We introduce quantitative usability and security models to guide the design of password management schemes — systematic strategies to help users create and remember multiple passwords. In the same way that security proofs in cryptography are based on complexity-theoretic assumptions (e.g., hardness of factoring and discrete logarithm), we quantify usability by introducing usability assumptions . In particular, password management relies on assumptions about human memory, e.g., that a user who follows a particular rehearsal schedule will successfully maintain the corresponding memory. These assumptions are inform ed by research in cognitive science and can be tested empirically. Given rehearsal requirement s and a user’s visitation schedule for each account, we use the total number of extra rehearsals that the user would have to do to remember all of his passwords as a measure of the usability of the password scheme. Our usability model leads us to a key observation: password reuse benefits users not only by reducing the number of passwords that the user has to memorize, but more importantly by increasing the natural rehearsal rate for each password. We also present a security model which accounts for the complexity of password management with multiple accounts and associated threats, including online, offline, and plaintext password leak attacks. Observing that current password management schemes are either insecure or unusable, we present Shared Cues — a new scheme in which the underlying secret is strategically shared across accounts to ensure that most rehearsal requirements are satisfied naturally while simultaneously providing strong security. The construction uses the Chinese Remainder Theorem to achieve these competing goals.
Today’s smartphones provide services and uses that required a panoply of dedicated devices not so long ago. With them, we listen to music, play games or chat with our friends; but we also read our corporate email and documents, manage our online banking; and we have started to use them directly as a means of payment. In this paper, we aim to raise awareness of side-channel attacks even when strong isolation protects sensitive applications. Previous works have studied the use of the phone accelerometer and gyroscope as side channel data to infer PINs. Here, we describe a new side-channel attack that makes use of the video camera and microphone to infer PINs entered on a number-only soft keyboard on a smartphone. The microphone is used to detect touch events, while the camera is used to estimate the smartphone’s orientation, and correlate it to the position of the digit tapped by the user. We present the design, implementation and early evaluation of PIN Skimmer, which has a mobile application and a server component. The mobile application collects touch-event orientation patterns and later uses learnt patterns to infer PINs entered in a sensitive application. When selecting from a test set of 50 4-digit PINs, PIN Skimmer correctly infers more than 30% of PINs after 2 attempts, and more than 50% of PINs after 5 attempts on android-powered Nexus S and Galaxy S3 phones. When selecting from a set of 200 8-digit PINs, PIN Skimmer correctly infers about 45% of the PINs after 5 attempts and 60% after 10 attempts. It turns out to be difficult to prevent such side-channel attacks, so we provide guidelines for developers to mitigate present and future side-channel attacks on PIN input.
S. Das, L. Green, B. Perez, and M. Murphy, “Detecting User Activities Using the Accelerometer on Android Smartphones,” 2010.
R. Templeman, Z. Rahman, D. Crandall, and A. Kapadia, “PlaceRaider: Virtual theft in physical spaces with smartphones”; In Proceedings of The 20th Annual Network and Distributed System Security Symposium (NDSS); 2013-02.
Facetime “The easiest way to call face-to-face.”
Skype “Video chat – free online video calls – video calling – skype.”
J. Bonneau, S. Preibusch, and R. Anderson, “A birthday present every eleven wallets? The security of customer-chosen banking PINs”; In Proceedings of FC ’12: The 16th International Conference on Financial Cryptography and Data Security; 2012-03.
C. Cachin, Entropy measures and unconditional security in cryptography; PhD Thesis, ETH Zurich, 1997.
S. Brostoff and M. A. Sasse, ““ten strikes and you’re out”: Increasing the number of login attempts can improve password usability”; In Proceedings of the CHI Workshop on HCI and Security Systems; John Wiley; 2003.
F. Stajano, “Pico: no more passwords!,” in Proceedings of the 19th International Conference on Security Protocols (SP’11); Berlin, Heidelberg; pp. 49–81, Springer-Verlag, 2011.
O. Riva, C. Qin, K. Strauss, and D. Lymberopoulos, “Progressive authentication: deciding when to authenticate on mobile phones”; In Proceedings of the 21st USENIX conference on Security Symposium (Security’12); Berkeley, CA, USA; pp. 15–15, USENIX Association, 2012.
S. Maggi, A. Volpatto, S. Gasparini, G. Boracchi, and S. Zanero, “Poster: fast, automatic iphone shoulder surfing,” in Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS ’11); New York, NY, USA; pp. 805–808, ACM, 2011.
R. Raguram, A. M. White, D. Goswami, F. Monrose, and J.-M. Frahm; “ispy: automatic reconstruction of typed input from compromising reflections”; In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS ’11); New York, NY, USA; pp. 527–536, ACM; 2011.
A. J. Aviv, K. Gibson, E. Mossop, M. Blaze, and J. M. Smith, “Smudge attacks on smartphone touch screens,” in Proceedings of the 4th USENIX Conference on Offensive Technologies, WOOT’10, pp. 1–7, USENIX Association, 2010.
