GazeRevealer: Inferring Password Using Smartphone Front Camera Yao Wang Wandong Cai Tao Gu Northwestern Polytechnical Northwestern Polytechnical RMIT University University University [email protected] [email protected] [email protected] Wei Shao Ibrahim Khalil Xianghua Xu RMIT University RMIT Uniersity Hangzhou Dianzi University [email protected] [email protected] [email protected] ABSTRACT York, NY, USA. ACM, New York, NY, USA, 10 pages. https://doi.org/10.1145/ The widespread use of smartphones has brought great convenience 3286978.3287026 to our daily lives, while at the same time we have been increas- ingly exposed to security threats. Keystroke security is an essential 1 INTRODUCTION element in user privacy protection. In this paper, we present GazeRe- Mobile payment has become a prevalent mode for online trans- vealer, a novel side-channel based keystroke inference framework action and personal financial management. Various security risks to infer sensitive inputs on smartphone from video recordings of arise in our daily life from the rapid development of mobile and victim’s eye patterns captured from smartphone front camera. We ubiquitous computing applications. Among them, keyboard privacy observe that eye movements typically follow the keystrokes typ- presents the fundamental risk in mobile payment. The mobile pay- ing on the number-only soft keyboard during password input. By ment system typically requires users to complete privacy-sensitive exploiting eye patterns, we are able to infer the passwords being en- input with keyboard on their mobile devices such as bank card num- tered. We propose a novel algorithm to extract sensitive eye pattern ber, security code, and password. As a result, attackers can typically images from video streams, and classify different eye patterns with launch keystroke eavesdropping to reveal personal information Support Vector Classification. We also propose a novel enhanced from mobile users. method to boost the inference accuracy. Compared with prior key- Leveraging side-channel attacks, keystrokes on traditional phys- stroke detection approaches, GazeRevealer does not require any ical keyboards can be inferred through Trojan applications (a.k.a. external auxiliary devices, and it relies only on smartphone front keyloggers). Typical approaches include electromagnetic emana- camera. We evaluate the performance of GazeRevealer with three tion based [3], acoustics signal based [26, 27], and video based [4]. different types of smartphones, and the result shows that GazeRe- However, in mobile scenarios, user interaction with smartphones vealer achieves 77:43% detection accuracy for a single key number has been changed. The popularity of virtual soft keyboard on smart- and 83:33% inference rate for the 6-digit password in the ideal case. phones eliminates the side-channel emanations (i.e., electromag- netic and acoustic signals) from physical keyboard. Therefore, at- CCS CONCEPTS tackers cannot leverage these signals to deduce keystrokes anymore. • Security and privacy → Privacy protections; • Computing Besides, app permission restriction policies in smartphone operat- methodologies → Machine learning approaches; ing systems restrain apps from intercepting keystrokes. As a conse- quence, Trojan apps cannot be directly launched to log keystrokes. KEYWORDS Traditional approaches thereby face increasing challenges with Password Inference, Gaze Estimation, Mobile Security smartphones. Recently, several smartphone keystroke inference attack approaches have been proposed. They essentially resemble ACM Reference Format: the traditional approach, such as adopting WiFi signals [12], and Yao Wang, Wandong Cai, Tao Gu, Wei Shao, Ibrahim Khalil, and Xianghua do require peripheral camera equipment [21]. All of the above ap- Xu. 2018. GazeRevealer: Inferring Password Using Smartphone Front Cam- proaches need an external data receiver which should be placed era. In EAI International Conference on Mobile and Ubiquitous Systems: Com- close enough to the victim. Therefore, attackers start to pay their puting, Networking and Services (MobiQuitous ’18), November 5–7, 2018, New attentions to smartphone embedded sensors. For example, several works [5, 15, 17] show that keystrokes can be inferred in a stealthy Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed manner with only a few benign permissions by using accelerome- for profit or commercial advantage and that copies bear this notice and the full citation ters, gyroscopes, and even audio sensors. on the first page. Copyrights for components of this work owned by others than ACM In our work, we present GazeRevealer, a new avenue for attackers must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a to infer password keystrokes with a number-only soft keyboard on fee. Request permissions from [email protected]. the touch screen of smartphone. GazeRevealer analyzes victim’s MobiQuitous ’18, November 5–7, 2018, New York, NY, USA eye patterns recorded from the front camera during password input. © 2018 Association for Computing Machinery. ACM ISBN 978-1-4503-6093-7/18/11...