Uploads Contact
/
Login Upload
Heat of the Moment Characterizing the Efcacy of Thermal CameraBased Attacks Keaton Mowery Heat of the Moment Characterizing the Efcacy of Thermal CameraBased Attacks Keaton Mowery

Heat of the Moment Characterizing the Efcacy of Thermal CameraBased Attacks Keaton Mowery - PDF document

yoshiko-marsland
yoshiko-marsland . @yoshiko-marsland
Follow
528 views
Uploaded On 2015-01-19
About Share Download

Heat of the Moment Characterizing the Efcacy of Thermal CameraBased Attacks Keaton Mowery - PPT Presentation

This attack has the advantage over using a conventional camera that the codes do not need to be captured while they are being typed and can in stead be recovered for a short period afterwards To get the broadest sense of how effective such an attack ID: 33322

This attack has the

Share:

Link:

Embed:

Download Presentation from below link

Download Pdf The PPT/PDF document "Heat of the Moment Characterizing the Ef..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.

Presentation Transcript

thereforeconsiderwhethertheprocessofdeterminingthecodecanbeautomated,andifsoifitismoreorlesseffective(e.g.,accurate)thanmanualvisualinspec-tion.Foreachoftheseunderlyingquestions,wedocumentthattheanswerisinfact“yes”.Inparticular,weob-servedthatthematerialofthekeypadhasatremendousimpact:thehighthermalconductivityofmetalkeypadsrenderedthemvirtuallyimpervioustotheattack,whileweobtainedqualitativelysimilarresultstoZalewksius-ingtheplastickeypad(althoughinourmeasurementsthethermalresiduepersistedforfarshorter).Similarly,indi-vidualdifferencesofthekeypadoperatorsplaysadeter-miningroleaswell.Somepeoplewerequiteabitmorewarm-bloodedthanothers,andsomeweremoreforce-fulinpressingthekeypad;forthepeoplewithcolderhandsoralightertouch,thethermalresultsfadedsig-nicantlymorequickly.Finally,wedevelopedanalgo-rithmtocompletelyautomatetheextractionofacodeusingasinglepost-hocframefromthethermalcamerafootage,thusdemonstratingthattheattackhasthepo-tentialtoscale.Insummary,whilewedocumentthatpost-hocthermalimagingattacksarefeasibleandautomatable,wealsondthatthewindowofvulnerabilityisfarmoremodestthansomehavefearedandthattherearesimplecounter-measures(i.e.,deployingkeypadswithhighthermalcon-ductivity)thatcanshrinkthisvulnerabilityfurtherstill.2AttackScenariosAsmentionedintheintroduction,thermalcamerashaveaclearadvantageoverconventionalcamerasforthepur-posesofcapturingcodes:conventionalcamerasneedtolmthecodeasitisbeingtyped,whereasthermalcamerascanrecoverthecodeforsometimeafterwards.Thereareofcoursepreventionmethodsthatausermightinturntakeagainstthermalcamera-basedattacks(forexample,continuingtopressthekeypadevenafterhehasenteredthecode,orsimplyrestinghiswholehandonthekeypad);nevertheless,weexpectthatallbutthemostparanoidofusersdonottakethem(atleastnotatpresent),andsotheadvantageoverconventionalcam-erasisstillmeaningful.Weoutlinetwomaincategoriesinwhichtheadvantageismostusefulbelow,andalsodiscussthedifferencesbetweentherequiredattacks.ATMPINs.Whencombinedwithacardskimmer,conventionalcamerasinstalledatATMshavealreadyprovedtobequiteeffectiveinstealingpeople'saccountinformation.Usingathermalcamerainsteadprovidesanattackertheabilitytorecoverthecodeeveninthecaseswhere,forexample,auser'sbodyisblockingthekeypadthroughoutthetransaction,orhejustcoversthekeypadwithhishandashetypesinthePIN.Attackersthere-foregainanextradegreeofexibilityintermsofcameraplacement,asitisnolongeressentialthatthecamerahaveanunobstructedviewofthekeypadatalltimes.InanATMscenario,onecouldeasilyimagineanat-tackerwhosegoalistoobtainasmanyPINsaspossible.Inthistypeofattack,anautomatedcodeextractionpro-cesswouldbehighlybenecial;iftheattackersimplyinstalledthecamera(andpresumablyaskimmeraswell)andthenusedittolmtheATMkeypadforafullday,usinganautomatedprocesswouldsavehimthetroubleofsiftingthroughthisentireday'sworthoffootage.Inaddition,theaccuracyofthecodeextractionisnotsoessentialinthisscenario.Eveniftheattackerdoesnotrecovereverysinglecode,anynon-trivialfractionofthePINsenteredinafullday'sworthofATMusagewouldstillbequitevaluable.Doorcodes.Doors(orgatesorelevators)mayactasaccesscontrolpoints,inwhichentrytoagivenroom,building,etc.ismeanttoberestrictedtoauthorizedusers.AuthorizeduserscouldshareaspecialkeyorIDcard,havetheirbiometricdatastoredinthesystemforngerprintoropticalscans,or,inmanycases,en-terapassword.Inthislastcase,anattackerusingacameratocaptureanauthorizeduserenteringhiscodewouldbeabletogainentrytotherestrictedareaofhischoice.Again,thermalcameraspresentanumberofad-vantageshere.JustaswiththeATMs,usersmayblockthekeypad(eitherintentionallyorunintentionally)intheprocessofenteringthecode,inwhichcaseaninstalledconventionalcamerawouldberendereduseless.Addi-tionally,ifthekeypadisprotectedbyahoodorshroud,anattackerwouldhavetroubleinstallingaconventionalcameraangledinsuchawaythatthewholekeypadcouldbeseen.Thermalcameras,ontheotherhand,areabletoovercomethisproblem;infact,athermalcamerawouldnotnecessarilyevenneedtobeinstalledfull-time.Af-teranauthorizeduserhasenteredthecorrectpassword,anattackercansimplywalkupwiththecameraandlmthekeypad;providedhedoesthissoonenoughafterthecodehasbeenentered(andthatheknowsnoonewillbewalkingby!),hecansafelyrecoverthecode.Inmanyways,thisattackisquitedifferentfromtheattackonATMs.Beyondnotevenhavingtoinstallacamera,thevastmajorityofuserswillbeenteringthesamecode(modulofrequentpasswordchanges);com-paredwithATMkeypadsthen,inwhicheachuserentersadifferentcode,thekeypadforadoorpasswordwillbemuchlessnoisy.Ontheotherhand,theaccuracyofthecodeextractionbecomesessentialhere:iftheattackerdoesnotrecovertheonesinglecorrectcode,thenhehasearnednothing;inotherwords,the“fraction”ofthecodeswhichhenowneedstorecoverisjust1.Inaddi-tion,iftheattackerhastowalkupwithacameraeverytimehelmsthekeypadthentheautomationoftheat-tackbecomeslessrelevant,ashemightaswellalsolook2

