SACM - United Kingdom

Permanent URI for this collectionhttps://drepo.sdl.edu.sa/handle/20.500.14154/9667

Browse

Filters

20242

Settings

Subject: search.filters.subject.Authentication

Search Results

Now showing 1 - 2 of 2
  • Thumbnail Image
    ItemRestricted
    UNDERSTANDING AND MITIGATING THE THREATS OF THERMAL IMAGING ON SECURITY
    (University of Glasgow, 2024-06-25) Alotaibi, Norah Mohsen T; Khamis, Mohamed; Williamson, John
    The evolution of thermal cameras from exclusive, prohibitively expensive technology to compact, economically accessible consumer products has paved the way for their potential widespread adoption in personal gadgets such as smartphones, wearables, and displays. However, this accessibility raises significant security concerns, as it can be exploited for malicious uses, such as thermal attacks. In a thermal attack, an attacker captures a thermal image of a user interface, like a keyboard or touchscreen, to reveal thermal traces left by the user's touch. These attacks can be performed without any overt action taken by the attacker, as heat traces persist for up to 60 seconds after the user has interacted and left the device unattended. Attackers can then analyze the captured image either through visual means or via advanced techniques such as image processing to reconstruct sensitive inputs made by the user, including passwords and other confidential information. Recognizing this threat, this thesis investigates the feasibility of thermal attacks when advanced methods of thermal image analysis are employed and explores mitigation methods against thermal attacks. Six studies were conducted, with the first two examining the feasibility of thermal attacks on common computer keyboards. ThermoSecure, a Deep Learning (DL) system that analyzes thermal images to estimate user input, was introduced, alongside the first publicly available dataset of 1500 thermal images of keyboards. Results from these studies highlighted that AI-driven thermal attacks are more effective. Success varied based on factors, including input-related ones like password length and user typing behavior, and interface-related ones such as keycap material and thermal conductivity. These findings underscored the pressing need for mitigation methods against thermal attacks, leading to the third study, which investigated user perceptions of privacy in relation to thermal cameras, their understanding of thermal attacks, and their preferences for mitigation methods. Previous research proposed several user-centric mitigation methods, yet the results from this study emphasized the need for holistic approaches requiring minimal user involvement. Users expressed openness towards using thermal cameras in daily life but also exhibited privacy and security concerns, largely due to unawareness of thermal attacks and mitigation strategies. With that in mind, Two camera-centric mitigations were introduced and evaluated: four distinct obfuscations (Mitigation 1) and a GANs-based mitigation (ThermoGANs) (Mitigation 2), both of which proved effective against thermal attacks. The results emphasized user preference for mitigation methods that require minimal involvement, even at the potential cost of utility. This thesis underscores the need for holistic strategies that not only prevent camera misuse but also minimize utility impact. The final study explores such a method, investigating input-based induced noise that ensures ineffective heat traces for password reconstruction, both in terms of identifying used keys and the sequence of presses. This research contributes a novel understanding of thermal attack feasibility, user perceptions, and mitigation techniques, providing a foundation for future security measures against thermal attacks.
    35 0
  • Thumbnail Image
    ItemRestricted
    A Cognimetric Authentication Tool (CAT): Temporal Analysis of Touch Dynamics
    (University of Sussex, 2024) Alwhibi, Munirah; Cheng, Peter
    Much research in touch biometric authentication is grounded in a pragmatic, data-driven methodology, involving the collection and analysis of touch data to train machine learning models. In contrast, this research explores the integration of established theories of human cognition and interactive behaviour to inform the design of a Cognimetric Authentication Tool (CAT). In the field of cognitive science, time related measures are widely used to differentiate individuals during task performance. This investigation analyses two temporal measures of swipe and scroll interactions: touch durations (touch) and durations between touches (gap). An existing dataset, comprising interactions from 41 participants engaged in two realistic and cognitively demanding tasks—reading Wikipedia articles (read) and comparing image pairs (compare)—is utilised. The goal of this research is to develop methods for capturing, modelling and comparing participant behaviours for potential authentication applications. It adopts histograms to model and compare temporal behaviours based on the shapes of frequency distributions of each measure within each task. The metric Absolute Distribution Difference (ADD) is introduced by this research to quantify the consistency of temporal behaviour within participants and its distinctiveness across participants. The analysis reveals that intra-participant variations (inconsistency) are overshadowed by inter-participant differences (distinctiveness), which is necessary for authentication. However, the intricate relationship between them emphasises a trade-off; neither is independently sufficient for authentication. Trained only on genuine user’s behaviour, CAT drops error rates to around 10% for a single measure and halving to 5% when combining two measures. To accomplish this, CAT utilises 4 user profiles per participant, tailored to each measure and task, and consisting of the average behaviour of a participant and their personal inconsistency thresholds. This multi-level personalisation approach can compensate for the natural variability and context-dependent nature of human behaviour, and it extends to the fusion functions. Through the research, two sampling techniques are employed: initially, using the entire document as a sample, and subsequently, adopting action-based sampling (a conventional technique). In their current state, both sampling techniques are eligible for delayed authentication, as second factor authentication. Similarly, two fusion methods are employed: measures are combined within the same tasks (a conventional technique), and across tasks, providing complementing aspects of task-specific behaviours. Both sampling and fusion techniques prove effective particularly in relation to the previous research conducted with this dataset.
    16 0

Copyright owned by the Saudi Digital Library (SDL) © 2025