuals participated in the virtual reality user experience (VRUE) in which they were asked to drive a virtual car using a Oculus Rift headset, LeapMotion hand tracking device, and a force feedback steering wheel and pedals. While driving in the simulation participants were asked to interact with a smartphone and after a period of time trying to manage both tasks a vehicle appears before them and they are involved in a head-on collision. Initial results indicated a strong sense of presence was felt by participants and a change or re-enforcement of the participant's perception of the dangers of smartphone use while driving was observed.