Related Contents


Establishing Browser Security Guarantees through Formal Shim Verication Dongseok Jang
Establishing Browser Security Guarantees through Formal Shim Verication Dongseok Jang PDF document
599 views
San Diego: A Case Study of Invention and Reinvention
San Diego: A Case Study of Invention and Reinvention PDF document
365 views
San Diego, California August 6-10, 2017
San Diego, California August 6-10, 2017 PDF document
362 views
San Diego
San Diego PDF document
382 views
San Diego
San Diego PDF document
409 views
Termite Control San Diego
Termite Control San Diego PDF document
426 views
SAN DIEGO SPIRITS FESTIVAL
SAN DIEGO SPIRITS FESTIVAL PDF document
371 views
Comprehensive Experimental Analyses of Automotive Attack Surfaces Stephen Checkoway Damon
Comprehensive Experimental Analyses of Automotive Attack Surfaces Stephen Checkoway Damon PDF document
473 views
San Diego “Crosswalk” Process for Permanent Supportive
San Diego “Crosswalk” Process for Permanent Supportive PDF document
405 views
County of San Diego, Planning & Development ServicesADOPTIVE ORDINANCE
County of San Diego, Planning & Development ServicesADOPTIVE ORDINANCE PDF document
422 views
Paid for by San Diego Works! A sponsored committee of the San Diego an
Paid for by San Diego Works! A sponsored committee of the San Diego an PDF document
438 views
Mary BlairLoy (UC San Diego)Jeanne Ferrante (UC San Diego)Erin A. Cech
Mary BlairLoy (UC San Diego)Jeanne Ferrante (UC San Diego)Erin A. Cech PDF document
413 views
Next Show more