Security side channels enabled by smartphone user interaction.

Format:

Book

Thesis/Dissertation

Author/Creator:

Aviv, Adam J.

Contributor:

McDaniel, Patrick, committee member.

Zdancewic, Steve, committee member.

Martin, Milo, committee member.

Loo, Boon Thau, committee member.

Blaze, Matt, advisor.

Smith, Jonathan M., advisor.

University of Pennsylvania. Computer and Information Science.

Language:

English

Subjects (All):

Computer science.

Computer Science.

0984.

Penn dissertations--Computer and information science.

Computer and information science--Penn dissertations.

Local Subjects:

Computer Science.

Penn dissertations--Computer and information science.

Computer and information science--Penn dissertations.

0984.

Physical Description:

132 pages

Contained In:

Dissertation Abstracts International 74-05B(E).

System Details:

Mode of access: World Wide Web.

text file

Summary:

As smartphones become ever more present and interwoven into the daily computing of individuals, a broader perspective of the differences between computer security and smartphone security must be considered. As a general purpose computer, smartphones inherently suffer from all the same computer security issues as traditional computers; however, there exists fundamental differences between smartphones and traditional computing in how we interact with smartphones via the touchscreen. Smartphones interaction is physical, hand-held, and tactile, and this thesis shows how this interaction leads to new side channel vulnerabilities.

This is demonstrated through the study of two side channels: One based on external smartphone observations via photographic and forensic evidence, and the other based on internal smartphone observations via the smartphone's on-board sensors. First, we demonstrate a smudge attack, a side channel resulting from oily residues remaining on the touch screen surface post user input. We show that these external observations can reveal users' Android password patterns, and we show that properties of the Android password pattern, in particular, render it susceptible to this attack. Next, we demonstrate a sensor-based side channel that leverages the smartphones internal on-board sensor, particularly the accelerometer, to surreptitiously learn about user input. We show that such attacks are practical; however, broad dictionary based attacks may be challenging.

The contributions of this thesis also speak to the future of security research as new computing platforms with new computing interfaces are developed. We argue that a broad perspective of the security of these new devices must be considered, including the computing interface.

Notes:

Thesis (Ph.D. in Computer and Information Science) -- University of Pennsylvania, 2012.

Source: Dissertation Abstracts International, Volume: 74-05(E), Section: B.

Advisers: Jonathan M. Smith; Matt Blaze.

Local Notes:

School code: 0175.

ISBN:

9781267880574

Access Restriction:

Restricted for use by site license.