A smudge attack is an information extraction attack that
discerns the password input of a
touchscreen
A touchscreen or touch screen is the assembly of both an input ('touch panel') and output ('display') device. The touch panel is normally layered on the top of an electronic visual display of an information processing system. The display is ofte ...
device such as a cell phone or
tablet computer
A tablet computer, commonly shortened to tablet, is a mobile device, typically with a mobile operating system and touchscreen display processing circuitry, and a rechargeable battery in a single, thin and flat package. Tablets, being com ...
from fingerprint smudges. A team of researchers at the
University of Pennsylvania
The University of Pennsylvania (also known as Penn or UPenn) is a private research university in Philadelphia. It is the fourth-oldest institution of higher education in the United States and is ranked among the highest-regarded universitie ...
were the first to investigate this type of attack in 2010.
An attack occurs when an unauthorized user is in possession or is nearby the device of interest. The attacker relies on detecting the oily smudges produced and left behind by the user's fingers to find the pattern or code needed to access the device and its contents.
Simple cameras, lights,
fingerprint powder
Fingerprint powders are fine powders used, in conjunction with fingerprint brushes, by crime scene investigators and other law enforcement personnel to search for and enhance latent/invisible fingerprints that can be used to determine identificati ...
, and
image processing software
An image is a visual representation of something. It can be two-dimensional, three-dimensional, or somehow otherwise feed into the visual system to convey information. An image can be an artifact, such as a photograph or other two-dimensiona ...
can be used to capture the fingerprint deposits created when the user unlocks their device. Under proper lighting and camera settings, the finger smudges can be easily detected, and the heaviest smudges can be used to infer the most frequent input swipes or taps from the user.
Smudge attacks are particularly successful when performed on devices that offer
personal identification numbers (PINs), text-based passwords, and pattern-based passwords as locking options. There are various proposed countermeasures to mitigate attacks, such as
biometrics
Biometrics are body measurements and calculations related to human characteristics. Biometric authentication (or realistic authentication) is used in computer science as a form of identification and access control. It is also used to identify i ...
, TinyLock, and SmudgeSafe, all which are different authentication schemes.
Many of these methods provide ways to either cover up the smudges using a stroking method or implement randomized changes so previous logins are different from the current input.
Background
The smudge attack method against smartphone touch screens was first investigated by a team of
University of Pennsylvania
The University of Pennsylvania (also known as Penn or UPenn) is a private research university in Philadelphia. It is the fourth-oldest institution of higher education in the United States and is ranked among the highest-regarded universitie ...
researchers and reported at the 4th
USENIX Workshop on Offensive Technologies. The team classified the attack as a physical
side-channel attack
In computer security, a side-channel attack is any attack based on extra information that can be gathered because of the fundamental way a computer protocol or algorithm is implemented, rather than flaws in the design of the protocol or algori ...
where the side-channel is launched from the interactions between a finger and the touchscreen. The research was widely covered in the technical press, including reports on ''
PC Pro
''PC Pro'' is one of several computer magazines published monthly in the United Kingdom by Future plc. Its headquarters is in London. ''PC Pro'' also licenses individual articles (or even the whole magazine) for republication in various countri ...
'', ''
ZDNet
ZDNET is a business technology news website owned and operated by Red Ventures.
The brand was founded on April 1, 1991, as a general interest technology portal from Ziff Davis and evolved into an enterprise IT-focused online publication.
His ...
,'' and ''
Engadget
''Engadget'' ( ) is a multilingual technology blog network with daily coverage of gadgets and consumer electronics. ''Engadget'' manages ten blogs four of which are written in English and six have international versions with independent editor ...
.'' The researchers used the smudges left behind on two Android smartphones and were able to break the password fully 68% of the time and partially 92% of the time under proper conditions.
Once the threat was recognized,
Whisper Systems
Whisper Systems was an American enterprise mobile security company that was co-founded by security researcher Moxie Marlinspike and roboticist Stuart Anderson in 2010. The company was acquired by Twitter in November 2011. Some of the company's s ...
introduced an app in 2011 to mitigate the risk. The app provided their own versions of a pattern lock and PIN authentication that required users to complete certain tasks to cover up the smudges created during the authentication process. For the PIN verification option, the number options were vertically lined-up, and user were required to swipe downward over the smudged area. For the pattern lock, the app presented a 10x10 grid of stars the users had to swipe over and highlight before accessing the home screen.
