Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented by: Tom Staley. About Paper by Emiliano Miluzzo Alexander Varshavsky Suhrid Balakrishnan Romit Roy Choudhury Originally presented at MobiSys2012,

Published byKaliyah Speaks Modified over 9 years ago

Similar presentations

Presentation on theme: "Presented by: Tom Staley. About Paper by Emiliano Miluzzo Alexander Varshavsky Suhrid Balakrishnan Romit Roy Choudhury Originally presented at MobiSys2012,"— Presentation transcript:

1 Presented by: Tom Staley

2 About Paper by Emiliano Miluzzo Alexander Varshavsky Suhrid Balakrishnan Romit Roy Choudhury Originally presented at MobiSys2012, June 27, 2012

3 Introduction Determining location of screen taps using accelerometer and gyroscopes Could lead to attackers using this info to track inputs “TapPrints- a framework for inferring location of taps on mobile devices”

4 Current State of Sensors Mobile sensors becoming more powerful Many types of data: patient monitoring, localization, context-awareness, etc. Rumored that insurance companies are trying to use dietary patterns to determine cost and coverage of policies

5 Using Gyroscopes

6 TapPrints Implemented on Google Nexus S, Apple iPhone 4, Samsung Galaxy Tab 10.1 Over 40,000 taps collected from 10 users over 4 weeks 80-90% accuracy, enough to guess a password

7 How Data Could be Used Attackers can improve odds by: Applying a spellchecker to guess unknown words Narrowing search to email addresses in contact list if the email application is running Data can be protected by: Using a rubber case to absorb motions Switching to swiping-based keyboards

8 Is this a Threat? Attacks could be disguised as any app available on the market Only sensor that requires permission is location Accelerometer and gyroscope largely ignored due to gaming

9 How to Differentiate Taps

10 Recognizing Taps TapPrints has to be trained to recognize taps Different methods: k-Nearest Neighbor Multinomial Logistic Regression Support Vector Machines Random Forests Bagged Decision Trees Combine all methods at end to get best results

11 Collecting Data Used four methods: Icon Taps Sequential Letters Pangrams Repeated Pangrams

12 Icon Taps Averages: iPhone- 78.7% Nexus- 67.1% Random guess is only 5%

13 Repetitions Stabilizes at 20 taps/icon 70% accuracy reached at 12 taps Attackers could disguise as a game Could also pre-train to recognize other users’ taps

14 Letter Tapping Harder than icon taps because letters are smaller and have less separation Average prediction is 65.11% after training using pangrams Random guess is only 3.8%

15 Letter Confusion Mostly limited to surrounding letters Could be used in a dictionary search to guess words Some letters better than others, e.g. E vs. W

16 Example of Pangram

17 Sequential Letters

18 Letter Repetition More repetitions required because of smaller areas 150 taps to reach 50%

19 Sensor Efficacy

20 Possible Solutions Pause sensors when typing Agreements with developers to hold them accountable Have users grant permission to use sensors Rubber cases to absorb motion Swiping-based keyboards

21 Conclusion Attackers can use software to track user input TapPrints is just an early implementation In future, software will be much more powerful

22 Bibliography Miluzzo, Emiliano, Alexander Varshavsky, Suhrid Balakrishnan, and Romit Roy Choudhury. "Tapprints: Your Finger Taps Have Fingerprints." MobiSys '12 Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services. MobiSys 2012, United Kingdom, Low Wood Bay, Lake District. New York: ACM, 2012. 323-36. Print.

Download ppt "Presented by: Tom Staley. About Paper by Emiliano Miluzzo Alexander Varshavsky Suhrid Balakrishnan Romit Roy Choudhury Originally presented at MobiSys2012,"

Similar presentations

Security for Mobile Devices

Security for Mobile Devices
Setting Up and Using Your GENCom Mobile Client for iPad

Setting Up and Using Your GENCom Mobile Client for iPad
You Sale Distribution & Monitoring Product. It’s Only One Step … Take it Agenda  Introduction to Mass Distribution Environment  System Overview  System.

