D u k D u k e S y y s s t t e e m s ScreenPass: Secure Password Entry on Touchscreen Devices Dongtao Liu Duke University May 2012 Joint work with: Ryan Scudellari, Eduardo Cuervo, and Landon P. Cox D u D u k k e e S y s t s t e m s m s
Passwords in smartphones
Buggy? Malicious? FriendCaster imo.com mint.com Real Sync
Taint tracking • TaintDroid [OSDI '10] • Taint-tracking extension for Android • Monitor propagation of tagged data • Apply taint tracking to passwords? • Properly tagged passwords • Release policy for passwords
Challenges to tag passwords • Data tracked in TaintDroid prototype • API calls with well-defined semantics • Password input • Through character-stream interfaces • A mix of sensitive & non-sensitive data • How to tag password? • Secure attestation sequence (SAS): ‘@@’ • Require TCB to handle all text inputs
Challenges to tag passwords • Software keyboard spoofing • Touchscreen devices • Reserve area for trusted signal • Screen real-estate is precious • Signals are easy to ignore
ScreenPass • To enforce all text input handled by TCB • Apply OCR analysis to detect spoofed keyboard • Restrict WHAT apps can write instead of WHERE • To properly tag passwords • Special secure input method • Associate secure domain with password OCR
Untrusted App Text-input widget (1) Get IME Input Method Framework (10) ‘a’ tagged with System service ‘facebook.com’ (2) Start IME (3) Set check=‘false’ Get check ScreenPass Frame ScreenPass IME System service Checker Software Keyboard (9) <x, y> ‘a’ (4) Display Keyboard (8) <x, y> Android Secure Domain Bar Window (7) taint=‘facebook’ Manager (5) Display Domain Bar (6) ‘facebook.com’
ScreenPass IME UI
Detecting spoofed keyboards • FrameChecker • A separate thread within SurfaceFlinger • Check frame buffer to recognize keyboard • Optimizations • Omit : pwd mode/no change/no touch • Spatial : check bottom 320X480 screen • Temporal : sleep for random intervals • Code : NEON 128-bit SIMD instructions
Detecting spoofed keyboards • Apply OCR to recognize keyboard • Characters should be clear • Sequence should be fixed • Tesseract OCR • Open source OCR project • Port to Android platform
Detecting spoofed keyboards RG BA OCR Engine RG BA Stage 1 Stage 2 Stage 3 Frame Squash Frame Analysis Sleep
Evaluation • Is monitoring passwords useful? • Android app study • What attacks can ScreenPass detect? • Attack tests • How fast can ScreenPass check frames? • Analyzing performance • How often should ScreenPass check? • Frame rate drop & energy overhead
Evaluation: App study • Study 30 apps from: • App pool of popular apps from all categories • Top apps from search by keywords • “password”, “dating”, and “online game”
Evaluation: App study Plaintext Outside the Plaintext to Application Type over domain file network √ Pageonce Finance √ MessengerWithYou Communication √ Meebo IM Communication √ Picassatools Social √ √ Skout Social √ Match.com "Dating" √ Myyearbook.com "Dating" √ √ Chess.com "Online Game"
Evaluation: Attacks • Static Attacks • Dynamic Attacks • Alternating blocks of 1x1, 2x2, 4x4, and 8x8 pixels
Evaluation: Analysis time 300 250 Run Time (ms) 200 150 100 50 0 General App Video Labyrinth Winds of Drawer Steel Average time to analyze one frame
Evaluation: Frame rate stock 0ms 500ms 1000ms 60 Frame Rate (frame/sec) 50 40 30 20 10 0 App Video Pinball Labyrinth Winds of drawer Steel Average frame rate observed
Evaluation: Energy stock 0ms 500ms 1000ms 90 80 70 Power (Joules) 60 50 40 30 20 10 0 General App Video Pinball Labyrinth Winds of Drawer Steel Energy consumed over one minute
Related Work • Taint tacking • TaintDroid [OSDI '10] • DTA++ [NDSS ' 11] • Phishing & UI spoofing • EGELMAN, S. et al [CHI ' 08] • SCHECHTER, S. E. et all [SP '07] • WU, M. et al [CHI '06]
Conclusion • Minimize hardware assumptions • Apply OCR/CV to solve UI spoofing • Maximize display utilization • Restrict what apps can write • Minimize user burden • Do not rely on user efforts to detect attacks • ScreenPass is practical – Useful/Robust to attacks/Fast – Acceptable overhead
Recommend
More recommend