Dangers
Interpreting the smudges on the screen requires less equipment, and there is less experience needed to be an attacker. In combination with the negative ramifications for victims of an attack, there is a lot of concern in relation to this type of attack. The smudge attack approach could also be applied to other touchscreen devices besides mobile phones that require an unlocking procedure, such as
automated teller machines (ATMs), home locking devices, and PIN entry systems in convenience stores. Those who use touchscreen devices or machines that contain or store personal information are at a risk of data breaches. The human tendency for minimal and easy-to-remember
PINs and patterns also lead to
weak passwords, and passwords from weak password subspaces increase the ease at which attackers can decode the smudges.
Smudge attacks are particularly dangerous since fingerprint smudges can be hard to remove from touchscreens, and the persistence of these fingerprints increases the threat of an attack. The attack does not depend on finding perfect smudge prints, and it is still possible for attackers to figure out the password even after cleaning the screen with clothing or with overlapping fingerprints.
Cha ''et al''.
in their paper, "Boosting the Guessing Attack Performance on Android Lock Patterns with Smudge Attacks," tested an attack method called smug that combined smudge attacks and pure guessing attacks. They found that even after the users were asked to use the Facebook app after unlocking the device, 31.94% of the phones were cracked and accessed.
Another danger of smudge attacks is that the basic equipment needed to perform this attack, a camera and lights, is easily obtainable. Fingerprint kits are also an accessible and additional, but not required, piece of equipment ranging from $30-$200. These kits increase the ease with which an attacker can successfully break into a phone in possession.
Types of attackers
The team at the University of Pennsylvania identified and considered two types of attackers: passive and active.
Active
An active attacker is classified as someone who has the device in hand and is in control of the lighting setup and angles. These attackers can alter the touchscreen in a way to better identify the PIN or pattern code by cleaning or using fingerprint powder.
A typical setup from an active attacker could include a mounted camera, the phone placed on a surface, and a single light source. Slight variations in the setup include the type and size of the light source and the distance between the camera and the phone. A more experienced attacker would pay closer attention to the angle of the light and camera, the lighting source, and the type of camera and lens used to get the best picture, taking into account the shadows and highlights when the light reflects.
Passive
A passive attacker is an observer who does not have the device in hand and instead has to perform an eavesdropping-type attack.
This means they will wait for the right opportunity to collect the fingerprint images until they can get in possession of the gadget. The passive attacker does not have control of the lighting source, the angle, the position of the phone, and the condition of the touchscreen. They are dependent on the authorized user and their location to get a good quality picture to crack the security code later on.
Methods and techniques
There are different steps and techniques that attackers use to isolate the fingerprint smudges to determine the lock pattern or PIN. The attacker first has to identify the exact touch screen area, any relevant smudges within that area, and any possible combination or pattern segments.
Preprocessing
In the cases where the fingerprints are not super visible to the eye, preprocessing is used to identify the most intact fingerprints determined by the number of ridge details they have. Selecting the fingerprints with the most ridge details differentiates between the user's fingerprints and those with whom the device is shared.
When pressing a finger down on the touch screen surface to create a fingerprint, the liquid from the edges of the ridges fill in the contact region. This fingerprint liquid is made up of substances from the
epidermis, the
secretory gland
Exocrine glands are glands that secrete substances on to an epithelial surface by way of a duct. Examples of exocrine glands include sweat, salivary, mammary, ceruminous, lacrimal, sebaceous, prostate and mucous. Exocrine glands are one of two ...
s, and extrinsic contaminants such as dirt or outside skin products. As the fingertip is lifted, the liquid also retracts, leaving behind the leftover traces.
Attackers are able to use fingerprint powder to dust over these oil smudges to unveil the visible fingerprint and their ridges. The powder can enhance the
diffuse reflection
Diffuse reflection is the reflection of light or other waves or particles from a surface such that a ray incident on the surface is scattered at many angles rather than at just one angle as in the case of specular reflection. An ''ideal'' di ...
, which reflects from rough surfaces and makes the dusted smudge more visible to the human eye. There are different powders to choose from based on the colors that best contrasts with the touchscreen and the environment. Examples of powders are aluminum, bronze, cupric oxide, iron, titanium dioxide, graphite, magnetic, and fluorescent powder. This dusting action also mimics the processes used in a crime scene investigation.
Preserving fingerprints
Preserving fingerprints utilizes a camera to capture multiple pictures of the fingerprint images or the keypad with different light variations. Generally,
high-resolution
Image resolution is the detail an image holds. The term applies to digital images, film images, and other types of images. "Higher resolution" means more image detail.
Image resolution can be measured in various ways. Resolution quantifies how cl ...
cameras and bright lights work the best for identifying smudges. The goal is to limit any reflections and isolate the clear fingerprints.
Visibility of objects
The visibility of the fingerprint relies on the light source, the reflection, and shadows. The touch screen and surface of a smart device can have different reflections that change how someone views the image of the fingerprint.
