ABSTRACT
Thermal cameras have become portable enough to integrate into wearables, such as glasses, and can be used maliciously to infer passwords observing heat traces left on keyboards, keypads and screens. While prior work showed how AI-driven approaches can be used to further enhance the effectiveness of these attacks, we use similar approaches to detect vulnerable interfaces and obfuscate heat traces to defend against thermal attacks. At our Augmented Humans 2023 demo, attendees will have the chance to use a thermal camera to observe thermal traces on a keyboard, and observe how machine learning can both automatically identify keys pressed based and identify, then obfuscate, thermal images of a keyboard to prevent thermal attacks. This demo will provoke thought and discussion about the security risks presented by discrete, wearable thermal cameras and how these risks can be mitigated by both designers and users.
- Yomna Abdelrahman, Mohamed Khamis, Stefan Schneegass, and Florian Alt. 2017. Stay cool! Understanding thermal attacks on mobile-based user authentication. Conference on Human Factors in Computing Systems - Proceedings 2017-May (2017), 3751–3763. https://doi.org/10.1145/3025453.3025461Google ScholarDigital Library
- Yomna Abdelrahman, Pascal Knierim, Pawel W. Wozniak, Niels Henze, and Albrecht Schmidt. 2017. See through the fire: Evaluating the augmentation of visual perception of firefighters using depth and thermal cameras. In UbiComp/ISWC 2017 - Adjunct Proceedings of the 2017 ACM International Joint Conference on Pervasive and Ubiquitous Computing and Proceedings of the 2017 ACM International Symposium on Wearable Computers. 693–696. https://doi.org/10.1145/3123024.3129269Google ScholarDigital Library
- Yomna Abdelrahman, Albrecht Schmidt, and Pascal Knierim. 2017. Snake view: exploring thermal imaging as a vision extender in mountains. (2017), 1067–1071.Google Scholar
- Yasmeen Abdrabou, Yomna Abdelrahman, Ahmed Ayman, Amr Elmougy, and Mohamed Khamis. 2020. Are Thermal Attacks Ubiquitous?: When Non-Expert Attackers Use off the shelf Thermal Cameras. In ACM International Conference Proceeding Series. https://doi.org/10.1145/3399715.3399819Google ScholarDigital Library
- Yasmeen Abdrabou, Reem Hatem, Yomna Abdelrahman, Amr Elmougy, and Mohamed Khamis. 2021. Passphrases Beat Thermal Attacks: Evaluating Text Input Characteristics Against Thermal Attacks on Laptops and Smartphones. July (2021), 712–721. https://doi.org/10.1007/978-3-030-85610-6Google ScholarDigital Library
- Yasmeen Abdrabou, Khaled Kassem, Jailan Salah, Reem El-Gendy, Mahesty Morsy, Yomna Abdelrahman, and Slim Abdennadher. 2018. Exploring the usage of EEG and pupil diameter to detect elicited valence. In Intelligent Human Systems Integration: Proceedings of the 1st International Conference on Intelligent Human Systems Integration (IHSI 2018): Integrating People and Intelligent Systems, January 7-9, 2018, Dubai, United Arab Emirates. Springer, 287–293.Google ScholarCross Ref
- Norah Alotaibi, Md Shafiqul Islam, Karola Marky, and Mohamed Khamis. 2022. Advanced Techniques for Preventing Thermal Imaging Attacks. In International Conference on Intelligent User Interfaces, Proceedings IUI. 18–21. https://doi.org/10.1145/3490100.3516472Google ScholarDigital Library
- Norah Alotaibi, John Williamson, and Mohamed Khamis. 2021. ThermoSecure: Investigating the effectiveness of AI-driven thermal attacks on commonly used computer keyboards. Technical Report. https://doi.org/xGoogle Scholar
- Paul Bekaert, Norah Alotaibi, Florian Mathis, Nina Gerber, Aidan Christopher Rafferty, Mohamed Khamis, and Karola Marky. 2022. Are Thermal Attacks a Realistic Threat? Investigating the Preconditions of Thermal Attacks in Users’ Daily Lives. In NordiCHI ’22. Aarhus, 1–9. https://doi.org/10.1145/3546155.3546706Google ScholarDigital Library
