ScreenPass: Secure password entry on touchscreen devices

MobiSys 2013 - Proceedings of the 11th Annual International Conference on Mobile Systems, Applications, and Services

Volumn , Issue , 2013, Pages 291-304

  Liu, Dongtao ^a   Cuervo, Eduardo ^a   Pistol, Valentin ^a   Scudellari, Ryan ^a   Cox, Landon P ^a  

^a DUKE UNIVERSITY   (United States)

Author keywords

OCR; Passwords; Phishing; Smartphone Security; User interface design; User study

Indexed keywords

PASSWORDS; PHISHING; SMARTPHONE SECURITIES; USER INTERFACE DESIGNS; USER STUDY;

OPTICAL CHARACTER RECOGNITION; SMARTPHONES; USER INTERFACES;

AUTHENTICATION;

EID: 84881187703     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2462456.2465425     Document Type: Conference Paper

References (21)

1. D. S. Anderson, C. Fleizach, S. Savage, and G. M. Voelker. Spamscatter: characterizing internet scam hosting infrastructure. In USENIX Security, 2007.
2. M. Böhmer, B. Hecht, J. Schöning, A. Krüger, and G. Bauer. Falling asleep with Angry Birds, Facebook and Kindle: a large scale study on mobile application usage. In MobileHCI, 2011.
3. L. Cai and H. Chen. TouchLogger: inferring keystrokes on touch screen from smartphone motion. In HotSec, 2011.
4. R. Dhamija, J. D. Tygar, and M. Hearst. Why phishing works. In CHI, 2006.
5. S. Egelman, L. F. Cranor, and J. Hong. You've been warned: an empirical study of the effectiveness of web browser phishing warnings. In CHI, 2008.
6. W. Enck, P. Gilbert, B. gon Chun, L. P. Cox, J. Jung, P. McDaniel, and A. Sheth. TaintDroid: An information flow tracking system for realtime privacy monitoring on mobile phones. In OSDI, 2010.
7. H. Falaki, R. Mahajan, S. Kandula, D. Lymberopoulos, R. Govindan, and D. Estrin. Diversity in smartphone usage. In MobiSys, 2010.
8. N. Feske and C. Helmuth. A Nitpicker's guide to a minimal-complexity secure GUI. In IEEE Computer Security Applications Conference, 2005.
9. A. Y. Fu, L. Wenyin, and X. Deng. Detecting phishing web pages with visual similarity assessment based on earth mover's distance (EMD). IEEE Transactions on Dependable and Secure Computing, 3, October 2006.
10. X. Jiang. Smishing vulnerability in multiple android platforms. http://csc.ncsu.edu/~jiang/smishing.html.
11. M. G. Kang, S. McCamant, P. Poosankam, and D. Song. DTA++: Dynamic taint analysis with targeted control-flow propagation. In NDSS, 2011.
12. J. M. McCune, A. Perrig, and M. K. Reiter. Safe passage for passwords and other sensitive data. In NDSS, 2009.
13. E. Owusu, J. Han, S. Das, A. Perrig, and J. Zhang. ACCessory: password inference using accelerometers on smartphones. In HotMobile, 2012.
14. A. Rahmati, C. Tossell, C. Shepard, P. Kortum, and L. Zhong. Exploring iPhone usage: the influence of socioeconomic differences on smartphone adoption, usage and usability. In MobileHCI, 2012.
15. F. Roesner, T. Kohno, A. Moshchuk, B. Parno, H. J. Wang, and C. Cowan. User-driven access control: Rethinking permission granting in modern operating systems. In IEEE Security and Privacy, 2012.
16. B. Ross, C. Jackson, N. Miyake, D. Boneh, and J. C. Mitchell. Stronger password authentication using browser extensions. In USENIX Security, 2005.
17. S. E. Schechter, R. Dhamija, A. Ozment, and I. Fischer. Emperors new security indicators: An evaluation of website authentication and the effect of role playing on usability studies. In IEEE Security and Privacy, 2007.
18. R. Smith. An overview of the Tesseract OCR engine. In ICDAR, 2007.
19. S. Tang, H. Mai, and S. T. King. Trust and protection in the Illinois browser operating system. In OSDI, 2010.
20. M. Wu, R. C. Miller, and S. L. Garfinkel. Do security toolbars actually prevent phishing attacks? In CHI, 2006.
21. Y. Zhou and X. Jiang. Dissecting Android malware: Characterization and evolution. In IEEE Security and Privacy, 2012.