Secure fingertip mouse for mobile devices

Various attacks may disclose sensitive information such as passwords of mobile devices. Residue-based attacks exploit oily or heat residues on the touch screen, computer vision based attacks analyze the hand movement on a keyboard, and sensor based attacks measure a device's motion difference via motion sensors as different keys are tapped. A randomized soft keyboard may defeat these attacks. However, a randomized key layout is counter-intuitive and users may be reluctant to adopt it. In this paper, we introduce a novel and intuitive input system, secure finger mouse, which uses a mobile device's camera sensing the fingertip movement, moves an on-screen cursor and performs clicks by sensing click gestures. We design a randomized mouse acceleration algorithm so that the adversary cannot infer keys clicked on the soft keyboard by observing the finger movement. The secure finger mouse can defeat attacks including residue, computer vision and motion based attacks too. We perform both theoretical analysis and real-world experiments to demonstrate the security and usability of the secure fingertip mouse.

[1]  Zhen Ling,et al.  My Google Glass Sees Your Passwords! , 2014 .

[2]  Martin Welk,et al.  Tempest in a Teapot: Compromising Reflections Revisited , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[3]  Robert H. Deng,et al.  Designing leakage-resilient password entry on touchscreen mobile devices , 2013, ASIA CCS '13.

[4]  Heinrich Hußmann,et al.  Touch me once and i know it's you!: implicit authentication based on touch screen patterns , 2012, CHI.

[5]  Paul A. Viola,et al.  Rapid object detection using a boosted cascade of simple features , 2001, Proceedings of the 2001 IEEE Computer Society Conference on Computer Vision and Pattern Recognition. CVPR 2001.

[6]  Guoliang Xue,et al.  Unobservable Re-authentication for Smartphones , 2013, NDSS.

[7]  Nasir D. Memon,et al.  Biometric-rich gestures: a novel approach to authentication on multi-touch devices , 2012, CHI.

[8]  Abdesselam Bouzerdoum,et al.  Skin segmentation using color pixel classification: analysis and comparison , 2005, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[9]  P. Peer,et al.  Human skin color clustering for face detection , 2003, The IEEE Region 8 EUROCON 2003. Computer as a Tool..

[10]  Hao Chen,et al.  TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion , 2011, HotSec.

[11]  Yang Zhang,et al.  Fingerprint attack against touch-enabled devices , 2012, SPSM '12.

[12]  Giovanni Vigna,et al.  ClearShot: Eavesdropping on Keyboard Input from Video , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[13]  Romit Roy Choudhury,et al.  Tapprints: your finger taps have fingerprints , 2012, MobiSys '12.

[14]  P. Fitts The information capacity of the human motor system in controlling the amplitude of movement. , 1954, Journal of experimental psychology.

[15]  Giacomo Boracchi,et al.  A fast eavesdropping attack against touchscreens , 2011, 2011 7th International Conference on Information Assurance and Security (IAS).

[16]  Jason Brand,et al.  A comparative assessment of three approaches to pixel-level human skin-detection , 2000, Proceedings 15th International Conference on Pattern Recognition. ICPR-2000.

[17]  Xiang Xiao,et al.  LensGesture: augmenting mobile interactions with back-of-device finger gestures , 2013, ICMI '13.

[18]  Jan-Michael Frahm,et al.  iSpy: automatic reconstruction of typed input from compromising reflections , 2011, CCS '11.

[19]  Marc Langheinrich,et al.  Back-of-device authentication on smartphones , 2013, CHI.

[20]  Alex X. Liu,et al.  Secure unlocking of mobile touch screen devices by simple gestures: you can see it but you can not do it , 2013, MobiCom.

[21]  Jun Han,et al.  ACCessory: password inference using accelerometers on smartphones , 2012, HotMobile '12.

[22]  Jan-Michael Frahm,et al.  Seeing double: reconstructing obscured typed input from repeated compromising reflections , 2013, CCS.

[23]  Nikolaos G. Bourbakis,et al.  A survey of skin-color modeling and detection methods , 2007, Pattern Recognit..

[24]  Zhen Ling,et al.  Password Extraction via Reconstructed Wireless Mouse Trajectory , 2016, IEEE Transactions on Dependable and Secure Computing.

[25]  Rui Zhang,et al.  Your song your way: Rhythm-based two-factor authentication for multi-touch mobile devices , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[26]  Paul A. Viola,et al.  Robust Real-Time Face Detection , 2001, International Journal of Computer Vision.

[27]  Zhen Ling,et al.  Blind Recognition of Touched Keys on Mobile Devices , 2014, CCS.

[28]  Matthew Smith,et al.  Now you see me, now you don't: protecting smartphone authentication from shoulder surfers , 2014, CHI.

[29]  Stefan Savage,et al.  Heat of the Moment: Characterizing the Efficacy of Thermal Camera-Based Attacks , 2011, WOOT.

[30]  Zhi Xu,et al.  TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors , 2012, WISEC '12.

[31]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[32]  Rajesh Kumar,et al.  Beware, Your Hands Reveal Your Secrets! , 2014, CCS.

[33]  Marco Gruteser,et al.  Distinguishing users with capacitive touch communication , 2012, Mobicom '12.

[34]  Daniel Vogel,et al.  The Impact of Control-Display Gain on User Performance in Pointing Tasks , 2008, Hum. Comput. Interact..

[35]  Kwang-Seok Hong,et al.  Finger Gesture-based Three-Dimension Mobile User Interaction Using a Rear-facing Camera , 2013, MUE 2013.

[36]  Michael Backes,et al.  2008 IEEE Symposium on Security and Privacy Compromising Reflections –or– How to Read LCD Monitors Around the Corner , 2022 .