- Sarah Faltaous, Mark Wittpoth, Yomna Abdelrahman, and Stefan Schneegass. 2022. HeatGoggles : Enabling Ubiquitous Touch Input through Head-Mounted Devices using Thermal Imaging. 21th International Conference on Mobile and Ubiquitous Multimedia (MUM 2022), November 27â•fi30, 2022, Lisbon, Portugal 1, 1 (2022), 6–9. https://doi.org/10.1145/3568444.3570597Google ScholarDigital Library
- Ceenu George, Mohamed Khamis, Emanuel von Zezschwitz, Marinus Burger, Henri Schmidt, Florian Alt, and Heinrich Hussmann. 2017. Seamless and secure vr: Adapting and evaluating established authentication systems for virtual reality. NDSS.Google Scholar
- Tyler Kaczmarek, Ercan Ozturk, and Gene Tsudik. 2019. Thermanator: Thermal residue-based post factum attacks on keyboard data entry. AsiaCCS 2019 - Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security(2019), 586–593. https://doi.org/10.1145/3321705.3329846 arxiv:1806.10189Google ScholarDigital Library
- Pierre Lecourt. 2015. Flir ONE. https://www.flickr.com/photos/13815526@N02/16051311760/in/photostream/Google Scholar
- Duo Li, Xiao Ping Zhang, Menghan Hu, Guangtao Zhai, and Xiaokang Yang. 2019. Physical password breaking via thermal sequence analysis. IEEE Transactions on Information Forensics and Security 14, 5(2019), 1142–1154. https://doi.org/10.1109/TIFS.2018.2868219Google ScholarDigital Library
- Zhen Ling, Melanie Borgeest, Chuta Sano, Jazmyn Fuller, Anthony Cuomo, Sirong Lin, Wei Yu, Xinwen Fu, and Wei Zhao. 2017. Privacy Enhancing Keyboard : Design, Implementation, and Usability Testing. Wireless Communications and Mobile Computing 2017 (2017), 1–15.Google ScholarDigital Library
- Keaton Mowery, Sarah Meiklejohn, and Stefan Savage. 2011. Heat of the moment: Characterizing the efficacy of thermal camera-based attacks. 5th USENIX Workshop on Offensive Technologies, WOOT 2011 (2011), 1–8.Google Scholar
- Wojciech Wodo and Lucjan Hanzlik. 2016. Thermal imaging attacks on keypad security systems. ICETE 2016 - Proceedings of the 13th International Joint Conference on e-Business and Telecommunications 4, Icete (2016), 458–464. https://doi.org/10.5220/0005998404580464Google ScholarDigital Library
Index Terms
- Conducting and Mitigating Portable Thermal Imaging Attacks on User Authentication using AI-driven Methods
Recommendations
Advanced Techniques for Preventing Thermal Imaging Attacks
IUI '22 Companion: Companion Proceedings of the 27th International Conference on Intelligent User InterfacesThermal cameras can be used to detect user input on interfaces, such as touchscreens, keyboards, and PIN pads, by recording the heat traces left by the users’ fingers after interaction (e.g., typing a message or entering a PIN) and using them to ...
Stay Cool! Understanding Thermal Attacks on Mobile-based User Authentication
CHI '17: Proceedings of the 2017 CHI Conference on Human Factors in Computing SystemsPINs and patterns remain among the most widely used knowledge-based authentication schemes. As thermal cameras become ubiquitous and affordable, we foresee a new form of threat to user privacy on mobile devices. Thermal cameras allow performing thermal ...
Are Thermal Attacks a Realistic Threat? Investigating the Preconditions of Thermal Attacks in Users’ Daily Lives
NordiCHI '22: Nordic Human-Computer Interaction ConferenceThermal attacks refer to the possibility of capturing heat traces that result from interacting with user interfaces to reveal sensitive input, such as passwords. The technical feasibility and effectiveness of thermal attacks have already been ...
Comments