research-article

Public Access

Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN

Authors:

Bo LiuAuthors Info & Claims

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

Pages 189 - 200

https://doi.org/10.1145/2897845.2897847

Published: 30 May 2016 Publication History

Abstract

The proliferation of wearable devices, e.g., smartwatches and activity trackers, with embedded sensors has already shown its great potential on monitoring and inferring human daily activities. This paper reveals a serious security breach of wearable devices in the context of divulging secret information (i.e., key entries) while people accessing key-based security systems. Existing methods of obtaining such secret information relies on installations of dedicated hardware (e.g., video camera or fake keypad), or training with labeled data from body sensors, which restrict use cases in practical adversary scenarios. In this work, we show that a wearable device can be exploited to discriminate mm-level distances and directions of the user's fine-grained hand movements, which enable attackers to reproduce the trajectories of the user's hand and further to recover the secret key entries. In particular, our system confirms the possibility of using embedded sensors in wearable devices, i.e., accelerometers, gyroscopes, and magnetometers, to derive the moving distance of the user's hand between consecutive key entries regardless of the pose of the hand. Our Backward PIN-Sequence Inference algorithm exploits the inherent physical constraints between key entries to infer the complete user key entry sequence. Extensive experiments are conducted with over 5000 key entry traces collected from 20 adults for key-based security systems (i.e. ATM keypads and regular keyboards) through testing on different kinds of wearables. Results demonstrate that such a technique can achieve 80% accuracy with only one try and more than 90% accuracy with three tries, which to our knowledge, is the first technique that reveals personal PINs leveraging wearable devices without the need for labeled training data and contextual information.

References

[1]

All about skimmers. http://krebsonsecurity.com/all-about-skimmers/.

[2]

Is it acceptable to wear a watch on the right wrist? http://www.askandyaboutclothes.com/forum/showthread.php? 116570-Is-it-acceptable-to-wear-a-watch-on-the-right-wrist.

[3]

Malicious cloned games attack google android market. naked security:. http://nakedsecurity.sophos.com/2011/12/12/ malicious-cloned-games-attack-google-android-market/.

[4]

Wearable device shipments predicted to surge 173% this year. http://www.cnet.com/news/shipments-of-wearable-device-to-surge-173-this-year/.

[5]

Why wear a watch on the wrist where you're hand dominant. http://www.reddit.com/r/Watches/comments/1wzub5/question_why_wear_a_watch_on_the_wrist_where/.

[6]

D. Balzarotti, M. Cova, and G. Vigna. Clearshot: Eavesdropping on keyboard input from video. In IEEE S&P, pages 170--183, 2008.

Digital Library

[7]

Y. Berger, A. Wool, and A. Yeredor. Dictionary attacks using keyboard acoustic emanations. In ACM CCS, pages 245--254, 2006.

Digital Library

[8]

J. Liu, Y. Wang, k. Kar, Y. Chen, J. Yang, and M. Gruteser. Snooping keystrokes with mm-level audio ranging on a single phone. In ACM Mobicom, 2015.

Digital Library

[9]

L. Liu and et al. Toward detection of unsafe driving with wearables. In ACM WearSys, pages 27--32, 2015.

Digital Library

[10]

X. Liu, Z. Zhou, W. Diao, Z. Li, and K. Zhang. When good becomes evil: Keystroke inference with smartwatch. In ACM CCS, pages 1273--1285, 2015.

Digital Library

[11]

F. Maggi, A. Volpatto, S. Gasparini, G. Boracchi, and S. Zanero. A fast eavesdropping attack against touchscreens. In IEEE IAS, pages 320--325, 2011.

[12]

P. Marquardt, A. Verma, H. Carter, and P. Traynor. (sp)iphone: decoding vibrations from nearby keyboards using mobile phone accelerometers. In ACM CCS, pages 551--562, 2011.

Digital Library

[13]

E. Miluzzo, A. Varshavsky, S. Balakrishnan, and R. R. Choudhury. Tapprints: your finger taps have fingerprints. In ACM MobiSys, pages 323--336, 2012.