*
Diffuse Reflection
Diffuse reflection is the reflection of light or other waves or particles from a surface such that a ray incident on the surface is scattered at many angles rather than at just one angle as in the case of specular reflection. An ''ideal'' di ...
:
Incident ray
In optics a ray is an idealized geometrical model of light, obtained by choosing a curve that is perpendicular to the ''wavefronts'' of the actual light, and that points in the direction of energy flow. Rays are used to model the propagation o ...
s that are reflected at many angles and produced from rough surfaces. Diffuse reflection of light reflects the image of the fingerprint that the human eye can see. The techniques used in preprocessing and strong light enhances the diffuse reflection for a clearer photo.
*
Specular Reflection
Specular reflection, or regular reflection, is the mirror-like reflection of waves, such as light, from a surface.
The law of reflection states that a reflected ray of light emerges from the reflecting surface at the same angle to the surf ...
:
Incident ray
In optics a ray is an idealized geometrical model of light, obtained by choosing a curve that is perpendicular to the ''wavefronts'' of the actual light, and that points in the direction of energy flow. Rays are used to model the propagation o ...
s are reflected at one angle and produced from smooth surfaces. Specular reflection of light reflects a "virtual" image (since it doesn't produce light) that seems to come from behind the surface. An example of this is a mirror.
Mapping fingerprints to keypad
Fingerprint mapping uses the photographed smudge images to figure out what keys were used by laying the smudge images over the keypad or by comparing the image with a reference picture. Mapping the positions of smudges helps the attacker figure out which tapped keys were used by the authorized user. First, the fingerprints and keypad images are resized and processed to find the areas the corresponding fingerprints and keys occupy. Next, the Laplace edge detection algorithm is applied to detect the edges of the ridges of a finger, sharpen the overall fingerprint, and eliminate any of the background smudges. The photo is then converted into a
binary
Binary may refer to:
Science and technology Mathematics
* Binary number, a representation of numbers using only two digits (0 and 1)
* Binary function, a function that takes two arguments
* Binary operation, a mathematical operation that ta ...
image to create a contrast between the white fingerprints and the black background. Using this image with grid divisions also helps clarify where the user has tapped based on the locations with the largest number of white dots in each grid area.
Differentiating between multiple fingerprints
In the case that there are multiple users, grouping fingerprints can help classify which ones belong to each person. Fingerprints have both ridges and valleys, and differentiating them is determined by the overall and local ridge structure. There are three patterns of fingerprint ridges–
arch, loop, and
whorl
A whorl ( or ) is an individual circle, oval, volution or equivalent in a whorled pattern, which consists of a spiral or multiple concentric objects (including circles, ovals and arcs).
Whorls in nature
File:Photograph and axial plane floral ...
– that represent the overall structure, and the ridge endings or bifurcation represent the local structure or
minutiae
A fingerprint is an impression left by the friction ridges of a human finger. The recovery of partial fingerprints from a crime scene is an important method of forensic science. Moisture and grease on a finger result in fingerprints on surf ...
points.
Different algorithms incorporate these fingerprint traits and structure to group the fingerprints and identify the differences. Some examples of algorithms used are Filterbank, adjacent orientation vector (AOV) system, and correlation-filter.
* Filterbank requires whole fingerprints and cannot identify just the tips of the finger since it uses both the local and overall structure. The algorithm works by selecting a region of interest and dividing it into sectors. A feature vector with all the local features is formed after filtering each sector, and the Euclidean distance of the vectors of two fingerprint images can be compared to see if there is a match.
* Adjacent orientation vector system matches fingerprints based only on the number of minutiae pairs and the finger details rather than the global/overall structure of the finger. The algorithm works by numbering all of the ridges of the minutiae pairs and creating an AOV consisting of that number and the difference between adjacent minutiae orientations. The AOV score or distance of the two fingerprints are computed and checked against a threshold after fine matching to see if the fingerprints are the same.
* Correlation filter works with both whole fingers and fingertips. This algorithm works by using a correlation filter or training image of the fingerprint to the image to find the local and overall ridge pattern and ridge frequency. When verifying a fingerprint, the transformation is applied to the test image and multiplied by the results of applying the correlation filter on the person of interest. If the test subject and template match, there should be a large result.
