research-article

Public Access

Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN

Authors:
Chen Wang

Stevens Institute of Technology, Hoboken, NJ, USA

Stevens Institute of Technology, Hoboken, NJ, USA
View Profile

,
Xiaonan Guo

Stevens Institute of Technology, Hoboken, NJ, USA

Stevens Institute of Technology, Hoboken, NJ, USA
View Profile

,
Yan Wang

Binghamton University, Binghamton, NY, USA

Binghamton University, Binghamton, NY, USA
View Profile

,
Yingying Chen

Stevens Institute of Technology, Hoboken, NJ, USA

Stevens Institute of Technology, Hoboken, NJ, USA
View Profile

,
Bo Liu

Stevens Institute of Technology, Hoboken, NJ, USA

Stevens Institute of Technology, Hoboken, NJ, USA
View Profile

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications SecurityMay 2016Pages 189–200https://doi.org/10.1145/2897845.2897847

Published:30 May 2016Publication History

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

Pages 189–200

ABSTRACT

The proliferation of wearable devices, e.g., smartwatches and activity trackers, with embedded sensors has already shown its great potential on monitoring and inferring human daily activities. This paper reveals a serious security breach of wearable devices in the context of divulging secret information (i.e., key entries) while people accessing key-based security systems. Existing methods of obtaining such secret information relies on installations of dedicated hardware (e.g., video camera or fake keypad), or training with labeled data from body sensors, which restrict use cases in practical adversary scenarios. In this work, we show that a wearable device can be exploited to discriminate mm-level distances and directions of the user's fine-grained hand movements, which enable attackers to reproduce the trajectories of the user's hand and further to recover the secret key entries. In particular, our system confirms the possibility of using embedded sensors in wearable devices, i.e., accelerometers, gyroscopes, and magnetometers, to derive the moving distance of the user's hand between consecutive key entries regardless of the pose of the hand. Our Backward PIN-Sequence Inference algorithm exploits the inherent physical constraints between key entries to infer the complete user key entry sequence. Extensive experiments are conducted with over 5000 key entry traces collected from 20 adults for key-based security systems (i.e. ATM keypads and regular keyboards) through testing on different kinds of wearables. Results demonstrate that such a technique can achieve 80% accuracy with only one try and more than 90% accuracy with three tries, which to our knowledge, is the first technique that reveals personal PINs leveraging wearable devices without the need for labeled training data and contextual information.

References

All about skimmers. http://krebsonsecurity.com/all-about-skimmers/.Google Scholar
Is it acceptable to wear a watch on the right wrist? http://www.askandyaboutclothes.com/forum/showthread.php? 116570-Is-it-acceptable-to-wear-a-watch-on-the-right-wrist.Google Scholar
Malicious cloned games attack google android market. naked security:. http://nakedsecurity.sophos.com/2011/12/12/ malicious-cloned-games-attack-google-android-market/.Google Scholar
Wearable device shipments predicted to surge 173% this year. http://www.cnet.com/news/shipments-of-wearable-device-to-surge-173-this-year/.Google Scholar
Why wear a watch on the wrist where you're hand dominant. http://www.reddit.com/r/Watches/comments/1wzub5/question_why_wear_a_watch_on_the_wrist_where/.Google Scholar
D. Balzarotti, M. Cova, and G. Vigna. Clearshot: Eavesdropping on keyboard input from video. In IEEE S&P, pages 170--183, 2008. Google ScholarDigital Library
Y. Berger, A. Wool, and A. Yeredor. Dictionary attacks using keyboard acoustic emanations. In ACM CCS, pages 245--254, 2006. Google ScholarDigital Library
J. Liu, Y. Wang, k. Kar, Y. Chen, J. Yang, and M. Gruteser. Snooping keystrokes with mm-level audio ranging on a single phone. In ACM Mobicom, 2015. Google ScholarDigital Library
L. Liu and et al. Toward detection of unsafe driving with wearables. In ACM WearSys, pages 27--32, 2015. Google ScholarDigital Library
X. Liu, Z. Zhou, W. Diao, Z. Li, and K. Zhang. When good becomes evil: Keystroke inference with smartwatch. In ACM CCS, pages 1273--1285, 2015. Google ScholarDigital Library
F. Maggi, A. Volpatto, S. Gasparini, G. Boracchi, and S. Zanero. A fast eavesdropping attack against touchscreens. In IEEE IAS, pages 320--325, 2011.Google ScholarCross Ref
P. Marquardt, A. Verma, H. Carter, and P. Traynor. (sp)iphone: decoding vibrations from nearby keyboards using mobile phone accelerometers. In ACM CCS, pages 551--562, 2011. Google ScholarDigital Library
E. Miluzzo, A. Varshavsky, S. Balakrishnan, and R. R. Choudhury. Tapprints: your finger taps have fingerprints. In ACM MobiSys, pages 323--336, 2012. Google ScholarDigital Library
A. Parate and et al. RisQ: recognizing smoking gestures with inertial sensors on a wristband. In ACM MobiSys, pages 149--161, 2014. Google ScholarDigital Library
Y. Ren, Y. Chen, M. C. Chuah, and J. Yang. User verification leveraging gait recognition for smartphone enabled mobile healthcare systems. IEEE Transactions on Mobile Computing, 2014.Google Scholar
M. Ryan. Bluetooth: With low energy comes low security. In USENIX WOOT, pages 4--4, 2013. Google ScholarDigital Library
M. Sherman and et al. User-generated free-form gestures for authentication: Security and memorability. In ACM Mobisys, pages 176--189, 2014. Google ScholarDigital Library
D. Shukla, R. Kumar, A. Serwadda, and V. V. Phoha. Beware, your hands reveal your secrets! In ACM CCS, pages 904--917, 2014. Google ScholarDigital Library
D. Spill and A. Bittau. Bluesniff: Eve meets alice and bluetooth. In USENIX WOOT, pages 5:1--5:10, 2007. Google ScholarDigital Library
H. Wang, T. T.-T. Lai, and R. Roy Choudhury. Mole: Motion leaks through smartwatch sensors. In ACM MobiCom, pages 155--166, 2015. Google ScholarDigital Library
J. Wang, K. Zhao, X. Zhang, and C. Peng. Ubiquitous keyboard for small mobile devices: Harnessing multipath fading for fine-grained keystroke localization. In ACM Mobysis, pages 14--27, 2014. Google ScholarDigital Library
Z. Xu, K. Bai, and S. Zhu. Taplogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors. In ACM WISEC, pages 113--124, 2012. Google ScholarDigital Library
T. Zhu, Q. Ma, S. Zhang, and Y. Liu. Context-free attacks using keyboard acoustic emanations. In ACM CCS, pages 453--464, 2014. Google ScholarDigital Library

Index Terms

Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN
1. Human-centered computing
  1. Ubiquitous and mobile computing
    1. Ubiquitous and mobile computing design and evaluation methods
    2. Ubiquitous and mobile devices
2. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Privacy protections
  2. Security services
    1. Authentication

Recommendations

Viewpoint Integration for Hand-Based Recognition of Social Interactions from a First-Person View
ICMI '15: Proceedings of the 2015 ACM on International Conference on Multimodal Interaction

Wearable devices are becoming part of everyday life, from first-person cameras (GoPro, Google Glass), to smart watches (Apple Watch), to activity trackers (FitBit). These devices are often equipped with advanced sensors that gather data about the wearer ...
Read More
Quantifying Temporal Privacy Leakage in Continuous Event Data Publishing
Cooperative Information Systems
Abstract
Process mining employs event data extracted from different types of information systems to discover and analyze actual processes. Event data often contain highly sensitive information about the people who carry out activities or the people for ...
Read More
A novel asymmetric three-party based authentication scheme in wearable devices environment

As we know, wearable devices record data generating from user's daily activities, and most of which are private data, such as health data and movement data. These information is usually stored in user's device. As more and more people started using ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security
May 2016
958 pages
ISBN:9781450342339
DOI:10.1145/2897845
General Chair:
Xiaofeng Chen
Xidian University, China
,
Program Chairs:
XiaoFeng Wang
Indiana University at Bloomington, USA
,
Xinyi Huang
Fujian Normal University, China
Copyright © 2016 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 30 May 2016
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
hand movement trajectory recovery
leakage of pin
pin sequence inference
privacy leakage
wearable devices
Qualifiers
- research-article
Conference

Acceptance Rates
ASIA CCS '16 Paper Acceptance Rate73of350submissions,21%Overall Acceptance Rate418of2,322submissions,18%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 81
  Total Citations
  View Citations
- 2,225
  Total Downloads
- Downloads (Last 12 months)228
- Downloads (Last 6 weeks)30
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Viewpoint Integration for Hand-Based Recognition of Social Interactions from a First-Person View

Quantifying Temporal Privacy Leakage in Continuous Event Data Publishing

A novel asymmetric three-party based authentication scheme in wearable devices environment

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Viewpoint Integration for Hand-Based Recognition of Social Interactions from a First-Person View

Quantifying Temporal Privacy Leakage in Continuous Event Data Publishing

A novel asymmetric three-party based authentication scheme in wearable devices environment

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media