TY - GEN
T1 - Boosting the guessing attack performance on android lock patterns with smudge attacks
AU - Cha, Seunghun
AU - Kwag, Sungsu
AU - Kim, Hyoungshick
AU - Huh, Jun Ho
N1 - Publisher Copyright:
© 2017 ACM.
PY - 2017/4/2
Y1 - 2017/4/2
N2 - Android allows 20 consecutive fail attempts on unlocking a device. This makes it difficult for pure guessing attacks to crack user patterns on a stolen device before it permanently locks itself. We investigate the effectiveness of combining Markov modelbased guessing attacks with smudge attacks on unlocking Android devices within 20 attempts. Detected smudges are used to precompute all the possible segments and patterns, significantly reducing the pattern space that needs to be brute-forced. Our Markovmodel was trained using 70% of a real-world pattern dataset that consists of 312 patterns. We recruited 12 participants to draw the remaining 30% on Samsung Galaxy S4, and used smudges they left behind to analyze the performance of the combined attack. Our results show that this combined method can significantly improve the performance of pure guessing attacks, cracking 74.17% of patterns compared to just 13.33% when the Markov model-based guessing attack was performed alone-those results were collected from a naive usage scenario where the participants were merely asked to unlock a given device. Even under a more complex scenario that asked the participants to use the Facebook app for a few minutes-obscuring smudges were added as a result-our combined attack, at 31.94%, still outperformed the pure guessing attack at 13.33%. Obscuring smudges can significantly affect the performance of smudge-based attacks. Based on this finding, we recommend that a mitigation technique should be designed to help users add obscurity, e.g., by asking users to draw a second random pattern upon unlocking a device.
AB - Android allows 20 consecutive fail attempts on unlocking a device. This makes it difficult for pure guessing attacks to crack user patterns on a stolen device before it permanently locks itself. We investigate the effectiveness of combining Markov modelbased guessing attacks with smudge attacks on unlocking Android devices within 20 attempts. Detected smudges are used to precompute all the possible segments and patterns, significantly reducing the pattern space that needs to be brute-forced. Our Markovmodel was trained using 70% of a real-world pattern dataset that consists of 312 patterns. We recruited 12 participants to draw the remaining 30% on Samsung Galaxy S4, and used smudges they left behind to analyze the performance of the combined attack. Our results show that this combined method can significantly improve the performance of pure guessing attacks, cracking 74.17% of patterns compared to just 13.33% when the Markov model-based guessing attack was performed alone-those results were collected from a naive usage scenario where the participants were merely asked to unlock a given device. Even under a more complex scenario that asked the participants to use the Facebook app for a few minutes-obscuring smudges were added as a result-our combined attack, at 31.94%, still outperformed the pure guessing attack at 13.33%. Obscuring smudges can significantly affect the performance of smudge-based attacks. Based on this finding, we recommend that a mitigation technique should be designed to help users add obscurity, e.g., by asking users to draw a second random pattern upon unlocking a device.
KW - Guessing attack
KW - Pattern lock
KW - Smudge attack
UR - https://www.scopus.com/pages/publications/85021885050
U2 - 10.1145/3052973.3052989
DO - 10.1145/3052973.3052989
M3 - Conference contribution
AN - SCOPUS:85021885050
T3 - ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security
SP - 313
EP - 326
BT - ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security
PB - Association for Computing Machinery, Inc
T2 - 2017 ACM Asia Conference on Computer and Communications Security, ASIA CCS 2017
Y2 - 2 April 2017 through 6 April 2017
ER -