PrivacyScout: Assessing Vulnerability to Shoulder Surfing on Mobile Devices

Bâce, M., Saad, A., Khamis, M. , Schneegass, S. and Bulling, A. (2022) PrivacyScout: Assessing Vulnerability to Shoulder Surfing on Mobile Devices. In: Privacy Enhancing Technologies Symposium 2022 (PETS 2022), Sydney, Australia, 11-15 Jul 2022, pp. 650-669. (doi: 10.56553/popets-2022-0090)

[img] Text
268660.pdf - Published Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.

4MB

Abstract

One approach to mitigate shoulder surfing attacks on mobile devices is to detect the presence of a bystander using the phone’s front-facing camera. However, a person’s face in the camera’s field of view does not always indicate an attack. To overcome this limitation, in a novel data collection study (N=16), we analysed the influence of three viewing angles and four distances on the success of shoulder surfing attacks. In contrast to prior works that mainly focused on user authentication, we investigated three common types of content susceptible to shoulder surfing: text, photos, and PIN authentications. We show that the vulnerability of text and photos depends on the observer’s location relative to the device, while PIN authentications are vulnerable independent of the observation location. We then present PrivacyScout – a novel method that predicts the shoulder-surfing risk based on visual features extracted from the observer’s face as captured by the front-facing camera. Finally, evaluations from our data collection study demonstrate our method’s feasibility to assess the risk of a shoulder surfing attack more accurately.

Item Type:Conference Proceedings
Additional Information:This project is partly funded by the Swiss National Science Foundation (SNSF) Early Postdoc. Mobility Fellowship (199991), the Deutsche Forschungsgemeinschaft (DFG) German Research Foundation (425869382), part of Priority Program SPP2199 Scalable Interaction Paradigms for Pervasive Computing Environments, EPSRC (EP/V008870/1) and the PETRAS National Centre of Excellence for IoT Systems Cybersecurity, which is also funded by the EPSRC (EP/S035362/1), and the the European Research Council (ERC; grant agreement 801708).
Status:Published
Refereed:Yes
Glasgow Author(s) Enlighten ID:Khamis, Dr Mohamed
Authors: Bâce, M., Saad, A., Khamis, M., Schneegass, S., and Bulling, A.
College/School:College of Science and Engineering > School of Computing Science
ISSN:2299-0984
Copyright Holders:Copyright © 2022 The Authors
Publisher Policy:Reproduced under a Creative Commons licence
Related URLs:

University Staff: Request a correction | Enlighten Editors: Update this record

Project CodeAward NoProject NamePrincipal InvestigatorFunder's NameFunder RefLead Dept
310627TAPS: Assessing, Mitigating and Raising Awareness of the Security and Privacy Risks of Thermal ImagingMohamed KhamisEngineering and Physical Sciences Research Council (EPSRC)EP/V008870/1Computing Science
313490Preventing THErmal ATtacks using AI-driven ApproachesMohamed KhamisEngineering and Physical Sciences Research Council (EPSRC)5676417 -PETRASComputing Science