Smudge-supported pattern guessing (smug)
Smug is a specific attack method that combines
image processing with sorting patterns to figure out pattern-based passwords. First, the attackers take a picture of the smudge area using an appropriate camera and lighting. Using an
image-matching algorithm, the captured image is then compared to a reference picture of the same device to properly extract a cropped picture focused on the smudges. Next, the smudge objects are identified using binary,
Canny edge detection, and Hough transformation to enhance the visibility of the fingerprint locations. Possible segments between the swipes and points are detected with an algorithm to form the target pattern. The segments are then filtered to remove unwanted and isolated edges to only keep the edges that follow the segment direction. These segments are identified by figuring out if the smudge between two grid points is part of a pattern after comparing the number of smudge objects against the set threshold. Lastly, these segments are used in a password model to locate potential passwords (e.g. ''n''-gram
Markov model
In probability theory, a Markov model is a stochastic model used to model pseudo-randomly changing systems. It is assumed that future states depend only on the current state, not on the events that occurred before it (that is, it assumes the Mark ...
). An experiment conducted found that this method was successful in unlocking 360 pattern codes 74.17% of the time when assisted by smudge attacks, an improvement from 13.33% for pure guessing attacks.
Types of vulnerable security methods
Smudge attacks can be performed on various smart device locking methods such as Android Patterns, PINs, and text-based passwords. All of these authentication methods require the user to tap the screen to input the correct combination, which leads to susceptibility to smudge attacks that look for these smudges.
Personal Identification Numbers (PINs)
''Main Article'':
Personal Identification Numbers
A personal identification number (PIN), or sometimes redundantly a PIN number or PIN code, is a numeric (sometimes alpha-numeric) passcode used in the process of authenticating a user accessing a system.
The PIN has been the key to facilitat ...
A
PIN
A pin is a device used for fastening objects or material together.
Pin or PIN may also refer to:
Computers and technology
* Personal identification number (PIN), to access a secured system
** PIN pad, a PIN entry device
* PIN, a former Dutch ...
is a four or six number code unique to the individual and is one of the most widely used authentication method for mobile phones at 78% of mobile phone users utilizing this function.
Four-digit PINs are mainly used by English users and six-digit PINs are used by users in Asia.
There are only 10 number options to choose from, and four-digit PINs have 10,000 different number combinations and six-digit PINs have 1,000,000. PINs are not only susceptible to smudge attacks but other attacks possible through direct observation like
shoulder-surfing attacks or just pure guessing like
brute-force attack
In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correc ...
s. They are also used heavily in
electronic transactions or for using
ATMs and other banking situations. If a PIN is shared or stolen, the device or machine cannot detect whether the user is the rightful owner since it only relies on if the correct number is inputted. In relation to smudge attacks, this allows attackers to easily steal information since there is no other way to authenticate the user for who they actually are.
Text-based passwords
''Main Article'':
Password
A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
s
Text-based passwords is a popular type of security measure that people use to lock their phones in an
alphanumeric
Alphanumericals or alphanumeric characters are a combination of alphabetical and numerical characters. More specifically, they are the collection of Latin letters and Arabic digits. An alphanumeric code is an identifier made of alphanumeric c ...
way. Users can use any combination of numbers, uppercase and lowercase letters, punctuation, and special characters to create their passwords. Touchscreen devices that use text-based passwords will contain fingerprint smudges in the location of corresponding numbers or letters on the alphanumeric keypad. Attackers can use this to perform the smudge attack. The downfall to text-based passwords is not only its vulnerability to smudge attacks but also the tendency of users to forget the password. This causes many users to use something that is easy to remember or to reuse multiple passwords across different platforms. These passwords fall under what is called a weak password subspace within the full password space and makes it easier for attackers to break in through
brute-force dictionary attacks.
An early study reviewed 3289 passwords, and 86% of them had some sort of structural similarity such as containing dictionary words and being short.
Draw-a-Secret (DAS)
''Main Article'':
Draw-a-Secret
Draw-a-Secret is a graphical authentication scheme that requires the users to draw lines or points on a two-dimensional grid. A successful authentication depends on if the user can exactly replicate the path drawn. Android Pattern Password is a version of Pass-Go that follows the concept of DAS.
Pass-Go
Pass-Go uses a grid so that there isn’t a need to store a graphical database and allows the user to draw a password as long as they want. Unlike DAS, the scheme relies on selecting the intersections on a grid instead of the cells on the screen, and users can also draw diagonal lines. Tao and Adam who proposed this method found that over their three month study, many people drew longer pattern passwords, which goes against the tendency to choose minimal and easy-to-remember passwords.
Android Pattern passwords
Android pattern lock is a graphical password method introduced by Google in 2008 where users create a pattern on a line-connecting 3x3 grid.
About 40% of Android users use pattern lock to secure their phones.
There are 389,112 possible patterns that the user can draw up. Each pattern must contain at least 4 points on the grid, use each contact point once, and cannot skip intermediate points between points unless it's been used earlier.
