Visible to the public Biblio

Found 165 results

Filters: Keyword is human factor  [Clear All Filters]
2019-11-26
Tian, Ke, Jan, Steve T. K., Hu, Hang, Yao, Danfeng, Wang, Gang.  2018.  Needle in a Haystack: Tracking Down Elite Phishing Domains in the Wild. Proceedings of the Internet Measurement Conference 2018. :429-442.

Today's phishing websites are constantly evolving to deceive users and evade the detection. In this paper, we perform a measurement study on squatting phishing domains where the websites impersonate trusted entities not only at the page content level but also at the web domain level. To search for squatting phishing pages, we scanned five types of squatting domains over 224 million DNS records and identified 657K domains that are likely impersonating 702 popular brands. Then we build a novel machine learning classifier to detect phishing pages from both the web and mobile pages under the squatting domains. A key novelty is that our classifier is built on a careful measurement of evasive behaviors of phishing pages in practice. We introduce new features from visual analysis and optical character recognition (OCR) to overcome the heavy content obfuscation from attackers. In total, we discovered and verified 1,175 squatting phishing pages. We show that these phishing pages are used for various targeted scams, and are highly effective to evade detection. More than 90% of them successfully evaded popular blacklists for at least a month.

Cuzzocrea, Alfredo, Martinelli, Fabio, Mercaldo, Francesco.  2018.  Applying Machine Learning Techniques to Detect and Analyze Web Phishing Attacks. Proceedings of the 20th International Conference on Information Integration and Web-Based Applications & Services. :355-359.

Phishing is a technique aimed to imitate an official websites of any company such as banks, institutes, etc. The purpose of phishing is to theft private and sensitive credentials of users such as password, username or PIN. Phishing detection is a technique to deal with this kind of malicious activity. In this paper we propose a method able to discriminate between web pages aimed to perform phishing attacks and legitimate ones. We exploit state of the art machine learning algorithms in order to build models using indicators that are able to detect phishing activities.

Vrban\v ci\v c, Grega, Fister, Jr., Iztok, Podgorelec, Vili.  2018.  Swarm Intelligence Approaches for Parameter Setting of Deep Learning Neural Network: Case Study on Phishing Websites Classification. Proceedings of the 8th International Conference on Web Intelligence, Mining and Semantics. :9:1-9:8.

In last decades, the web and online services have revolutionized the modern world. However, by increasing our dependence on online services, as a result, online security threats are also increasing rapidly. One of the most common online security threats is a so-called Phishing attack, the purpose of which is to mimic a legitimate website such as online banking, e-commerce or social networking website in order to obtain sensitive data such as user-names, passwords, financial and health-related information from potential victims. The problem of detecting phishing websites has been addressed many times using various methodologies from conventional classifiers to more complex hybrid methods. Recent advancements in deep learning approaches suggested that the classification of phishing websites using deep learning neural networks should outperform the traditional machine learning algorithms. However, the results of utilizing deep neural networks heavily depend on the setting of different learning parameters. In this paper, we propose a swarm intelligence based approach to parameter setting of deep learning neural network. By applying the proposed approach to the classification of phishing websites, we were able to improve their detection when compared to existing algorithms.

Hassanpour, Reza, Dogdu, Erdogan, Choupani, Roya, Goker, Onur, Nazli, Nazli.  2018.  Phishing E-Mail Detection by Using Deep Learning Algorithms. Proceedings of the ACMSE 2018 Conference. :45:1-45:1.

Phishing e-mails are considered as spam e-mails, which aim to collect sensitive personal information about the users via network. Since the main purpose of this behavior is mostly to harm users financially, it is vital to detect these phishing or spam e-mails immediately to prevent unauthorized access to users' vital information. To detect phishing e-mails, using a quicker and robust classification method is important. Considering the billions of e-mails on the Internet, this classification process is supposed to be done in a limited time to analyze the results. In this work, we present some of the early results on the classification of spam email using deep learning and machine methods. We utilize word2vec to represent emails instead of using the popular keyword or other rule-based methods. Vector representations are then fed into a neural network to create a learning model. We have tested our method on an open dataset and found over 96% accuracy levels with the deep learning classification methods in comparison to the standard machine learning algorithms.

