Skip to main content
SpringerLink
Log in

A Case Study of Usable Security: Usability Testing of Android Privacy Enhancing Keyboard

  • Conference paper
  • First Online:
Wireless Algorithms, Systems, and Applications (WASA 2017)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 10251))

Abstract

We invent a novel context aware privacy enhancing keyboard (PEK) for touch-enabled devices to keep users safe from various password inference attacks. When a user inputs normal text like an email or a message, PEK shows a normal QWERTY keyboard. However, every time a user of a touch-enabled device presses a password input box on the screen, we will randomly shuffle the positions of the characters on the keyboard and show this randomized keyboard to the user. PEK was released on the Google Play in 2014, but the number of installations is below our expectation now. For the purpose of usable security and privacy, we design a two-stage usability test and perform extensive experiments to evaluate the user experience of PEK and discover the reason behind the lukewarmness of using PEK. We implement two new features so as to improve PEK based on the feedback of usability tests.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J.M.: Smudge attacks on smartphone touch screens. In: Proceedings of Workshop on Offensive Technology WOOT (2010)

    Google Scholar 

  2. Aviv, A.J., Sapp, B., Blaze, M., Smith, J.M.: Practicality of accelerometer side channels on smartphones. In: Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC) (2012)

    Google Scholar 

  3. Backes, M., Chen, T., D1rmuth, M., Lensch, H.P.A., Welk, M.: Tempest in a teapot: compromising reflections revisited. In: Proceedings of the 30th IEEE Symposium on Security and Privacy (S&P) (2009)

    Google Scholar 

  4. Backes, M., Duermuth, M., Unruh, D.: Compromising reflections - or - how to read LCD monitors around the corner. In: Proceedings of the 29th IEEE Symposium on Security and Privacy (S&P) (2008)

    Google Scholar 

  5. Balzarotti, D., Cova, M., Vigna, G.: Clearshot: eavesdropping on keyboard input from video. In: Proceedings of the 29th IEEE Symposium on Security and Privacy (S&P) (2008)

    Google Scholar 

  6. Cai, L., Chen, H.: TouchLogger: inferring keystrokes on touch screen from smartphone motion. In: Proceedings of the 6th USENIX Workshop on Hot Topics in Security (HotSec) (2011)

    Google Scholar 

  7. Cai, Z., He, Z., Guan, X., Li, Y.: Collective data-sanitization for preventing sensitive information inference attacks in social networks. IEEE Trans. Dependable Secur. Comput. (2016)

    Google Scholar 

  8. Maggi, F., Volpatto, A., Gasparini, S., Boracchi, G., Zanero, S.: A fast eavesdropping attack against touchscreens. In: Proceedings of the 7th International Conference Information Assurance and Security (IAS) (2011)

    Google Scholar 

  9. Miluzzoy, E., Varshavskyy, A., Balakrishnany, S., Choudhury, R.R.: Tapprints: your finger taps have fingerprints. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services (MobiSys) (2012)

    Google Scholar 

  10. Mowery, K., Meiklejohn, S., Savage, S.: Heat of the moment: characterizing the efficacy of thermal camera-based attacks. In: Proceedings of Workshop on Offensive Technologies (WOOT) (2011)

    Google Scholar 

  11. OMRON SOFTWARE Co., Ltd., Openwnn (2012). https://sourceforge.net/u/lluct/me722-cm/ci/890e9a90d9a7fe5f0243b9392eaa787d1381e987/tree/packages/inputmethods/OpenWnn/

  12. Owusu, E., Han, J., Das, S., Perrig, A., Zhang, J.: ACCessory: keystroke inference using accelerometers on smartphones. In: Proceedings of the Thirteenth Workshop on Mobile Computing Systems and Applications (HotMobile). ACM, February 2012

    Google Scholar 

  13. Ping, D., Sun, X., Mao, B.: Textlogger: inferring longer inputs on touch screen using motion sensors. In: Proceedings of the 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) (2015)

    Google Scholar 

  14. Shin, H.-S.: Device and method for inputting password using random keypad. United States Patent No. 7, 698, 563 (2010)

    Google Scholar 

  15. Simon, L., Anderson, R.: Pin skimmer: inferring pins through the camera and microphone. In: Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) (2013)

