IvoriWatch: Exploring Transparent Integrity Verification of Remote User Input Leveraging Wearables

Annual Computer Security Applications Conference Pub Date : 2020-12-07 DOI:10.1145/3427228.3427279

Prakash Shrestha, Zengrui Liu, Nitesh Saxena

{"title":"IvoriWatch: Exploring Transparent Integrity Verification of Remote User Input Leveraging Wearables","authors":"Prakash Shrestha, Zengrui Liu, Nitesh Saxena","doi":"10.1145/3427228.3427279","DOIUrl":null,"url":null,"abstract":"Several sensitive operations, such as financial transactions, email construction, configurations of safety-critical devices (e.g., medical devices or smart home systems), are often performed via web interfaces from a host machine, usually a desktop or laptop PC. It is typically easy to secure the communication link between the local host machine and the remote server, for example, via a standard cryptographic protocol (e.g., TLS). However, if the host machine itself is compromised with a trojan or malware, the malicious adversary can manipulate the user-provided input (e.g., money transfer information, email content and configuration data) that can lead to severe consequences, including financial loss, damage of reputation, security breach, and even put human lives in danger. In this paper, we introduce the notion of integrity verification for the user-provided input leveraging a wrist-worn wearable device (e.g., a watch or a bracelet). Specifically, we propose IvoriWatch1, a transparent and secure integrity verification mechanism, that inspects the user-provided input from a compromised host machine to a remote server for its integrity before acting upon the input. IvoriWatch requires the user to wear a wrist-wearable (either on one hand or both hands for better security). It verifies the validity of the payload/input received at the remote server by comparing it (i.e., the corresponding sequence of keyboard regions – left or right) with the predicted ones based on the wrist motions captured by the wrist-wearable. Only when the user input sufficiently correlates with the wrist motion data, the input is considered legitimate. We build a prototype implementation of IvoriWatch on an Android smartwatch as the wrist-wearable and a desktop PC terminal as a host machine, and evaluate it under benign and adversarial settings. Our results suggest that IvoriWatch can correctly detect the legitimacy of the input in the benign setting, and the manipulated as well as unintended input from a malicious program in the adversarial settings with minimal errors. Although IvoriWatch uses wrist movements for integrity verification, it is not a biometric scheme.","PeriodicalId":175869,"journal":{"name":"Annual Computer Security Applications Conference","volume":"64 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Annual Computer Security Applications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3427228.3427279","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Several sensitive operations, such as financial transactions, email construction, configurations of safety-critical devices (e.g., medical devices or smart home systems), are often performed via web interfaces from a host machine, usually a desktop or laptop PC. It is typically easy to secure the communication link between the local host machine and the remote server, for example, via a standard cryptographic protocol (e.g., TLS). However, if the host machine itself is compromised with a trojan or malware, the malicious adversary can manipulate the user-provided input (e.g., money transfer information, email content and configuration data) that can lead to severe consequences, including financial loss, damage of reputation, security breach, and even put human lives in danger. In this paper, we introduce the notion of integrity verification for the user-provided input leveraging a wrist-worn wearable device (e.g., a watch or a bracelet). Specifically, we propose IvoriWatch1, a transparent and secure integrity verification mechanism, that inspects the user-provided input from a compromised host machine to a remote server for its integrity before acting upon the input. IvoriWatch requires the user to wear a wrist-wearable (either on one hand or both hands for better security). It verifies the validity of the payload/input received at the remote server by comparing it (i.e., the corresponding sequence of keyboard regions – left or right) with the predicted ones based on the wrist motions captured by the wrist-wearable. Only when the user input sufficiently correlates with the wrist motion data, the input is considered legitimate. We build a prototype implementation of IvoriWatch on an Android smartwatch as the wrist-wearable and a desktop PC terminal as a host machine, and evaluate it under benign and adversarial settings. Our results suggest that IvoriWatch can correctly detect the legitimacy of the input in the benign setting, and the manipulated as well as unintended input from a malicious program in the adversarial settings with minimal errors. Although IvoriWatch uses wrist movements for integrity verification, it is not a biometric scheme.

查看原文本刊更多论文

IvoriWatch:利用可穿戴设备探索远程用户输入的透明完整性验证

一些敏感操作，如金融交易、电子邮件构建、安全关键设备(如医疗设备或智能家居系统)的配置，通常通过主机(通常是台式机或笔记本电脑)的web界面执行。通常很容易保护本地主机和远程服务器之间的通信链接，例如，通过标准加密协议(例如，TLS)。然而，如果主机本身受到木马或恶意软件的攻击，恶意攻击者可以操纵用户提供的输入(例如，汇款信息、电子邮件内容和配置数据)，这可能导致严重的后果，包括经济损失、声誉损害、安全漏洞，甚至危及人类生命。在本文中，我们引入了利用腕部可穿戴设备(例如手表或手镯)对用户提供的输入进行完整性验证的概念。具体来说，我们提出了IvoriWatch1，这是一种透明和安全的完整性验证机制，在对输入采取行动之前，它会检查从受损主机到远程服务器的用户提供的输入的完整性。IvoriWatch要求用户佩戴手腕可穿戴设备(可以单手佩戴，也可以双手佩戴，以提高安全性)。它通过比较远程服务器接收到的有效载荷/输入的有效性(即，键盘区域的相应序列-左或右)与基于手腕可穿戴设备捕获的手腕运动的预测序列。只有当用户输入与手腕运动数据充分相关时，输入才被认为是合法的。我们在Android智能手表作为腕带，桌面PC终端作为主机上构建了IvoriWatch的原型实现，并在良性和敌对设置下对其进行了评估。我们的研究结果表明，IvoriWatch可以在良性设置中正确检测输入的合法性，并在对抗设置中以最小的错误正确检测恶意程序的操纵和意外输入。尽管IvoriWatch使用手腕运动来验证完整性，但它不是一个生物识别方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Annual Computer Security Applications Conference

自引率

0.00%

发文量