Digital Library

[14]

A. Parate and et al. RisQ: recognizing smoking gestures with inertial sensors on a wristband. In ACM MobiSys, pages 149--161, 2014.

Digital Library

[15]

Y. Ren, Y. Chen, M. C. Chuah, and J. Yang. User verification leveraging gait recognition for smartphone enabled mobile healthcare systems. IEEE Transactions on Mobile Computing, 2014.

[16]

M. Ryan. Bluetooth: With low energy comes low security. In USENIX WOOT, pages 4--4, 2013.

Digital Library

[17]

M. Sherman and et al. User-generated free-form gestures for authentication: Security and memorability. In ACM Mobisys, pages 176--189, 2014.

Digital Library

[18]

D. Shukla, R. Kumar, A. Serwadda, and V. V. Phoha. Beware, your hands reveal your secrets! In ACM CCS, pages 904--917, 2014.

Digital Library

[19]

D. Spill and A. Bittau. Bluesniff: Eve meets alice and bluetooth. In USENIX WOOT, pages 5:1--5:10, 2007.

Digital Library

[20]

H. Wang, T. T.-T. Lai, and R. Roy Choudhury. Mole: Motion leaks through smartwatch sensors. In ACM MobiCom, pages 155--166, 2015.

Digital Library

[21]

J. Wang, K. Zhao, X. Zhang, and C. Peng. Ubiquitous keyboard for small mobile devices: Harnessing multipath fading for fine-grained keystroke localization. In ACM Mobysis, pages 14--27, 2014.

Digital Library

[22]

Z. Xu, K. Bai, and S. Zhu. Taplogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors. In ACM WISEC, pages 113--124, 2012.

Digital Library

[23]

T. Zhu, Q. Ma, S. Zhang, and Y. Liu. Context-free attacks using keyboard acoustic emanations. In ACM CCS, pages 453--464, 2014.

Digital Library

Cited By

Dai HChen YDu YWang LShao ZLiu HRen YYu JLiu B(2024)ArmSpy++: Enhanced PIN Inference through Video-based Fine-grained Arm Posture AnalysisACM Transactions on Privacy and Security10.1145/3696418Online publication date: 23-Sep-2024
https://dl.acm.org/doi/10.1145/3696418
Yao QLiu YSun XDong XJi XMa JLuo BLiao XXu JKirda ELie D(2024)Watch the Rhythm: Breaking Privacy with Accelerometer at the Extremely-Low Sampling Rate of 5HzProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690370(1776-1790)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690370
Su YLi YCao Z(2024)Gait-Based Privacy Protection for Smart Wearable DevicesIEEE Internet of Things Journal10.1109/JIOT.2023.329665011:2(3497-3509)Online publication date: 15-Jan-2024
https://doi.org/10.1109/JIOT.2023.3296650
Show More Cited By

Index Terms

Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN
1. Human-centered computing
  1. Ubiquitous and mobile computing
    1. Ubiquitous and mobile computing design and evaluation methods
    2. Ubiquitous and mobile devices
2. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Privacy protections
  2. Security services
    1. Authentication

Recommendations

Digital Friend-or-Foe Authentication
Abstract
The paper proposes a protocol of a multiple-time, two-round digital friend-or-foe authentication for a group of users. The protocol is based on the following scheme: in each authentication session, group members sign individual w-blocks of a ...
Viewpoint Integration for Hand-Based Recognition of Social Interactions from a First-Person View
ICMI '15: Proceedings of the 2015 ACM on International Conference on Multimodal Interaction

Wearable devices are becoming part of everyday life, from first-person cameras (GoPro, Google Glass), to smart watches (Apple Watch), to activity trackers (FitBit). These devices are often equipped with advanced sensors that gather data about the wearer ...
Quantifying Temporal Privacy Leakage in Continuous Event Data Publishing
Cooperative Information Systems
Abstract
Process mining employs event data extracted from different types of information systems to discover and analyze actual processes. Event data often contain highly sensitive information about the people who carry out activities or the people for ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