Shirazi, Hossein, Bezawada, Bruhadeshwar, Ray, Indrakshi.  2018.  "Kn0W Thy Doma1N Name": Unbiased Phishing Detection Using Domain Name Based Features. Proceedings of the 23Nd ACM on Symposium on Access Control Models and Technologies. :69-75.

Phishing websites remain a persistent security threat. Thus far, machine learning approaches appear to have the best potential as defenses. But, there are two main concerns with existing machine learning approaches for phishing detection. The first is the large number of training features used and the lack of validating arguments for these feature choices. The second concern is the type of datasets used in the literature that are inadvertently biased with respect to the features based on the website URL or content. To address these concerns, we put forward the intuition that the domain name of phishing websites is the tell-tale sign of phishing and holds the key to successful phishing detection. Accordingly, we design features that model the relationships, visual as well as statistical, of the domain name to the key elements of a phishing website, which are used to snare the end-users. The main value of our feature design is that, to bypass detection, an attacker will find it very difficult to tamper with the visual content of the phishing website without arousing the suspicion of the end user. Our feature set ensures that there is minimal or no bias with respect to a dataset. Our learning model trains with only seven features and achieves a true positive rate of 98% and a classification accuracy of 97%, on sample dataset. Compared to the state-of-the-art work, our per data instance classification is 4 times faster for legitimate websites and 10 times faster for phishing websites. Importantly, we demonstrate the shortcomings of using features based on URLs as they are likely to be biased towards specific datasets. We show the robustness of our learning algorithm by testing on unknown live phishing URLs and achieve a high detection accuracy of \$99.7%\$.

Scheitle, Quirin, Gasser, Oliver, Nolte, Theodor, Amann, Johanna, Brent, Lexi, Carle, Georg, Holz, Ralph, Schmidt, Thomas C., Wählisch, Matthias.  2018.  The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem. Proceedings of the Internet Measurement Conference 2018. :343-349.

In this paper, we analyze the evolution of Certificate Transparency (CT) over time and explore the implications of exposing certificate DNS names from the perspective of security and privacy. We find that certificates in CT logs have seen exponential growth. Website support for CT has also constantly increased, with now 33% of established connections supporting CT. With the increasing deployment of CT, there are also concerns of information leakage due to all certificates being visible in CT logs. To understand this threat, we introduce a CT honeypot and show that data from CT logs is being used to identify targets for scanning campaigns only minutes after certificate issuance. We present and evaluate a methodology to learn and validate new subdomains from the vast number of domains extracted from CT logged certificates.

Lyashenko, Vyacheslav, Kobylin, Oleg, Minenko, Mykyta.  2018.  Tools for Investigating the Phishing Attacks Dynamics. 2018 International Scientific-Practical Conference Problems of Infocommunications. Science and Technology (PIC S T). :43-46.

We are exploring new ways to analyze phishing attacks. To do this, we investigate the change in the dynamics of the power of phishing attacks. We also analyze the effectiveness of detection of phishing attacks. We are considering the possibility of using new tools for analyzing phishing attacks. As such tools, the methods of chaos theory and the ideology of wavelet coherence are used. The use of such analysis tools makes it possible to investigate the peculiarities of the phishing attacks occurrence, as well as methods for their identification effectiveness. This allows you to expand the scope of the analysis of phishing attacks. For analysis, we use real data about phishing attacks.

Baykara, Muhammet, Gürel, Zahit Ziya.  2018.  Detection of Phishing Attacks. 2018 6th International Symposium on Digital Forensic and Security (ISDFS). :1-5.

