What You See is Not What You Get: Leakage-Resilient Password Entry Schemes for Smart Glasses

Yan Li, Yao Cheng, Yingjiu Li, R. Deng
{"title":"What You See is Not What You Get: Leakage-Resilient Password Entry Schemes for Smart Glasses","authors":"Yan Li, Yao Cheng, Yingjiu Li, R. Deng","doi":"10.1145/3052973.3053042","DOIUrl":null,"url":null,"abstract":"Smart glasses are becoming popular for users to access various services such as email. To protect these services, password-based user authentication is widely used. Unfortunately, the password-based user authentication has inherent vulnerability against password leakage. Many efforts have been put on designing leakage-resilient password entry schemes on PCs and mobile phones with traditional input equipment including keyboards and touch screens. However, such traditional input equipment is not available on smart glasses. Existing password entry on smart glasses relies on additional PCs or mobile devices. Such solutions force users to switch between different systems, which causes interrupted experience and may lower the practicability and usability of smart glasses. In this paper, we propose a series of leakage-resilient password entry schemes on stand-alone smart glasses, which are gTapper, gRotator, and gTalker. These schemes ensure no leakage in password entry by breaking the correlation between the underlying password and the interaction observable to adversaries. They are practical in the sense that they only require a touch pad, a gyroscope, and a microphone which are commonly available on smart glasses. The usability of the proposed schemes is evaluated by user study under various test conditions which are common in users' daily usage. The results of our user study reveal that the proposed schemes are easy-to-use so that users enter their passwords within moderate time, at high accuracy, and in various situations.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3052973.3053042","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4

Abstract

Smart glasses are becoming popular for users to access various services such as email. To protect these services, password-based user authentication is widely used. Unfortunately, the password-based user authentication has inherent vulnerability against password leakage. Many efforts have been put on designing leakage-resilient password entry schemes on PCs and mobile phones with traditional input equipment including keyboards and touch screens. However, such traditional input equipment is not available on smart glasses. Existing password entry on smart glasses relies on additional PCs or mobile devices. Such solutions force users to switch between different systems, which causes interrupted experience and may lower the practicability and usability of smart glasses. In this paper, we propose a series of leakage-resilient password entry schemes on stand-alone smart glasses, which are gTapper, gRotator, and gTalker. These schemes ensure no leakage in password entry by breaking the correlation between the underlying password and the interaction observable to adversaries. They are practical in the sense that they only require a touch pad, a gyroscope, and a microphone which are commonly available on smart glasses. The usability of the proposed schemes is evaluated by user study under various test conditions which are common in users' daily usage. The results of our user study reveal that the proposed schemes are easy-to-use so that users enter their passwords within moderate time, at high accuracy, and in various situations.
你所看到的不是你得到的:智能眼镜的防泄漏密码输入方案
智能眼镜正变得越来越流行,用户可以使用各种服务,如电子邮件。为了保护这些服务,基于密码的用户身份验证被广泛使用。不幸的是,基于密码的用户身份验证存在密码泄露的固有漏洞。很多人都在努力为pc和手机设计防泄漏密码输入方案,这些设备包括键盘和触摸屏等传统输入设备。然而,这种传统的输入设备在智能眼镜上是不可用的。智能眼镜上现有的密码输入依赖于额外的pc或移动设备。这样的解决方案迫使用户在不同的系统之间切换,导致体验中断,可能降低智能眼镜的实用性和可用性。在本文中,我们提出了一系列独立智能眼镜上的防泄漏密码输入方案,它们是gTapper, gRotator和gTalker。这些方案通过打破底层密码与攻击者可观察到的交互之间的相关性来确保密码输入不泄露。它们在某种意义上是实用的,因为它们只需要一个触摸板、一个陀螺仪和一个智能眼镜上常见的麦克风。在用户日常使用中常见的各种测试条件下,通过用户研究来评估所提出方案的可用性。我们的用户研究结果表明,所提出的方案易于使用,因此用户可以在适当的时间内以高精度输入密码,并且可以在各种情况下输入密码。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信