Publikationen
Ausgewählte Publikationen
Hier finden Sie ausgewählte Publikationen aus den letzten Jahren. Eine ausführliche Liste der Publikationen finden Sie auf der Google Scholar oder DBLP Seite von Stefan Schneegaß.
Art der Publikation: Beitrag in Sammelwerk
Stay Cool! Understanding Thermal Attacks on Mobile-based User Authentication
- Autor(en):
- Alt, Florian
- Titel des Sammelbands:
- Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (CHI '17)
- Seiten:
- 3751-3763
- Verlag:
- ACM
- Ort(e):
- New York, USA
- Veröffentlichung:
- 2017
- ISBN:
- 978-1-4503-4655-9
- Digital Object Identifier (DOI):
- doi:https://doi.org/10.1145/3025453.3025461
- Volltext:
- Stay Cool! Understanding Thermal Attacks on Mobile-based User Authentication (1.53 MB)
- Zitation:
- Download BibTeX
Kurzfassung
PINs and patterns remain among the most widely used knowledge-based authentication schemes. As thermal cameras become ubiquitous and affordable, we foresee a new form of threat to user privacy on mobile devices. Thermal cameras allow performing thermal attacks, where heat traces, resulting from authentication, can be used to reconstruct passwords. In this work we investigate in details the viability of exploiting thermal imaging to infer PINs and patterns on mobile devices. We present a study (N=18) where we evaluated how properties of PINs and patterns influence their thermal attacks resistance. We found that thermal attacks are indeed viable on mobile devices; overlapping patterns significantly decrease successful thermal attack rate from 100% to 16.67%, while PINs remain vulnerable (>72% success rate) even with duplicate digits. We conclude by recommendations for users and designers of authentication schemes on how to resist thermal attacks.