Phishing is a form of cybercrime where an attacker imitates a real person / institution by promoting them as an official person or entity through e-mail or other communication mediums. In this type of cyber attack, the attacker sends malicious links or attachments through phishing e-mails that can perform various functions, including capturing the login credentials or account information of the victim. These e-mails harm victims because of money loss and identity theft. In this study, a software called "Anti Phishing Simulator'' was developed, giving information about the detection problem of phishing and how to detect phishing emails. With this software, phishing and spam mails are detected by examining mail contents. Classification of spam words added to the database by Bayesian algorithm is provided.

Zabihimayvan, Mahdieh, Doran, Derek.  2019.  Fuzzy Rough Set Feature Selection to Enhance Phishing Attack Detection. 2019 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE). :1-6.

Phishing as one of the most well-known cybercrime activities is a deception of online users to steal their personal or confidential information by impersonating a legitimate website. Several machine learning-based strategies have been proposed to detect phishing websites. These techniques are dependent on the features extracted from the website samples. However, few studies have actually considered efficient feature selection for detecting phishing attacks. In this work, we investigate an agreement on the definitive features which should be used in phishing detection. We apply Fuzzy Rough Set (FRS) theory as a tool to select most effective features from three benchmarked data sets. The selected features are fed into three often used classifiers for phishing detection. To evaluate the FRS feature selection in developing a generalizable phishing detection, the classifiers are trained by a separate out-of-sample data set of 14,000 website samples. The maximum F-measure gained by FRS feature selection is 95% using Random Forest classification. Also, there are 9 universal features selected by FRS over all the three data sets. The F-measure value using this universal feature set is approximately 93% which is a comparable result in contrast to the FRS performance. Since the universal feature set contains no features from third-part services, this finding implies that with no inquiry from external sources, we can gain a faster phishing detection which is also robust toward zero-day attacks.

Patil, Srushti, Dhage, Sudhir.  2019.  A Methodical Overview on Phishing Detection along with an Organized Way to Construct an Anti-Phishing Framework. 2019 5th International Conference on Advanced Computing Communication Systems (ICACCS). :588-593.

Phishing is a security attack to acquire personal information like passwords, credit card details or other account details of a user by means of websites or emails. Phishing websites look similar to the legitimate ones which make it difficult for a layman to differentiate between them. As per the reports of Anti Phishing Working Group (APWG) published in December 2018, phishing against banking services and payment processor was high. Almost all the phishy URLs use HTTPS and use redirects to avoid getting detected. This paper presents a focused literature survey of methods available to detect phishing websites. A comparative study of the in-use anti-phishing tools was accomplished and their limitations were acknowledged. We analyzed the URL-based features used in the past to improve their definitions as per the current scenario which is our major contribution. Also, a step wise procedure of designing an anti-phishing model is discussed to construct an efficient framework which adds to our contribution. Observations made out of this study are stated along with recommendations on existing systems.

Samaila, Musa G., Sequeiros, João B. F., Freire, Mário M., Inácio, Pedro R. M..  2018.  Security Threats and Possible Countermeasures in IoT Applications Covering Different Industry Domains. Proceedings of the 13th International Conference on Availability, Reliability and Security. :16:1-16:9.

The world is witnessing the emerging role of Internet of Things (IoT) as a technology that is transforming different industries, global community and its economy. Currently a plethora of interconnected smart devices have been deployed for diverse pervasive applications and services, and billions more are expected to be connected to the Internet in the near future. The potential benefits of IoT include improved quality of life, convenience, enhanced energy efficiency, and more productivity. Alongside these potential benefits, however, come increased security risks and potential for abuse. Arguably, this is partly because many IoT start-ups and electronics hobbyists lack security expertise, and some established companies do not make security a priority in their designs, and hence they produce IoT devices that are often ill-equipped in terms of security. In this paper, we discuss different IoT application areas, and identify security threats in IoT architecture. We consider security requirements and present typical security threats for each of the application domains. Finally, we present several possible security countermeasures, and introduce the IoT Hardware Platform Security Advisor (IoT-HarPSecA) framework, which is still under development. IoT-HarPSecA is aimed at facilitating the design and prototyping of secure IoT devices.