May 2016

958 pages

ISBN:9781450342339

DOI:10.1145/2897845

General Chair:
Xiaofeng Chen
Xidian University, China
,
Program Chairs:
XiaoFeng Wang
Indiana University at Bloomington, USA
,
Xinyi Huang
Fujian Normal University, China

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 May 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

ASIA CCS '16

Sponsor:

SIGSAC

ASIA CCS '16: ACM Asia Conference on Computer and Communications Security

May 30 - June 3, 2016

Xi'an, China

Acceptance Rates

ASIA CCS '16 Paper Acceptance Rate 73 of 350 submissions, 21%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

85
Total Citations
View Citations
2,394
Total Downloads

Downloads (Last 12 months)231
Downloads (Last 6 weeks)24

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Dai HChen YDu YWang LShao ZLiu HRen YYu JLiu B(2024)ArmSpy++: Enhanced PIN Inference through Video-based Fine-grained Arm Posture AnalysisACM Transactions on Privacy and Security10.1145/3696418Online publication date: 23-Sep-2024
https://dl.acm.org/doi/10.1145/3696418
Yao QLiu YSun XDong XJi XMa JLuo BLiao XXu JKirda ELie D(2024)Watch the Rhythm: Breaking Privacy with Accelerometer at the Extremely-Low Sampling Rate of 5HzProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690370(1776-1790)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690370
Su YLi YCao Z(2024)Gait-Based Privacy Protection for Smart Wearable DevicesIEEE Internet of Things Journal10.1109/JIOT.2023.329665011:2(3497-3509)Online publication date: 15-Jan-2024
https://doi.org/10.1109/JIOT.2023.3296650
Huang SSu YLiu HDai HLiu B(2024)Heart of Betrayal: A PIN Inference Attack Leveraging Photoplethysmography on Wearables2024 27th International Conference on Computer Supported Cooperative Work in Design (CSCWD)10.1109/CSCWD61410.2024.10579997(2571-2576)Online publication date: 8-May-2024
https://doi.org/10.1109/CSCWD61410.2024.10579997
Mansoor KAfzal MIqbal WAbbas Y(2024)Securing the future: exploring post-quantum cryptography for authentication and user privacy in IoT devicesCluster Computing10.1007/s10586-024-04799-428:2Online publication date: 26-Nov-2024
https://doi.org/10.1007/s10586-024-04799-4
Slocum CZhang YAbu-Ghazaleh NChen JCalandrino JTroncoso C(2023)Going through the motionsProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620247(159-174)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620247
Lin FGao MZhang LLi YXu WHan JXu XXu WRen K(2023)Mobile Communication Among COTS IoT Devices via a Resonant Gyroscope With UltrasoundIEEE/ACM Transactions on Networking10.1109/TNET.2022.320515131:3(1026-1041)Online publication date: Jun-2023
https://doi.org/10.1109/TNET.2022.3205151
Xiao ZChen TLiu YLi JLi Z(2023)Keystroke Recognition With the Tapping Sound Recorded by Mobile Phone MicrophonesIEEE Transactions on Mobile Computing10.1109/TMC.2021.313722922:6(3407-3424)Online publication date: 1-Jun-2023
https://doi.org/10.1109/TMC.2021.3137229
Gao MLiu YChen YLi YBa ZXu XHan JRen K(2023)Device-Independent Smartphone Eavesdropping Jointly Using Accelerometer and GyroscopeIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.319313020:4(3144-3157)Online publication date: 1-Jul-2023
https://doi.org/10.1109/TDSC.2022.3193130
Nerini MFavarelli EChiani M(2023)Machine Learning for PIN Side-Channel Attacks Based on Smartphone Motion SensorsIEEE Access10.1109/ACCESS.2023.325328811(23008-23018)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3253288
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents