What you see is not what you get: Leakage-resilient password entry schemes for smart glasses

Author

Yan LI, Singapore Management UniversityFollow
Yao CHENG, Singapore Management UniversityFollow
Yingjiu LI, Singapore Management UniversityFollow
Robert H. DENG, Singapore Management UniversityFollow

Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

4-2017

Abstract

Smart glasses are becoming popular for users to access various services such as email. To protect these services, password-based user authentication is widely used. Unfortunately, the password based user authentication has inherent vulnerability against password leakage. Many efforts have been put on designing leakage resilient password entry schemes on PCs and mobile phones with traditional input equipment including keyboards and touch screens. However, such traditional input equipment is not available on smart glasses. Existing password entry on smart glasses relies on additional PCs or mobile devices. Such solutions force users to switch between different systems, which causes interrupted experience and may lower the practicability and usability of smart glasses. In this paper, we propose a series of leakage-resilient password entry schemes on stand-alone smart glasses, which are gTapper, gRotator, and gTalker. These schemes ensure no leakage in password entry by breaking the correlation between the underlying password and the interaction observable to adversaries. They are practical in the sense that they only require a touch pad, a gyroscope, and a microphone which are commonly available on smart glasses. The usability of the proposed schemes is evaluated by user study under various test conditions which are common in users' daily usage. The results of our user study reveal that the proposed schemes are easy-to-use so that users enter their passwords within moderate time, at high accuracy, and in various situations.

Keywords

Eavesdropping attack, Leakage-resilient password entry, Smart glasses, Glass, Touch screens, Eavesdropping attacks, High-accuracy, No leakages, Smart glass, Stand -alone, Test condition, Touch pads, User authentication, Authentication

Discipline

Information Security

Research Areas

Cybersecurity

Publication

ASIA CCS 2017: Proceedings of the ACM Asia Conference on Computer and Communications Security, April 2-6, Abu Dhabi, United Arab Emirates

First Page

327

Last Page

333

ISBN

9781450349444

Identifier

10.1145/3052973.3053042

Publisher

ACM

City or Country

New York

Citation

LI, Yan; CHENG, Yao; LI, Yingjiu; and DENG, Robert H.. What you see is not what you get: Leakage-resilient password entry schemes for smart glasses. (2017). ASIA CCS 2017: Proceedings of the ACM Asia Conference on Computer and Communications Security, April 2-6, Abu Dhabi, United Arab Emirates. 327-333.
Available at: https://ink.library.smu.edu.sg/sis_research/3815

Copyright Owner and License

Authors

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1145/3052973.3053042