Chollet, Stéphanie, Pion, Laurent, Barbot, Nicolas, Michel, Clément.  2018.  Secure IoT for a Pervasive Platform. 2018 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops). :113-118.

Nowadays, the proliferation of smart, communication-enable devices is opening up many new opportunities of pervasive applications. A major requirement of pervasive applications is to be secured. The complexity to secure pervasive systems is to address a end-to-end security level: from the device to the services according to the entire life cycle of devices, applications and platform. In this article, we propose a solution combining both hardware and software elements to secure communications between devices and pervasive platform based on certificates issued from a Public Key Infrastructure. Our solution is implemented and validated with a real device extended by a secure element and our own Public Key Infrastructure.

Pradhan, Srikanta, Tripathy, Somanath, Nandi, Sukumar.  2018.  Blockchain Based Security Framework for P2P Filesharing System. 2018 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS). :1-6.

Peer to Peer (P2P) is a dynamic and self-organized technology, popularly used in File sharing applications to achieve better performance and avoids single point of failure. The popularity of this network has attracted many attackers framing different attacks including Sybil attack, Routing Table Insertion attack (RTI) and Free Riding. Many mitigation methods are also proposed to defend or reduce the impact of such attacks. However, most of those approaches are protocol specific. In this work, we propose a Blockchain based security framework for P2P network to address such security issues. which can be tailored to any P2P file-sharing system.

Tapsell, James, Naeem Akram, Raja, Markantonakis, Konstantinos.  2018.  An Evaluation of the Security of the Bitcoin Peer-To-Peer Network. 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). :1057-1062.

Underpinning the operation of Bitcoin is a peer-to-peer (P2P) network [1] that facilitates the execution of transactions by end users, as well as the transaction confirmation process known as bitcoin mining. The security of this P2P network is vital for the currency to function and subversion of the underlying network can lead to attacks on bitcoin users including theft of bitcoins, manipulation of the mining process and denial of service (DoS). As part of this paper the network protocol and bitcoin core software are analysed, with three bitcoin message exchanges (the connection handshake, GETHEADERS/HEADERS and MEMPOOL/INV) found to be potentially vulnerable to spoofing and use in distributed denial of service (DDoS) attacks. Possible solutions to the identified weaknesses and vulnerabilities are evaluated, such as the introduction of random nonces into network messages exchanges.

Wang, Pengfei, Wang, Fengyu, Lin, Fengbo, Cao, Zhenzhong.  2018.  Identifying Peer-to-Peer Botnets Through Periodicity Behavior Analysis. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :283-288.

Peer-to-Peer botnets have become one of the significant threat against network security due to their distributed properties. The decentralized nature makes their detection challenging. It is important to take measures to detect bots as soon as possible to minimize their harm. In this paper, we propose PeerGrep, a novel system capable of identifying P2P bots. PeerGrep starts from identifying hosts that are likely engaged in P2P communications, and then distinguishes P2P bots from P2P hosts by analyzing their active ratio, packet size and the periodicity of connection to destination IP addresses. The evaluation shows that PeerGrep can identify all P2P bots with quite low FPR even if the malicious P2P application and benign P2P application coexist within the same host or there is only one bot in the monitored network.

Acharjamayum, Irani, Patgiri, Ripon, Devi, Dhruwajita.  2018.  Blockchain: A Tale of Peer to Peer Security. 2018 IEEE Symposium Series on Computational Intelligence (SSCI). :609-617.