Touchscreen devices that use Android pattern lock will leave behind swipes that give away the right location and combination an attacker needs to unlock the phone as an unauthorized user. The security of Android pattern lock against smudge attacks was tested by researchers at the University of Pennsylvania, and from the swipes left behind from the drawn pattern, they were able to discern the code fully 68% of the time and partially 92% of the time under proper conditions.
Countermeasures
Physiological biometrics such as Android Face Unlock, iPhone
Touch ID
Touch ID is an electronic fingerprint recognition feature designed and released by Apple Inc. that allows users to unlock devices, make purchases in the various Apple digital media stores (iTunes Store, App Store, and Apple Books Store), and au ...
and
Face ID
Face ID is a facial recognition system designed and developed by Apple Inc. for the iPhone and iPad Pro. The system allows biometric authentication for unlocking a device, making payments, accessing sensitive data, providing detailed facial ex ...
, and Trusted Voice have been recently implemented in mobile devices as the main or alternative method of validation. There are also other novel ways that have potential to be a future security scheme but haven't been implemented yet into mainstream usage. Some of these ways avoid the requirement to input anything with their fingers and thus eliminating the ability for attackers to use smudges to determine the password lock.
Strong passwords
Although there are many countermeasures that help protect against smudge attacks, creating
secure passwords can be the first step to protecting a device. Some of the recommended steps are:
* Passwords should be at least 8 characters long. A longer password strays away from the weak password subspace and makes it harder for the attacker to interpret more fingerprint smudges
* Avoid using words in the dictionary as they can be more common and make the password weak.
* Change passwords frequently.
* Use randomly generated passwords. Random passwords prevent a user from selecting commonly used and easy-to-remember words that are easily susceptible to attacks.
* Avoid using the same password for every security authentication system. This prevents attackers from accessing other information if they happen to discover one of the passwords.
Although these are the recommended tips for stronger passwords, users can run out of strong password options they will remember and later forget the passcode after frequent changes. To avoid this, users tend to choose short, weaker passwords to make it more convenient and shorten the unlocking time.
Anti-fingerprint protection
Researchers have looked into anti-fingerprint properties that can allow people to keep their current password schemes and not worry about the leftover smudges. Surfaces that are able to repel the water and oils from the finger are called amphiphobic. Surfaces that have low
surface energy and surface transparency (low roughness) are typically anti-smudge due to their higher contact angles and low
molecular attraction
An intermolecular force (IMF) (or secondary force) is the force that mediates interaction between molecules, including the electromagnetic forces of attraction
or repulsion which act between atoms and other types of neighbouring particles, e.g. a ...
. Low molecular attraction means that there is little to no adhesion for the oil and water molecules to bind to the surface and leave behind a trace. However, achieving these properties while still functioning as a touchscreen is hard as the low surface energy alters the durability and functionality of the touchscreen itself.
With this research, various anti-smudge screen protectors have been put on the market such as Tech Armor's anti-glare and anti-fingerprint film screen protector and
ZAGG
Zagg (stylized in all-caps) is a company based in Midvale, Utah. It was originally called InvisibleShield. Under its subsidiaries, the company distributes phone and audio accessories.
History
In March 2005, InvisibleShield was created by P ...
's
InvisibleShield Premium Film and Glass Elite (
tempered glass
Tempered or toughened glass is a type of safety glass processed by controlled thermal or chemical treatments to increase its strength compared with normal glass. Tempering puts the outer surfaces into compression and the interior into tensi ...
) antimicrobial screen protectors. ZAGG markets its InvisibleShield as smudge resistant, glare resistant, and scratch proof. These phone accessories can range from 30 to 60 dollars.
There have also been various smartphones on the market that have been pitched as having an
oleophobic Lipophobicity, also sometimes called lipophobia (from the Greek λιποφοβία from λίπος ''lipos'' "fat" and φόβος ''phobos'' "fear"), is a chemical property of chemical compounds which means "fat rejection", literally "fear of fat". ...
coating, which resists oil to keep the touchscreen free from fingerprints. The oleophobic screen beads up any oil residuals, preventing them from sticking to the surface and making it easy to wipe finger residuals off without smearing. In July 2016, Blackberry released the
DTEK50
BlackBerry DTEK is an Android smartphone co-developed and distributed by BlackBerry Limited, and manufactured by TCL. DTEK comprises two models: DTEK50 which is a modified and rebranded variant of TCLs Alcatel Idol 4 (released 26 July 2016); an ...
smartphone with an oleophobic coating.
