智能化的安卓手势密码取证关键技术

doi:10.11959/j.issn.2096-109x.2022005

Abstract

Abstract:

In the field of digital forensics, how to unlock mobile devices such as phones has always been an urgent problem to overcome.As a special kind of password, pattern lock is widely used in mobile phone screen unlock and software access authorization.Existing pattern lock cracking techniques have several non-negligible disadvantages, such as poor concealment, low practicability, non-intelligence and single application scenario.Two basic threat models were abstracted from shoulder surfing, surveillance camera, and real-time forensics, and a multi-scenario side channel attack on pattern locks was proposed.Based on the data of surveillance camera or manual video, intelligent vision recognition algorithms were adopted to identify, select and track the target device and biological key points in the video dynamically.Then, discrete tracking points were integrated by spatial mapping and pruning algorithm.The denoising algorithm was used to eliminate redundancy and optimize the trajectory.Through procedures above, the original trajectory was simplified into regular polylines defined by several key turning points.Finally, the simplified pattern was compared and matched with the rules of legal pattern locks to inference and retort its actual pattern.Possible candidates will be sorted in the output according to their confidences.Results show that in the surveillance camera scenario, where the device screen is always visible, the cracking success rate of our technique is 89% for 10 attempts and 99.3% for 20 attempts.In the face-to-face scenario, where the subject consciously blocks the screen and his drawing finger, the success rate was 82% after 10 attempts and 89.3% after 20 attempts.In the surveillance camera scenario, the increase of shooting horizontal distance can significantly decrease the cracking success rate.But this effect diminishes with the increase of the number of attempts.Results show that the cracking success rate of the complex password is always higher than that of the simple password during 20 attempts, which means a complex pattern lock cannot play a better protection role if the proposed technique is applied.Shooting angle deflection within 5° has little effect on the success rate of cracking.

Key words: pattern lock, intelligent vision recognition, digital forensics, side channel attack

CLC Number:

TP309

Jiahao QIU, Weidong QIU, Yangde WANG, Yan ZHA, Yuming XIE, Yan LI. Intellectualized forensic technique for Android pattern locks[J]. Chinese Journal of Network and Information Security, 2022, 8(1): 118-127.