The underlying or core technology of Bitcoin cryptocurrency has become a blessing for human being in this era. Everything is gradually changing to digitization in this today's epoch. Bitcoin creates virtual money using Blockchain that's become popular over the world. Blockchain is a shared public ledger, and it includes all transactions which are confirmed. It is almost impossible to crack the hidden information in the blocks of the Blockchain. However, there are certain security and technical challenges like scalability, privacy leakage, selfish mining, etc. which hampers the wide application of Blockchain. In this paper, we briefly discuss this emerging technology namely Blockchain. In addition, we extrapolate in-depth insight on Blockchain technology.

Rguibi, Mohamed Amine, Moussa, Najem.  2018.  Simulating Worm Propagation in Interconnected Peer-to-Peer Networks. 2018 International Conference on Advanced Communication Technologies and Networking (CommNet). :1-7.

Peer-to-peer computing (P2P) refers to the famous technology that provides peers an equal spontaneous collaboration in the network by using appropriate information and communication systems without the need for a central server coordination. Today, the interconnection of several P2P networks has become a genuine solution for increasing system reliability, fault tolerance and resource availability. However, the existence of security threats in such networks, allows us to investigate the safety of users from P2P threats by studying the effects of competition between these interconnected networks. In this paper, we present an e-epidemic model to characterize the worm propagation in an interconnected peer-to-peer network. Here, we address this issue by introducing a model of network competition where an unprotected network is willing to partially weaken its own safety in order to more severely damage a more protected network. The unprotected network can infect all peers in the competitive networks after their non react against the passive worm propagation. Our model also evaluated the effect of an immunization strategies adopted by the protected network to resist against attacking networks. The launch time of immunization strategies in the protected network, the number of peers synapse connected to the both networks, and other effective parameters have also been investigated in this paper.

Tenorio-Fornés, Antonio, Hassan, Samer, Pavón, Juan.  2018.  Open Peer-to-Peer Systems over Blockchain and IPFS: An Agent Oriented Framework. Proceedings of the 1st Workshop on Cryptocurrencies and Blockchains for Distributed Systems. :19-24.

In recent years, the increasing concerns around the centralized cloud web services (e.g. privacy, governance, surveillance, security) have triggered the emergence of new distributed technologies, such as IPFS or the Blockchain. These innovations have tackled technical challenges that were unresolved until their appearance. Existing models of peer-to-peer systems need a revision to cover the spectrum of potential systems that can be now implemented as peer-to-peer systems. This work presents a framework to build these systems. It uses an agent-oriented approach in an open environment where agents have only partial information of the system data. The proposal covers data access, data discovery and data trust in peer-to-peer systems where different actors may interact. Moreover, the framework proposes a distributed architecture for these open systems, and provides guidelines to decide in which cases Blockchain technology may be required, or when other technologies may be sufficient.

Kim, Seoung Kyun, Ma, Zane, Murali, Siddharth, Mason, Joshua, Miller, Andrew, Bailey, Michael.  2018.  Measuring Ethereum Network Peers. Proceedings of the Internet Measurement Conference 2018. :91-104.

Ethereum, the second-largest cryptocurrency valued at a peak of \$138 billion in 2018, is a decentralized, Turing-complete computing platform. Although the stability and security of Ethereum—and blockchain systems in general—have been widely-studied, most analysis has focused on application level features of these systems such as cryptographic mining challenges, smart contract semantics, or block mining operators. Little attention has been paid to the underlying peer-to-peer (P2P) networks that are responsible for information propagation and that enable blockchain consensus. In this work, we develop NodeFinder to measure this previously opaque network at scale and illuminate the properties of its nodes. We analyze the Ethereum network from two vantage points: a three-month long view of nodes on the P2P network, and a single day snapshot of the Ethereum Mainnet peers. We uncover a noisy DEVp2p ecosystem in which fewer than half of all nodes contribute to the Ethereum Mainnet. Through a comparison with other previously studied P2P networks including BitTorrent, Gnutella, and Bitcoin, we find that Ethereum differs in both network size and geographical distribution.