Other phone developers have used this for the touchscreens of their devices such as Apple's many generations of iPhones,
Nokia
Nokia Corporation (natively Nokia Oyj, referred to as Nokia) is a Finnish multinational telecommunications, information technology, and consumer electronics corporation, established in 1865. Nokia's main headquarters are in Espoo, Finland, i ...
, and
Lumia. and
HTC Hero
HTC Hero (marketed as T-Mobile G2 Touch by T-Mobile in the UK, Austria, Germany, Croatia, the Netherlands, Slovakia, and Hungary; and as Era G2 Touch in Poland) is the third phone manufactured by HTC running the Android platform, announced on Ju ...
.
Biometrics
Biometrics
Biometrics are body measurements and calculations related to human characteristics. Biometric authentication (or realistic authentication) is used in computer science as a form of identification and access control. It is also used to identify i ...
is a type of
authentication
Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicatin ...
that identifies a user based on their behavior or physical characteristics, such as
keystrokes
In programming and software design, an event is an action or occurrence recognized by software, often originating asynchronously from the external environment, that may be handled by the software. Computer events can be generated or triggered ...
,
gait, and
facial recognition rather than what one can recall or memorize.
A biometrics system takes the unique features from the individual and records them as a biometric template, and the information is compared with the current captured input to authenticate a user. Biometrics is categorized as either physiological or behavioral by the US
National Science and Technology Council’s Subcommittee (NSTC) on Biometrics.
This type of security can serve as a secondary protection to traditional password methods that are susceptible to smudge attacks on their own since it doesn't rely on entering a memorized number or pattern or recalling an image. Research conducted on biometric authentication found that a mix or hybrid of biometrics and traditional passwords or PINs can improve the security and usability of the original system.
One of the downsides to biometrics is mimicry attacks where the attackers mimic the user. This can increase the vulnerability of the device if attackers turn to methods that allow them to copy the victim’s behavior. Some of these methods include using a reality-based app that guide attackers when entering the victim’s phone or using transparent film with pointers and audio cues to mimic the victim’s behavior. Another vulnerability is that the biometric template can be leaked or stolen through hacking or other various means to unauthorized people.
A possible solution to any theft, leak, or mimicry are fingerprint template protection schemes as they make it difficult for attackers to access the information through
encryption
In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can de ...
and added techniques.
Physiological
Physiological biometrics authenticates a user based on their human characteristics. Measuring the characteristics unique to each individual creates a stable and mostly consistent mechanism to authenticate a person since these features do not change very quickly. Some examples of physiological biometric authentication methods are listed below.
*
Iris recognition
Iris recognition is an automated method of biometric identification that uses mathematical pattern-recognition techniques on video images of one or both of the irises of an individual's eyes, whose complex patterns are unique, stable, and can ...
*
Fingerprint recognition
*
Hand geometry
Hand geometry is a biometric that identifies users from the shape of their hands. Hand geometry readers measure a user's palm and fingers along many dimensions including length, width, deviation, and angle and compare those measurements to meas ...
*
Facial recognition
Behavioral
Behavioral biometrics authenticates a user based on the behavior, habits, and tendencies of the true user. Some examples include
voice recognition,
gait, hand-waving, and
keystroke dynamics
Keystroke dynamics, keystroke biometrics, typing dynamics and typing biometrics refer to the detailed timing information that describes when each key was pressed and released as a person is typing on a computer keyboard.
Science
The behavioura ...
.
The schemes listed below have been proposed to specifically protect from smudge attacks.
* ''Touch-Interaction'': Touch-interaction is a proposed way of authenticating a user based on their interactions with the touch screen such as tapping or sliding. There are two types: static that checks the user once and continuous that checks the user multiple times. The convenience of this method is that it doesn't require extra sensors and can check and monitor the user in the background without the help or attention of the user. Chao ''et al.'' describes the process in which the up, down, right, and left motions are checked in terms of the position of the finger, the length of the swipe, the angle, the time it takes, the velocity, acceleration, and finger pressure. In their conducted experiment, they tested on how usable and reliable the touch-based method is and found that all of the touch operations were stable and blocked unauthorized users with an expected error rate of 1.8%. However, there are still other factors like the smartphone type, the software, environment, familiarity of the phone, and physical state of the user that could create variability and thus a higher rate of error.
* ''BEAT'' : This specific unlocking method is called BEAT, which authenticates the behavior of the user or how they perform a gesture or signature. A
gesture is swiping or pinching the touch screen, and a
signature scheme requires the user to sign their name. This method is secure from smudge attacks and also does not need extra hardware. BEAT works by first asking the user to perform the action 15 to 20 times to create a model based on how they performed the action to use for authentication. The features identified are velocity magnitude, device acceleration, stroke time, inter-stroke time, stroke displacement magnitude, stroke displacement direction, and velocity direction.
