Enlighten Publications

In this section

In the Quest to Protect Users from Side-Channel Attacks – A User-Centred Design Space to Mitigate Thermal Attacks on Public Payment Terminals

Marky, K., Macdonald, S. , Abdrabou, Y. and Khamis, M. (2023) In the Quest to Protect Users from Side-Channel Attacks – A User-Centred Design Space to Mitigate Thermal Attacks on Public Payment Terminals. In: 32nd USENIX Security Symposium, Anaheim, CA, California, 9-11 Aug 2023, pp. 5235-5252. ISBN 9781939133373

Text
300251.pdf - Accepted Version
1MB

Abstract

Thermal attacks are an emerging threat that enables the reconstruction of user input after interaction with a device by analysing heat traces. There are several ways to protect users from thermal attacks that require different degrees of user involvement. In this paper, we first present a structured literature review to identify 15 protection strategies. Then, we investigate user perceptions of these strategies in an online study (N=306). Our results show that users intuitively use protection strategies that also work against other side-channel attacks. Further, users are willing to sacrifice convenience for the sake of verifying a strategy's efficacy. Yet, an ideal holistic defence from thermal attacks is one that is readily integrated into user interfaces by manufacturers in a way that the user can verify it. Further, users like resourceless strategies that fit their habits. We use the literature review and study results to identify a user-centred design space for thermal attack protection. We conclude the paper with specific recommendations for users, device manufacturers and interface providers to better protect individuals from thermal attacks.

Item Type:	Conference Proceedings
Additional Information:	This work was supported by the EPSRC (EP/V008870/1), and the PETRAS National Centre of Excellence for IoT Systems Cybersecurity,which is also funded by the EPSRC (EP/S035362/1). Furthermore this work was co-funded by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany’s Excellence Strategy - EXC 2092 CASA - 390781972.
Status:	Published
Refereed:	Yes
Glasgow Author(s) Enlighten ID:	Marky, Dr Karola and Macdonald, Mr Shaun and Khamis, Dr Mohamed
Authors:	Marky, K., Macdonald, S., Abdrabou, Y., and Khamis, M.
College/School:	College of Science and Engineering > School of Computing Science
ISBN:	9781939133373
Copyright Holders:	Copyright © 2023 The Authors
Publisher Policy:	Reproduced with the permission of the publisher
Related URLs:	Organisation Publisher

University Staff: Request a correction | Enlighten Editors: Update this record

Funder and Project Information

Project Code	Award No	Project Name	Principal Investigator	Funder's Name	Funder Ref	Lead Dept
310627		TAPS: Assessing, Mitigating and Raising Awareness of the Security and Privacy Risks of Thermal Imaging	Mohamed Khamis	Engineering and Physical Sciences Research Council (EPSRC)	EP/V008870/1	Computing Science
313490		Preventing THErmal ATtacks using AI-driven Approaches	Mohamed Khamis	Engineering and Physical Sciences Research Council (EPSRC)	5676417 -PETRAS	Computing Science

Deposit and Record Details

ID Code:	300251
Depositing User:	Miss Leigh Bunton
Datestamp:	08 Jun 2023 10:23
Last Modified:	07 Nov 2023 10:14
Date of acceptance:	24 May 2023
Date of first online publication:	2023
Date Deposited:	8 June 2023
Data Availability Statement:	No