You Sale Distribution & Monitoring Product. It’s Only One Step … Take it Agenda  Introduction to Mass Distribution Environment  System Overview  System.
Data Mining Classification: Alternative Techniques

Data Mining Classification: Alternative Techniques
6218 Mobile Devices- Are They Secure Enough for our Patient's Data? Presented By Aaron Hendriks, CISSP Other: Employee of University Health Network, Toronto,

6218 Mobile Devices- Are They Secure Enough for our Patient's Data? Presented By Aaron Hendriks, CISSP Other: Employee of University Health Network, Toronto,
The purpose of this PowerPoint presentation, is to help the user make the connection between a SmartPhone (iPhone or Droid) and software games written.

The purpose of this PowerPoint presentation, is to help the user make the connection between a SmartPhone (iPhone or Droid) and software games written.
Single-stroke Language-Agnostic Keylogging using Stereo-Microphones and Domain Specific Machine Learning Sashank Narain Amirali Sanatinia Guevara.

Single-stroke Language-Agnostic Keylogging using Stereo-Microphones and Domain Specific Machine Learning Sashank Narain Amirali Sanatinia Guevara.
Tom Parker Project Manager Identity Management Team IT Security Group.

Tom Parker Project Manager Identity Management Team IT Security Group.
PAYware Mobile Android Comparison June 2011. Discussion Topics Obtaining the App PAYware Mobile App.

PAYware Mobile Android Comparison June Discussion Topics Obtaining the App PAYware Mobile App.
IPhone vs. the Ocean vs. Upstage vs.… CTIA Wireless 2007: iPhone casts shadow over competition.

IPhone vs. the Ocean vs. Upstage vs.… CTIA Wireless 2007: iPhone casts shadow over competition.
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
EMAIL SPAM DETECTION USING MACHINE LEARNING Lydia Song, Lauren Steimle, Xiaoxiao Xu.

SPAM DETECTION USING MACHINE LEARNING Lydia Song, Lauren Steimle, Xiaoxiao Xu.
 The Weka The Weka is an well known bird of New Zealand..  W(aikato) E(nvironment) for K(nowlegde) A(nalysis)  Developed by the University of Waikato.

 The Weka The Weka is an well known bird of New Zealand..  W(aikato) E(nvironment) for K(nowlegde) A(nalysis)  Developed by the University of Waikato.
Presented by: Z.G. Huang May 04, 2011 Did You See Bob? Human Localization using Mobile Phones Romit Roy Choudhury Duke University Durham, NC, USA Ionut.

Presented by: Z.G. Huang May 04, 2011 Did You See Bob? Human Localization using Mobile Phones Romit Roy Choudhury Duke University Durham, NC, USA Ionut.
Introduction Our Topic: Mobile Security Why is mobile security important?

Introduction Our Topic: Mobile Security Why is mobile security important?
Signatures As Threats to Privacy Brian Neil Levine Assistant Professor Dept. of Computer Science UMass Amherst.

Signatures As Threats to Privacy Brian Neil Levine Assistant Professor Dept. of Computer Science UMass Amherst.
A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.

A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.
Shu Chen,Yan Huang Department of Computer Science & Engineering University of North Texas Denton, TX 76207, USA Recognizing Human Activities from Multi-Modal.

Shu Chen,Yan Huang Department of Computer Science & Engineering University of North Texas Denton, TX 76207, USA Recognizing Human Activities from Multi-Modal.
July 25, 2010 SensorKDD 2010 1 Activity Recognition Using Cell Phone Accelerometers Jennifer Kwapisz, Gary Weiss, Samuel Moore Department of Computer &

July 25, 2010 SensorKDD Activity Recognition Using Cell Phone Accelerometers Jennifer Kwapisz, Gary Weiss, Samuel Moore Department of Computer &
ANALYTICS BUSINESS INTELLIGENCE SOFTWARE STATISTICS Kreara Solutions | 9 years | 60 members | ISO 9001:2008.

ANALYTICS BUSINESS INTELLIGENCE SOFTWARE STATISTICS Kreara Solutions | 9 years | 60 members | ISO 9001:2008.

Similar presentations

Ads by Google