P. Marquardt, A. Verma, H. Carter, and P. Traynor, “(sp)iphone: decoding vibrations from nearby keyboards using mobile phone accelerometers,” in Proceedings of the 18th ACM conference on Computer and communications security, CCS ’11, (New York, NY, USA), pp. 551–562, ACM, 2011.
Z. Xu, K. Bai, and S. Zhu, “Taplogger: inferring user inputs on smartphone touchscreens using on-board motion sensors” In Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks (WISEC ’12); New York, NY, USA; pp. 113–124, ACM; 2012.
L. Cai and H. Chen, “Touchlogger: inferring keystrokes on touch screen from smartphone motion”; In Proceedings of the 6th USENIX Conference on Hot Topics in Security (HotSec’11); Berkeley, CA, USA; pp. 9–9, USENIX Association; 2011.
L. Cai and H. Chen, “On the practicality of motion based keystroke inference attack”; In Proceedings of the 5th international conference on Trust and Trustworthy Computing (TRUST’12); Berlin, Heidelberg; pp. 273–290, Springer-Verlag; 2012.
A. J. Aviv, B. Sapp, M. Blaze, and J. M. Smith, “Practicality of accelerometer side channels on smartphones”; In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC ’12); New York, NY, USA; pp. 41–50, ACM; 2012.
E. Miluzzo, A. Varshavsky, S. Balakrishnan, R. R. Choudhury; “Tapprints: your finger taps have fingerprints”; In Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services (MobiSys ’12); New York, NY, USA; pp. 323–336, ACM; 2012.
The large-scale collection and exploitation of personal information to drive targeted online advertisements has raised privacy concerns. As a step towards understanding these concerns, we study the relationship between how much information is collected and how valuable it is for advertising. We use HTTP traces consisting of millions of users to aid our study and also present the rst comparative study between aggregators. We develop a simple model that captures the various parameters of today’s advertising revenues, whose values are estimated via the traces. Our results show that per aggregator revenue is skewed (5% accounting for 90% of revenues), while the contribution of users to advertising revenue is much less skewed (20% accounting for 80% of revenue). Google is dominant in terms of revenue and reach (presence on 80% of publishers). We also show that if all 5% of the top users in terms of revenue were to install privacy protection, with no corresponding reaction from the publishers, then the revenue can drop by 30%.
Google is a dominant player in the online ad industry, with presence on 80% of publishers in our datasets, with highest revenues as a demand aggregator but is not the top publisher in terms of revenue,
Facebook is increasing its presence around the Web with their `Like’ button, reaching 23% of publishers,
A few demand aggregators account for most of the revenue (5% accounting for 90% of revenues), however, users’ contribution to advertising revenue is much less skewed (20% accounting for 80% of revenue),
Popular publishers account for highest revenues, while less popular ones have low revenues.
Adoption of DNT and/or Ad Blocking can (has has the potential to)
decrease revenue by 75%
if blocking is adopted by all users
absent counter-countermeasures from aggregators & publishers; e.g. QpQ;
(context & explanation in Section 5).
decrease revenue by 30%-60%
if blocking is adopted by the to 5% of users (the valuable users).
Behavioral Targeting (BT) is a technique used by online advertisers to increase the effectiveness of their campaigns, and is playing an increasingly important role in the online advertising market. However, it is underexplored in academia how much BT can truly help online advertising in search engines. In this paper we provide an empirical study on the click-through log of advertisements collected from a commercial search engine. From the experiment results over a period of seven days, we draw three important conclusions:
Users who clicked the same ad will truly have similar behaviors on the Web;
Click-Through Rate (CTR) of an ad can be averagely improved as high as 670% by properly segmenting users for behavioral targeted advertising in a sponsored search;
Using short term user behaviors to represent users is more effective than using long term user behaviors for BT.
We conducted statistical t-test which verified that all conclusions drawn in the paper are statistically significant. To the best of our knowledge, this work is the first empirical study for BT on the click-through log of real world ads.
Android uses a permission-based security model to restrict applications from accessing private data and privileged resources. However, the permissions are assigned at the application level, so even untrusted third-party libraries, such as advertisement, once incorporated, can share the same privileges as the entire application, leading to over-privileged problems.
We present AFrame, a developer friendly method to isolate untrusted third-party code from the host applications. The isolation achieved by AFrame covers not only the process/permission isolation, but also the display and input isolation. Our AFrame framework is implemented through a minimal change to the existing Android code base; our evaluation results demonstrate that it is effective in isolating the privileges of untrusted third-party code from applications with reasonable performance overhead.
Today’s smartphone operating systems frequently fail to provide users with adequate control over and visibility into how third-party applications use their private data. We address these shortcomings with TaintDroid, an efﬁcient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data. TaintDroid provides realtime analysis by leveraging Android’s virtualized execution environment. TaintDroid incurs only 14% performance overhead on a CPU-bound micro-benchmark and imposes negligible overhead on interactive third-party applications. Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, we found 68 instances of potential misuse of users’ private information across 20 applications. Monitoring sensitive data with TaintDroid provides informed use of third-party applications for phone users and valuable input for smartphone security service ﬁrms seeking to identify misbehaving applications.