$15.00 Our motivation derives from the obversation that the password https://doi.org/10.1145/3286978.3287026 input behavior on smartphone always involves eyes and fingers 254 MobiQuitous ’18, November 5–7, 2018, New York, NY, USA Y. Wang et al. coordinated motion, i.e., the finger always taps the key number eye patterns. This technique only requires the smartphone that her/is eyes are staring at. Therefore, eye patterns can reflect front camera permission which is usually deemed as normal the different number keystrokes on the numeric soft keyboard. In and benign. comparison with prior sensor-based attacks, GazeRevealer neither • We propose a keystroke eye image extraction algorithm, requires the victim to distinctly vibrate the phone nor relies on which uses pupil center position as the datum point to crop keypad tones during the input process, leading to a more stealthy fine-grained eye contour images and leverages image simi- and imperceptible solution. larity principle to determine the keystroke eye images from The design of GazeRevealer presents three major challenges. the image stream. 1) Our inference method is mainly based on the analysis of eye • We present an enhanced recognition method to gaze estima- contour images. It hence requires a precise and effective method tion, improving the inference accuracy for each key number to clip eye image patches from each frame in the video. Since low- significantly. resolution smartphone front camera and poor lighting condition • We collect data from 12 participants in the experiment and may generate low-quality video, traditional methods can only ex- evaluate our approach on three commercial off-the-shelf An- tract coarse and imprecise eye contour images. Parts of the iris and droid smartphones. The result shows that an individual’s sclera may sometimes be excluded from the extracted patches in password can be effectively disclosed at an acceptable recov- such scenario. To obtain fine-grained eye contour images while ery rate. keeping the image preserving intact iris and sclera information, a precise method is highly desirable. Our investigation shows that the Maximum IsoCenter (MIC) based technique can precisely lo- 2 BACKGROUND AND RELATED WORK calize the pupil center even with low-quality images captured by 2.1 Threat Model smartphone front camera. Therefore, we can use the center position The basic assumption of threat lies in installing an untrusted ap- as the datum point and obtain the fine-grained eye contour image plication on smartphone. An increasing number of victims are by clipping a certain pixels in its horizontal and vertical direction, jeopardized by a wide variety of malicious apps [11] which can be respectively. 2) It is not a trivial task to extract keystroke eye im- installed in many ways, such as drive-by-download, silent installa- ages from the stream in order to recognize input passwords on the tion, and untrusted third-party market [6]. We therefore believe this number-only soft keyboard. Keystroke eye images capture a user’s assumption does make sense. The victim is also inquired whether eyes when typing a particular number. In reality, a user may not to grant front camera access permission to the malicious apps. immediately enter password after the front camera is launched. As Notwithstanding potential safety hazards associated with cameras a result, there appear some non-sensitive images at the beginning have been proposed in [17], this permission can still be acquired by of the video. Additionally, the duration of entering any key number disguising popular apps that have valid reasons for applying front is often short on an order of milliseconds. Therefore, keystroke eye camera access permission (e.g., selfie apps, mirror apps, and even images cannot be selected using standard methods such as fixed some game apps). We assume that malicious app is simply run in the time interval [9]. To address this challenge, we adopt similarity background as a standard app instead of being used to compromise which is measured by image histograms as the metric to distinguish any component of the device. We also assume that the malware can keystroke eye images. Since the
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages10 Page
-
File Size-