An adversary may use this lack of user-awareness to target specific user-demographics for successfully carrying out such attacks. The problem is that, unlike traditional security and privacy risks that are typically associated with personal computers, most users may not be aware of these novel risks associated with mobile devices. For instance, several recent research efforts have shown that motion sensors such as accelerometer and gyroscope on-board these mobile and wearable devices can be maliciously used to infer private information from users' keystrokes (e.g., PINs and passwords). However, these mobile devices bring forth new and additional forms of security and privacy risks, which were non-existent in traditional personal computers. Smart phones and wearable devices have replaced personal computers and desktops as the primary platform for accessing online applications and services. As the participants' primary task was to type the number sequences correctly, and not to type as fast as possible, it may be concluded that the task completion time was traded off for higher accuracy by the Nonetheless, mean accuracies in all five randomization strategies are above 95% for both default and randomized keypads, with mean difference less than 1% compared to the default keypads. However, the null hypothesis is rejected in case of natural typing, which means the typing accuracy may be lower on the randomized keypads. In two-tailed paired sample t-test, the combined mean increase in time taken by participants to type a key are d ♝T = +168.3 ms and d µN T = +125.8 ms, with p 0.05 for dictated typing, the null hypothesis is marginally accepted. The privacy-usability trade-off of different randomized keypad strategies is then analyzed by empirically comparing their ease-of-usage and security assurance.Īverage time taken per key typed in Natural Typing. This paper accomplishes this goal by comprehensively studying the usability of randomized keypads that employ varying degrees of randomization in terms of key size, sequence and position. However, before proposing unconventional changes to the widely used and highly familiar default keypads, a comprehensive usability evaluation is required. Thus, an effective protection strategy against such keystroke inference attacks would be to randomly change the layout of the target keypad. One common assumption in these attacks is that the adversary has knowledge of the size and layout of the keypad employed by the target user, which is reasonable as keypad layouts and sizes are generally standard. The feasibility of malicious keystroke inference attacks on mobile device keypads has been demonstrated by multiple recent research efforts, but very little has been accomplished in the direction of protection against such attacks.
0 kommentar(er)