    Google Scholar 

  16. Sun, J., Jin, X., Chen, Y., Zhang, J., Zhang, R., Zhang, Y.: VISIBLE: video-assisted keystroke inference from tablet backside motion. In: Proceedings of the 23rd ISOC Network and Distributed System Security Symposium (NDSS) (2016)

    Google Scholar 

  17. Xu, Z., Bai, K., Zhu, S.: Taplogger: inferring user inputs on smartphone touchscreens using on-board motion sensors. In: Proceedings of The ACM Conference on Wireless Network Security (WiSec) (2012)

    Google Scholar 

  18. Yue, Q., Ling, Z., Fu, X., Liu, B., Ren, K., Zhao, W.: Blind recognition of touched keys on mobile devices. In: Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS) (2014)

    Google Scholar 

  19. Yue, Q., Ling, Z., Fu, X., Liu, B., Yu, W., Zhao, W.: My google glass sees your passwords! In: Proceedings of the Black Hat USA (2014)

    Google Scholar 

  20. Zalewski, M.: Cracking safes with thermal imaging (2005). http://lcamtuf.coredump.cx/tsafe/

  21. Zhang, L., Cai, Z., Wang, X.: Fakemask: a novel privacy preserving approach for smartphones. IEEE Trans. Netw. Serv. Manag. 13(2), 335–348 (2016)

    Article  Google Scholar 

  22. Zhang, Y., Xia, P., Luo, J., Ling, Z., Liu, B., Fu, X.: Fingerprint attack against touch-enabled devices. In: Proceedings of the 2nd Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) (2012)

    Google Scholar 

Download references

Acknowledgments

This work was supported in part by National Natural Science Foundation of China under grants 61502100, 61532013, 61402104, 61572130, 61602111, 61632008, and 61320106007, by US NSF grants 1461060, 1642124, 1547428, and CNS 1350145, by University System of Maryland Fund, by Jiangsu Provincial Natural Science Foundation of China under grants BK20150637 and BK20140648, by Jiangsu Provincial Key Technology R&D Program under grants BE2014603, by Jiangsu Provincial Key Laboratory of Network and Information Security under grants BM2003201, by Key Laboratory of Computer Network and Information Integration of Ministry of Education of China under grants 93K-9 and by Collaborative Innovation Center of Novel Software Technology and Industrialization. Any opinions, findings, conclusions, and recommendations in this paper are those of the authors and do not necessarily reflect the views of the funding agencies.

Author information

Authors and Affiliations

  1. Southeast University, Nanjing, China

    Zhen Ling

  2. University at Albany - SUNY, Albany, NY, 12222, USA

    Melanie Borgeest

  3. University of Massachusetts Lowell, Lowell, MA, 01854, USA

    Chuta Sano, Sirong Lin & Xinwen Fu

  4. Wartburg College, Waverly, IA, 50677, USA

    Mogahid Fadl

  5. Towson University, Towson, MD, 21252, USA

    Wei Yu

  6. University of Macau, Macau, China

    Wei Zhao

Authors
  1. Zhen Ling
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Melanie Borgeest
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chuta Sano
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sirong Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mogahid Fadl
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Wei Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Xinwen Fu
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Wei Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhen Ling .

Editor information

Editors and Affiliations

  1. Texas Christian University, Fort Worth, Texas, USA

    Liran Ma

  2. New Jersey Institute of Technology, Newark, New Jersey, USA

    Abdallah Khreishah

  3. University of Oslo, Oslo, Norway

    Yan Zhang

  4. University of North Georgia, Dahlonega, Georgia, USA

    Mingyuan Yan

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Ling, Z. et al. (2017). A Case Study of Usable Security: Usability Testing of Android Privacy Enhancing Keyboard. In: Ma, L., Khreishah, A., Zhang, Y., Yan, M. (eds) Wireless Algorithms, Systems, and Applications. WASA 2017. Lecture Notes in Computer Science(), vol 10251. Springer, Cham. https://doi.org/10.1007/978-3-319-60033-8_61

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-60033-8_61

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-60032-1

  • Online ISBN: 978-3-319-60033-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation