skip to main content

Attention:

The NSF Public Access Repository (NSF-PAR) system and access will be unavailable from 11:00 PM ET on Thursday, May 23 until 2:00 AM ET on Friday, May 24 due to maintenance. We apologize for the inconvenience.


This content will become publicly available on August 10, 2024

Title: D&L: A Natural Language Processing Based Approach for Protecting Sensitive Information from Shoulder Surfing Attacks
Despite the increasing attention and research effort, how to protect sensitive information from shoulder surfing attacks is still under studied. Existing methods for protecting sensitive textual content on users' screens from shoulder surfing attacks have various limitations, including ineffectiveness, insufficient protection of sensitive information, low usability, and high cognitive workload. To address those limitations, this paper proposes, develops, and evaluates a new solution called "detection and labeling" (D&L), which uses NLP techniques to automatically detect and label sensitive information in the textual content. The labeled and hidden sensitive information is then read to users through their headphones upon their clicking a label. Evaluation results demonstrate that D&L improves protection, enhances usability, reduces users’ cognitive workload, and allows faster browsing speed compared to the baseline methods.  more » « less
Award ID(s):
1917537
NSF-PAR ID:
10477497
Author(s) / Creator(s):
;
Publisher / Repository:
AIS Electronic Library (AISeL)
Date Published:
Journal Name:
AMCIS 2023
Subject(s) / Keyword(s):
["Privacy","shoulder surfing","sensitive information protection","detection and labeling (D&L)"]
Format(s):
Medium: X
Location:
Panama
Sponsoring Org:
National Science Foundation
More Like this
  1. Despite the increasing attention and research effort, how to protect sensitive information from shoulder surfing attacks is still under studied. Existing methods for protecting sensitive textual content on users' screens from shoulder surfing attacks have various limitations, including ineffectiveness, insufficient protection of sensitive information, low usability, and high cognitive workload. To address those limitations, this paper proposes, develops, and evaluates a new solution called "detection and labeling" (D&L), which uses NLP techniques to automatically detect and label sensitive information in the textual content. The labeled and hidden sensitive information is then read to users through their headphones upon their clicking a label. Evaluation results demonstrate that D&L improves protection, enhances usability, reduces users’ cognitive workload, and allows faster browsing speed compared to the baseline methods. 
    more » « less
  2. Despite the increasing attention and research effort, how to protect sensitive information from shoulder surfing attacks is still under studied. Existing methods for protecting sensitive textual content on users' screens from shoulder surfing attacks have various limitations, including ineffectiveness, insufficient protection of sensitive information, low usability, and high cognitive workload. To address those limitations, this paper proposes, develops, and evaluates a new solution called "detection and labeling" (D&L), which uses NLP techniques to automatically detect and label sensitive information in the textual content. The labeled and hidden sensitive information is then read to users through their headphones upon their clicking a label. Evaluation results demonstrate that D&L improves protection, enhances usability, reduces users’ cognitive workload, and allows faster browsing speed compared to the baseline methods. 
    more » « less
  3. Despite the increasing attention and research effort, how to protect sensitive information from shoulder surfing attacks is still under studied. Existing methods for protecting sensitive textual content on users' screens from shoulder surfing attacks have various limitations, including ineffectiveness, insufficient protection of sensitive information, low usability, and high cognitive workload. To address those limitations, this paper proposes, develops, and evaluates a new solution called "detection and labeling" (D&L), which uses NLP techniques to automatically detect and label sensitive information in the textual content. The labeled and hidden sensitive information is then read to users through their headphones upon their clicking a label. Evaluation results demonstrate that D&L improves protection, enhances usability, reduces users’ cognitive workload, and allows faster browsing speed compared to the baseline methods. 
    more » « less
  4. Shoulder-surfing studies in the context of mobile user authentication have focused on evaluating the attackers' performance, yet have paid much less attention to their perception of the shoulder-surfing process. Whether and how the shoulder-surfing setting might affect the attackers' perception remains under-explored. This study aims to investigate the perception of shoulder surfers with two different password-based mobile user authentication methods and three different observation angles. Moreover, this work examines the relationship between the attackers' perception and performance in shoulder surfing and the possible moderating effect of the authentication method for the first time. Based on the data collected from an online experiment, our analysis results reveal the effects of authentication methods and observation angles on the attackers' perception in terms of cognitive workload, observation clarity, and repetitive learning advantage. In addition, the results also show that the relationship between the attackers' cognitive workload and performance in shoulder surfing varies with the mobile user authentication method. Our findings not only deepen the understanding of shoulder-surfing attacks from an attacker's perspective, but also facilitate developing countermeasures for shoulder-surfing attacks. 
    more » « less
  5. With the increasing prevalence of mobile and IoT devices (e.g., smartphones, tablets, smart-home appliances), massive private and sensitive information are stored on these devices. To prevent unauthorized access on these devices, existing user verification solutions either rely on the complexity of user-defined secrets (e.g., password) or resort to specialized biometric sensors (e.g., fingerprint reader), but the users may still suffer from various attacks, such as password theft, shoulder surfing, smudge, and forged biometrics attacks. In this paper, we propose, CardioCam, a low-cost, general, hard-to-forge user verification system leveraging the unique cardiac biometrics extracted from the readily available built-in cameras in mobile and IoT devices. We demonstrate that the unique cardiac features can be extracted from the cardiac motion patterns in fingertips, by pressing on the built-in camera. To mitigate the impacts of various ambient lighting conditions and human movements under practical scenarios, CardioCam develops a gradient-based technique to optimize the camera configuration, and dynamically selects the most sensitive pixels in a camera frame to extract reliable cardiac motion patterns. Furthermore, the morphological characteristic analysis is deployed to derive user-specific cardiac features, and a feature transformation scheme grounded on Principle Component Analysis (PCA) is developed to enhance the robustness of cardiac biometrics for effective user verification. With the prototyped system, extensive experiments involving 25 subjects are conducted to demonstrate that CardioCam can achieve effective and reliable user verification with over $99%$ average true positive rate (TPR) while maintaining the false positive rate (FPR) as low as 4%. 
    more » « less