Machine learning
Machine learning (ML) is a field of inquiry devoted to understanding and building methods that 'learn', that is, methods that leverage data to improve performance on some set of tasks. It is seen as a part of artificial intelligence.
Machine ...
techniques are then applied to determine whether the user is legitimate or not. An experiment was conducted using the BEAT method on Samsung smartphones and tablets and found that after collecting 15,009 gesture samples and 10,054 signature samples, the error rate of 3 gestures is 0.5% and about 0.52% for one signature.
SmudgeSafe
SmudgeSafe is another authentication method protected from smudge attacks that uses
2-dimension image transformations to rotate, flip, or scale the image at the login screen page. The user will draw a graphical password shaper created from the points on an image as usual, but the image will look different every time the user logs in. The changes done on the image are randomized, so previous login smudges do not give hints to attackers on what the input is. To ensure that the transformations applied will significantly change the locations of the password points, the area of these specific locations on the image is restricted. In a study comparing SmudgeSafe's graphical authentication method to lock patterns and PINs, SmudgeSafe performed the best with a mean of 0.51 passwords guessed per participant. The pattern lock had a mean of 3.50 and PINs had a mean of 1.10 passwords correctly guessed per participant.
TinyLock
TinyLock was proposed by Kwon et al.
and uses two grids; the top one is for the pressed cells for the confirmation process, and the bottom one is a drawing pad for the authentication process.
The top grid is used to notify the user by flickering and vibrating if the user is on the correct initial dot before they start drawing. The bottom half of the screen contains a tiny 3 x 3 grid used for drawing the secret password. The grid is much smaller in size compared to traditional pattern locks, which forces the user to draw in a confined space to squeeze all the smudges in a small area. This method mitigates smudge attacks because the smudges are all smushed together, and the users are required to draw a circular virtual wheel in either direction after drawing the pattern password. However, this method is not completely free from shoulder-surfing attacks.
Also, another drawback is the grid dots are hard to visualize due to the small size, which makes it difficult to draw complex patterns and unlock without error.
ClickPattern
ClickPattern uses a 3 x 3 grid labeled one through nine, and the user has to click on the nodes that correlate with the end of a drawn line to prevent swiping on the screen. Doing this creates smudges that are harder to distinguish from normal screen usage. If anything, the smudges created will reveal the nodes used but not the pattern, thus being more protected from smudge attacks than Android pattern lock. On the lock screen, ClickPattern consists of these three components:
* Grid 3 x 3
* Table numbered 1- 9
* Okay and Undo Button
The user is authenticated when the inputted pattern is the same as the original pattern and in the same exact order and direction. To create a valid pattern, the pattern must have at least 4 points and none of them can be used more than once. The pattern will also always contain dots in between a sequence, even though it does not necessarily need to be clicked. Users can also go through previously used dots to access an unused node.
Multi-touch authentication with Touch with Fingers Straight and Together (TSFT)
This multi-touch authentication uses geometric and behavioral characteristics to verify users on a touch screen device. According to Song ''et al''.,
this TFST gesture takes an average of 0.75 seconds to unlock, is very easy to use, and simple to follow. The user puts two to four fingers together in a straight position, decreasing the amount of surface compared to other multi-touch methods. With the fingers in this fixed hand posture, the user can choose to either trace a simple or complex pattern, and the screen will pick up the positions of the fingers and record each trace movement in the form of touch events. These touch events account for the X and Y-coordinates, the amount of pressure applied, the finger size, the timestamp, and the size of the touched area, and are compared to the template created during the registration process.
The physiological features or
hand geometry
Hand geometry is a biometric that identifies users from the shape of their hands. Hand geometry readers measure a user's palm and fingers along many dimensions including length, width, deviation, and angle and compare those measurements to meas ...
include a measurement between possible strokes from the performed gesture. Horizontal strokes track the finger length differences, and vertical strokes track the finger width. Since the user always places their fingers in a straight position, the measurements of the finger will stay the same and provide consistent verification. Lastly, there are behavioral features that are traced, specifically the length of the stroke, the time it takes, the velocity of the stroke, the tool or the area for each touch point in relation to finger size, the touch area size, the pressure applied, and the angle of the stroke. For one stroke, there are 13 behavioral features, and this increases to 26, 39, and 52 for up to four strokes.