Figures/Tables 11

References 33

[1]	WEISS R , DE LUCA A . PassShapes:utilizing stroke based authentication to increase password memorability[C]// Proceedings of the 5th Nordic Conference on Human-computer Interaction:Building Bridges. 2008: 383-392.
[2]	YE G X , TANG Z Y , FANG D Y ,et al. Cracking android pattern lock in five attempts[C]// Proceedings 2017 Network and Distributed System Security Symposium. 2017.
[3]	AVIV A J , GIBSON K L , MOSSOP E ,et al. Smudge attacks on smartphone touch screens[J]. Woot, 2010,10: 1-7.
[4]	ZHANG J , ZHENG X L , TANG Z Y ,et al. Privacy leakage in mobile sensing:your unlock passwords can be leaked through wireless hotspot functionality[J]. Mobile Information Systems, 2016,(2016):8793025.
[5]	ABDELRAHMAN Y , KHAMIS M , SCHNEEGASS S ,et al. Stay cool! understanding thermal attacks on mobile-based user authentication[C]// Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems. 2017: 3751-3763.
[6]	ZHOU M , WANG Q , YANG J X ,et al. PatternListener:cracking android pattern lock using acoustic signals[C]// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 2018: 1775-1787.
[7]	EIBAND M , KHAMIS M , VON ZEZSCHWITZ E ,et al. Understanding shoulder surfing in the wild:stories from users and observers[C]// Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems. 2017: 4254-4265.
[8]	WIEDENBECK S , WATERS J , SOBRADO L ,et al. Design and evaluation of a shoulder-surfing resistant graphical password scheme[C]// Proceedings of the Working Conference on Advanced Visual Interfaces. 2006: 177-184.
[9]	KUMAR M , GARFINKEL T , BONEH D ,et al. Reducing shoulder-surfing by using gaze-based password entry[C]// Proceedings of the 3rd Symposium on Usable Privacy and Security -SOUPS '07. 2007: 13-19.
[10]	ROTH V , RICHTER K , FREIDINGER R . A PIN-entry method resilient against shoulder surfing[C]// Proceedings of the 11th ACM Conference on Computer and Communications Security. 2004: 236-245.
[11]	WINKLER T , RINNER B . User-centric privacy awareness in video surveillance[J]. Multimedia Systems, 2012,18(2): 99-121.
[12]	GELBORD B , ROELOFSEN G . New surveillance techniques raise privacy concerns[J]. Communications of the ACM, 2002,45(11): 23-24.
[13]	WINKLER T , RINNER B . Security and privacy protection in visual sensor networks:a survey[J]. ACM Computing Surveys, 2014,47(1): 2.
[14]	SCHIFF J , MEINGAST M , MULLIGAN D K ,et al. Respectful cameras:detecting visual markers in real-time to address privacy concerns[M]// Protecting Privacy in Video Surveillance, 2009: 65-89.
[15]	KORSHUNOV P , EBRAHIMI T . Using warping for privacy protection in video surveillance[C]// Proceedings of 2013 18th International Conference on Digital Signal Processing (DSP). 2013: 1-6.
[16]	GUERAR M , MIGLIARDI M , PALMIERI F ,et al. Securing PIN-based authentication in smartwatches with just two gestures[J]. Concurrency and Computation:Practice and Experience, 2020,32(18): e5549.
[17]	LU C X , DU B W , WEN H K ,et al. Snoopy[J]. Proceedings of the ACM on Interactive,Mobile,Wearable and Ubiquitous Technologies, 2018,1(4): 1-29.
[18]	WANG C , GUO X N , CHEN Y Y ,et al. Personal PIN leakage from wearable devices[J]. IEEE Transactions on Mobile Computing, 2018,17(3): 646-660.
[19]	SHUKLA D , PHOHA V V . Stealing passwords by observing hands movement[J]. IEEE Transactions on Information Forensics and Security, 2019,14(12): 3086-3101.
[20]	SHUKLA D , KUMAR R , SERWADDA A ,et al. Beware,your hands reveal your secrets![C]// Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. 2014: 904-917.
[21]	CHEN T , FARCASIN M , CHAN-TIN E , . Smartphone passcode prediction[J]. IET Information Security, 2018,12(5): 431-437.
[22]	BALAGANI K S , CONTI M , GASTI P ,et al. SILK-TV:secret information leakage from keystroke timing videos[M]// Computer Security. Cham: Springer International Publishing, 2018: 263-280.
[23]	BALAGANI K , CARDAIOLI M , CONTI M ,et al. PILOT:password and PIN information leakage from obfuscated typing videos[J]. Journal of Computer Security, 2019,27(4): 405-425.
[24]	XU Y , HEINLY J , WHITE A M ,et al. Seeing double:reconstructing obscured typed input from repeated compromising reflections[C]// Proceedings of the 2013 ACM SIGSAC Conference on Computer ＆ Communications Security. 2013: 1063-1074.
[25]	YUE Q G , LING Z , FU X W ,et al. Blind recognition of touched keys on mobile devices[C]// Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. 2014: 1403-1414.
[26]	Barrett D . One surveillance camera for every 11 people in Britain,says CCTV survey[J]. The Telegraph, 2013,10.
[27]	REDMON J , FARHADI A . YOLOv3:an incremental improvement[J]. arXiv preprint arXiv:1804.02767, 2018.
[28]	SIMON T , JOO H , MATTHEWS I ,et al. Hand keypoint detection in single images using multiview bootstrapping[C]// Proceedings of 2017 IEEE Conference on Computer Vision and Pattern Recognition. 2017: 4645-4653.
[29]	LUKE?IC A , VOJíR T , ZAJC L C ,et al. Discriminative correlation filter with channel and spatial reliability[C]// Proceedings of 2017 IEEE Conference on Computer Vision and Pattern Recognition. 2017: 4847-4856.
[30]	DOUGLAS D H , PEUCKER T K . Algorithms for the reduction of the number of points required to represent a digitized line or its caricature[J]. Cartographica:the International Journal for Geographic Information and Geovisualization, 1973,10(2): 112-122.
[31]	KENDALL M G . Rank correlation methods[J]. Biometrika, 1957,44(1/2): 298.
[32]	SPEARMAN C . General intelligence,objectively determined and measured[J]. The American Journal of Psychology, 1904,15(2): 201-292.
[33]	SUN C , WANG Y , ZHENG J . Dissecting pattern unlock:the effect of pattern strength meter on pattern selection[J]. Journal of Information Security and Applications, 2014,19(4/5): 308-320.

Metrics

Recommended 0

No Suggested Reading articles found!

攻击方法	隐蔽性	实用性	鲁棒性	遮挡场景	自动化
涂抹攻击^[3]	×	×	×	√	×
无线信号攻击^[4]	√	×	×	√	×
热成像攻击^[5]	×	√	√	×	×
声学攻击^[6]	√	×	×	√	√
视频攻击(Ye)^[2]	√	√	√	×	×
本文方法	√	√	√	√	√

影响因素	Kendall	Spearman
角度	0.905 2	0.978 6
长度	0.668 6	0.810 9
角度＆长度	-0.059 7	-0.086 8

Intellectualized forensic technique for Android pattern locks

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 11

References 33

Related Articles 6

Metrics

Recommended 0

[1]	Yu ZHANG, Binglong LI, Xuejuan LI, Heyu ZHANG. Evidence classification method of chat text based on DSR and BGRU model [J]. Chinese Journal of Network and Information Security, 2022, 8(2): 150-159.
[2]	Ding LI, Yuefei ZHU, Bin LU, Wei LIN. Survey of side channel attack on encrypted network traffic [J]. Chinese Journal of Network and Information Security, 2021, 7(4): 114-130.
[3]	Qirun PAN,Kaizhi HUANG,Wei YOU. Network slicing deployment method based on isolation level [J]. Chinese Journal of Network and Information Security, 2020, 6(2): 96-105.
[4]	Fanyu KONG,Yong QIAO,Pengtao LIU,Xiaodong LIU,Dashui ZHOU. Fault-injection attack on countermeasure algorithms of RSA-CRT cryptosystem [J]. Chinese Journal of Network and Information Security, 2019, 5(1): 30-36.
[5]	Jun REN,Jin-bo XIONG,Zhi-qiang YAO. Security control scheme for cloud data copy based on differential privacy model [J]. Chinese Journal of Network and Information Security, 2017, 3(5): 38-46.
[6]	Hui-hui JIA,Chao WANG,Jian GU,Hao-hao SONG,Di TANG. Research and simulation of timing attacks on ECC [J]. Chinese Journal of Network and Information Security, 2016, 2(4): 56-63.