Abstract
We invent a novel context aware privacy enhancing keyboard (PEK) for touch-enabled devices to keep users safe from various password inference attacks. When a user inputs normal text like an email or a message, PEK shows a normal QWERTY keyboard. However, every time a user of a touch-enabled device presses a password input box on the screen, we will randomly shuffle the positions of the characters on the keyboard and show this randomized keyboard to the user. PEK was released on the Google Play in 2014, but the number of installations is below our expectation now. For the purpose of usable security and privacy, we design a two-stage usability test and perform extensive experiments to evaluate the user experience of PEK and discover the reason behind the lukewarmness of using PEK. We implement two new features so as to improve PEK based on the feedback of usability tests.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J.M.: Smudge attacks on smartphone touch screens. In: Proceedings of Workshop on Offensive Technology WOOT (2010)
Aviv, A.J., Sapp, B., Blaze, M., Smith, J.M.: Practicality of accelerometer side channels on smartphones. In: Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC) (2012)
Backes, M., Chen, T., D1rmuth, M., Lensch, H.P.A., Welk, M.: Tempest in a teapot: compromising reflections revisited. In: Proceedings of the 30th IEEE Symposium on Security and Privacy (S&P) (2009)
Backes, M., Duermuth, M., Unruh, D.: Compromising reflections - or - how to read LCD monitors around the corner. In: Proceedings of the 29th IEEE Symposium on Security and Privacy (S&P) (2008)
Balzarotti, D., Cova, M., Vigna, G.: Clearshot: eavesdropping on keyboard input from video. In: Proceedings of the 29th IEEE Symposium on Security and Privacy (S&P) (2008)
Cai, L., Chen, H.: TouchLogger: inferring keystrokes on touch screen from smartphone motion. In: Proceedings of the 6th USENIX Workshop on Hot Topics in Security (HotSec) (2011)
Cai, Z., He, Z., Guan, X., Li, Y.: Collective data-sanitization for preventing sensitive information inference attacks in social networks. IEEE Trans. Dependable Secur. Comput. (2016)
Maggi, F., Volpatto, A., Gasparini, S., Boracchi, G., Zanero, S.: A fast eavesdropping attack against touchscreens. In: Proceedings of the 7th International Conference Information Assurance and Security (IAS) (2011)
Miluzzoy, E., Varshavskyy, A., Balakrishnany, S., Choudhury, R.R.: Tapprints: your finger taps have fingerprints. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services (MobiSys) (2012)
Mowery, K., Meiklejohn, S., Savage, S.: Heat of the moment: characterizing the efficacy of thermal camera-based attacks. In: Proceedings of Workshop on Offensive Technologies (WOOT) (2011)
OMRON SOFTWARE Co., Ltd., Openwnn (2012). https://sourceforge.net/u/lluct/me722-cm/ci/890e9a90d9a7fe5f0243b9392eaa787d1381e987/tree/packages/inputmethods/OpenWnn/
Owusu, E., Han, J., Das, S., Perrig, A., Zhang, J.: ACCessory: keystroke inference using accelerometers on smartphones. In: Proceedings of the Thirteenth Workshop on Mobile Computing Systems and Applications (HotMobile). ACM, February 2012
Ping, D., Sun, X., Mao, B.: Textlogger: inferring longer inputs on touch screen using motion sensors. In: Proceedings of the 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) (2015)
Shin, H.-S.: Device and method for inputting password using random keypad. United States Patent No. 7, 698, 563 (2010)
Simon, L., Anderson, R.: Pin skimmer: inferring pins through the camera and microphone. In: Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) (2013)
Sun, J., Jin, X., Chen, Y., Zhang, J., Zhang, R., Zhang, Y.: VISIBLE: video-assisted keystroke inference from tablet backside motion. In: Proceedings of the 23rd ISOC Network and Distributed System Security Symposium (NDSS) (2016)
Xu, Z., Bai, K., Zhu, S.: Taplogger: inferring user inputs on smartphone touchscreens using on-board motion sensors. In: Proceedings of The ACM Conference on Wireless Network Security (WiSec) (2012)
Yue, Q., Ling, Z., Fu, X., Liu, B., Ren, K., Zhao, W.: Blind recognition of touched keys on mobile devices. In: Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS) (2014)
Yue, Q., Ling, Z., Fu, X., Liu, B., Yu, W., Zhao, W.: My google glass sees your passwords! In: Proceedings of the Black Hat USA (2014)
Zalewski, M.: Cracking safes with thermal imaging (2005). http://lcamtuf.coredump.cx/tsafe/
Zhang, L., Cai, Z., Wang, X.: Fakemask: a novel privacy preserving approach for smartphones. IEEE Trans. Netw. Serv. Manag. 13(2), 335–348 (2016)
Zhang, Y., Xia, P., Luo, J., Ling, Z., Liu, B., Fu, X.: Fingerprint attack against touch-enabled devices. In: Proceedings of the 2nd Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) (2012)
Acknowledgments
This work was supported in part by National Natural Science Foundation of China under grants 61502100, 61532013, 61402104, 61572130, 61602111, 61632008, and 61320106007, by US NSF grants 1461060, 1642124, 1547428, and CNS 1350145, by University System of Maryland Fund, by Jiangsu Provincial Natural Science Foundation of China under grants BK20150637 and BK20140648, by Jiangsu Provincial Key Technology R&D Program under grants BE2014603, by Jiangsu Provincial Key Laboratory of Network and Information Security under grants BM2003201, by Key Laboratory of Computer Network and Information Integration of Ministry of Education of China under grants 93K-9 and by Collaborative Innovation Center of Novel Software Technology and Industrialization. Any opinions, findings, conclusions, and recommendations in this paper are those of the authors and do not necessarily reflect the views of the funding agencies.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Ling, Z. et al. (2017). A Case Study of Usable Security: Usability Testing of Android Privacy Enhancing Keyboard. In: Ma, L., Khreishah, A., Zhang, Y., Yan, M. (eds) Wireless Algorithms, Systems, and Applications. WASA 2017. Lecture Notes in Computer Science(), vol 10251. Springer, Cham. https://doi.org/10.1007/978-3-319-60033-8_61
Download citation
DOI: https://doi.org/10.1007/978-3-319-60033-8_61
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-60032-1
Online ISBN: 978-3-319-60033-8
eBook Packages: Computer ScienceComputer Science (R0)