Schmidt, Mark, Pfeiffer, Tom, Grill, Christin, Huber, Robert, Jirauschek, Christian.  2019.  Coexistence of Intensity Pattern Types in Broadband Fourier Domain Mode Locked (FDML) Lasers. 2019 Conference on Lasers and Electro-Optics Europe European Quantum Electronics Conference (CLEO/Europe-EQEC). :1-1.

Fourier domain mode locked (FDML) lasers, in which the sweep period of the swept bandpass filter is synchronized with the roundtrip time of the optical field, are broadband and rapidly tunable fiber ring laser systems, which offer rich dynamics. A detailed understanding is important from a fundamental point of view, and also required in order to improve current FDML lasers which have not reached their coherence limit yet. Here, we study the formation of localized patterns in the intensity trace of FDML laser systems based on a master equation approach [1] derived from the nonlinear Schrödinger equation for polarization maintaining setups, which shows excellent agreement with experimental data. A variety of localized patterns and chaotic or bistable operation modes were previously discovered in [2–4] by investigating primarily quasi-static regimes within a narrow sweep bandwidth where a delay differential equation model was used. In particular, the formation of so-called holes which are characterized by a dip in the intensity trace and a rapid phase jump are described. Such holes have tentatively been associated with Nozaki-Bekki holes which are solutions to the complex Ginzburg-Landau equation. In Fig. 1 (b) to (d) small sections of a numerical solution of our master equation are presented for a partially dispersion compensated polarization maintaining FDML laser setup. Within our approach, we are able to study the full sweep dynamics over a broad sweep range of more than 100 nm. This allows us to identify different co-existing intensity patterns within a single sweep. In general, high frequency distortions in the intensity trace of FDML lasers [5] are mainly caused by synchronization mismatches caused by the fiber dispersion or a detuning of the roundtrip time of the optical field to the sweep period of the swept bandpass filter. This timing errors lead to rich and complex dynamics over many roundtrips and are a major source of noise, greatly affecting imaging and sensing applications. For example, the imaging quality in optical coherence tomography where FDML lasers are superior sources is significantly reduced [5].

Khan, JavedAkhtar.  2019.  2019 3rd International Conference on Computing Methodologies and Communication (ICCMC). 2019 3rd International Conference on Computing Methodologies and Communication (ICCMC). :619-623.

This paper proposes the implementation of progressive authentication service in smart android mobile phone. In this digital era, massive amount of work can be done in the digital form using the smart devices like smart phone , laptop, Tablets, etc. The number of smartphone users approx. reach to 299.24 million, as per the recent survey report [1] in 2019 this count will reach 2.7 billion and after 3 years, this count will increase up to 442.5 million. This article includes a cluster based progressive smart lock with a dependent combination that is short and more secure in nature. Android provides smart lock facilities with the combination of 9 dot, 6dot, 5dot, 4dot and 1-9 number. By using this mobile phone user will be able to generate pattern lock or number password for authentication. This is a single authentication system, this research paper includes a more secured multiple cluster based pattern match system.

Stein, Michael, Frömmgen, Alexander, Kluge, Roland, Wang, Lin, Wilberg, Augustin, Koldehofe, Boris, Mühlhäuser, Max.  2018.  Scaling Topology Pattern Matching: A Distributed Approach. Proceedings of the 33rd Annual ACM Symposium on Applied Computing. :996-1005.

Graph pattern matching in network topologies is a building block of many distributed algorithms. Based on a limited local view of the topology, pattern-based algorithms substantiate the decision-making of each device on the occurrence of graph patterns in its surrounding topology. Existing pattern-based algorithms require that each device has a sufficiently large local view to match patterns without support of other devices. In practical environments, the local view is often restricted to one hop. Thus, algorithms matching non-trivial patterns are locked out from such environments today. This paper presents the first algorithm for distributed topology pattern matching, enabling pattern matching beyond the local view. Outgoing from initiating devices, our pattern matcher delegates the matching procedure to further devices in the network. Exploring major contextual parameters of our algorithm, we show that the optimal local view size depends on scenario-specific conditions. Our pattern matcher provides the flexibility for adaptations of the local view size at runtime. Making use of this flexibility, we optimize the execution of an established pattern-based algorithm and evaluate our pattern matcher in two topology control case studies for the Internet of Things. By scaling the view size of each device in a distributed way, our adaptive approach achieves significant communication cost savings in face of dynamic conditions.

Chen, Qiu-Liang, Bai, Jia-Ju, Jiang, Zu-Ming, Lawall, Julia, Hu, Shi-Min.  2019.  Detecting Data Races Caused by Inconsistent Lock Protection in Device Drivers. 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER). :366-376.

Data races are often hard to detect in device drivers, due to the non-determinism of concurrent execution. According to our study of Linux driver patches that fix data races, more than 38% of patches involve a pattern that we call inconsistent lock protection. Specifically, if a variable is accessed within two concurrently executed functions, the sets of locks held around each access are disjoint, at least one of the locksets is non-empty, and at least one of the involved accesses is a write, then a data race may occur.In this paper, we present a runtime analysis approach, named DILP, to detect data races caused by inconsistent lock protection in device drivers. By monitoring driver execution, DILP collects the information about runtime variable accesses and executed functions. Then after driver execution, DILP analyzes the collected information to detect and report data races caused by inconsistent lock protection. We evaluate DILP on 12 device drivers in Linux 4.16.9, and find 25 real data races.

Ku, Yeeun, Park, Leo Hyun, Shin, Sooyeon, Kwon, Taekyoung.  2018.  A Guided Approach to Behavioral Authentication. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :2237-2239.

User's behavioral biometrics are promising as authentication factors in particular if accuracy is sufficiently guaranteed. They can be used to augment security in combination with other authentication factors. A gesture-based pattern lock system is a good example of such multi-factor authentication, using touch dynamics in a smartphone. However, touch dynamics can be significantly affected by a shape of gestures with regard to the performance and accuracy, and our concern is that user-chosen patterns are likely far from producing such a good shape of gestures. In this poster, we raise this problem and show our experimental study conducted in this regard. We investigate if there is a reproducible correlation between shape and accuracy and if we can derive effective attribute values for user guidance, based on the gesture-based pattern lock system. In more general, we discuss a guided approach to behavioral authentication.

Zhou, Man, Wang, Qian, Yang, Jingxiao, Li, Qi, Xiao, Feng, Wang, Zhibo, Chen, Xiaofeng.  2018.  PatternListener: Cracking Android Pattern Lock Using Acoustic Signals. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :1775-1787.

Pattern lock has been widely used for authentication to protect user privacy on mobile devices (e.g., smartphones and tablets). Several attacks have been constructed to crack the lock. However, these approaches require the attackers to be either physically close to the target device or able to manipulate the network facilities (e.g., wifi hotspots) used by the victims. Therefore, the effectiveness of the attacks is highly sensitive to the setting of the environment where the users use the mobile devices. Also, these attacks are not scalable since they cannot easily infer patterns of a large number of users. Motivated by an observation that fingertip motions on the screen of a mobile device can be captured by analyzing surrounding acoustic signals on it, we propose PatternListener, a novel acoustic attack that cracks pattern lock by leveraging and analyzing imperceptible acoustic signals reflected by the fingertip. It leverages speakers and microphones of the victim's device to play imperceptible audio and record the acoustic signals reflected from the fingertip. In particular, it infers each unlock pattern by analyzing individual lines that are the trajectories of the fingertip and composed of the pattern. We propose several algorithms to construct signal segments for each line and infer possible candidates of each individual line according to the signal segments. Finally, we produce a tree to map all line candidates into grid patterns and thereby obtain the candidates of the entire unlock pattern. We implement a PatternListener prototype by using off-the-shelf smartphones and thoroughly evaluate it using 130 unique patterns. The real experimental results demonstrate that PatternListener can successfully exploit over 90% patterns in five attempts.