Bend passwords
With new technology geared towards creating a
flexible display
A flexible display or rollable display is an electronic visual display which is flexible in nature, as opposed to the traditional flat screen displays used in most electronic devices. In recent years there has been a growing interest from nume ...
for smartphone devices, there are more opportunities to create novel authentication methods. Bend passwords are an original type of password authentication used for flexible screens. It involves different bend gestures that the users perform by twisting or disfiguring the display surface, and there are a total of 20 gestures currently available. The bending can be a part of a single gesture by individually bending one of the four corners of the display or part of a multi-bend gesture by simultaneously bending pairs of corners.
Fractal-Based Authentication Technique (FBAT)
A new proposed authentication method called Fractal-Based Authentication Technique (FBAT) uses
Sierpinski’s Triangle to authenticate users. This process combines recognition-based and cued recall-based authentication as the users have to recognize and click on their personal pre-selected color triangles as the level of triangles increases. For smartphones, the level of triangles is set at 3 due to the limited size of the touch screen, but it can increase for bigger tablets. At level 3, the probability that an attacker will guess the password is 0.13%. Recognition-based requires users to recognize pre-selected images and cued recall-based graphical requires users to click on pre-selected points on an image. In the Sierpinski triangle, a selected colored pattern is created during the registration and is hidden in the device. To authenticate themselves, a user must select the correct pattern in each level while the triangles randomly shuffle. Since the colored triangles are randomly generated, they can be found in different locations for every authentication, thus leaving smudges behind that do not give any clues to potential attackers. This technique can be used on Android devices, ATM machines, laptops, or any device that uses authentication to unlock.
2 x 2 and 1 x 2 Knock Code
Knock Code
The tap code, sometimes called the knock code, is a way to encode text messages on a letter-by-letter basis in a very simple way. The message is transmitted using a series of tap sounds, hence its name.
The tap code has been commonly used by pri ...
is authentication method introduced by
LG Electronics
LG Electronics Inc. () is a South Korean multinational electronics company headquartered in Yeouido-dong, Seoul, South Korea. LG Electronics is a part of LG Corporation, the fourth largest '' chaebol'' in South Korea, and often considered a ...
that allows users to unlock a phone without turning it on by tapping the correct area in the right sequence. The screen is split into four sections, with the vertical and horizontal lines changing.
There are two variations of Knock Code that have been proposed—the 2 x 2 and 1 x 2 knock code. These variations can protect against smudge attacks due to the sliding operations that erase the knocking at the end after the taps are inputted. In a user study that compared the original Knock Code and the Android Pattern Lock, these variation schemes were more resistance to smudge attacks.
* 2 x 2 knock code: The 2 x 2 knock code adds the sliding gesture which helps increase the amount of password combinations to about 4.5 billion ways or 53 thousand times bigger than the original Knock Code. This scheme uses four parts of the grid and aims to decrease the amount of gestures performed while still having a high level of security.
* 1 x 2 knock code: The 1 x 2 scheme also uses sliding operations but decreases the amount of areas to two that are side-to-side. Flexible area recognition, which is the algorithm used, doesn’t allow sliding operations in the same area for convenience, and the user only has to use their thumb to unlock the phone. The amount of passwords in the subspace is the exact same as the original Knock Code.
Future
There has been movement towards physiological biometric authentication in current smartphone security such as fingerprint and facial recognition that allow the user to replace their PINs and alphanumeric passcodes.
However, even new and advanced authentication methods have flaws and weaknesses that users can take advantage of. For example, in an examination of touch authentication, researchers observed similar swiping behavior and finger pressure in a large number of phone users, and this generic information can aid attackers in performing successful attacks.
Research on biometrics and multi-gesture authentication methods is continuing to help combat attacks on traditional passwords and eliminate the vulnerabilities of novel schemes as new trends and new technology are developed.
See also
*
Biometric Points
In order to identify a person, a security system has to compare personal characteristics with a database. A scan of a person's iris, fingerprint, face, or other distinguishing feature is created, and a series of biometric points are drawn at key lo ...
*
Keystroke dynamics
Keystroke dynamics, keystroke biometrics, typing dynamics and typing biometrics refer to the detailed timing information that describes when each key was pressed and released as a person is typing on a computer keyboard.
Science
The behavioura ...
*
Lock screen
A lock screen is a computer user interface element used by various operating systems. They regulate immediate access to a device by requiring the user to perform a certain action in order to receive access, such as entering a password, using a cert ...
*
Password Strength
Password strength is a measure of the effectiveness of a password against guessing or brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to gues ...
*
Mobile Security
Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business ...
*
Shoulder-surfing
*
Lipophobicity Lipophobicity, also sometimes called lipophobia (from the Greek λιποφοβία from λίπος ''lipos'' "fat" and φόβος ''phobos'' "fear"), is a chemical property of chemical compounds which means " fat rejection", literally "fear of fat ...
References
{{reflist
Computer security exploits