اشترك بالحزمة الذهبية واحصل على وصول غير محدود شمرا أكاديميا
تسجيل مستخدم جديدA Survey of Collection Methods and Cross-Data Set Comparison of Android Unlock Patterns
55
0
0.0
(
0
)
اسأل ChatGPT حول البحث
ﻻ يوجد ملخص باللغة العربية
Androids graphical password unlock remains one of the most widely used schemes for phone unlock authentication, and it is has been studied extensively in the last decade since its launch. We have learned that users choice of patterns mimics the poor password choices in other systems, such as PIN or text-based passwords. A wide variety of analysis and data collections methods was used to reach these conclusions, but what is missing from the literature is a systemized comparison of the related work in this space that compares both the methodology and the results. In this paper, we take a detailed accounting of the different methods applied to data collection and analysis for Android unlock patterns. We do so in two dimensions. First we systemize prior work into a detailed taxonomy of collection methods, and in the second dimension, we perform a detailed analysis of 9 different data sets collected using different methods. While this study focuses singularly on the collection methods and comparisons of the Android pattern unlock scheme, we believe that many of the findings generalize to other graphical password schemes, unlock authentication technology, and other knowledge-based authentication schemes.
قيم البحث
اقرأ أيضاً
Android unlock patterns remain quite common. Our study, as well as others, finds that roughly 25% of respondents use a pattern when unlocking their phone. Despite known security issues, the design of the pattern interface remains unchanged since firs
t launch. We propose Double Patterns, a natural and easily adoptable advancement on Android unlock patterns that maintains the core design features, but instead of selecting a single pattern, a user selects two, concurrent Android unlock patterns entered one-after-the-other super-imposed on the same 3x3 grid. We evaluated Double Patterns for both security and usability by conducting an online study with $n=634$ participants in three treatments: a control treatment, a first pattern entry blocklist, and a blocklist for both patterns. We find that in all settings, user chosen Double Patterns are more secure than traditional patterns based on standard guessability metrics, more similar to that of 4-/6-digit PINs, and even more difficult to guess for a simulated attacker. Users express positive sentiments in qualitative feedback, particularly those who currently (or previously) used Android unlock patterns, and overall, participants found the Double Pattern interface quite usable, with high recall retention and comparable entry times to traditional patterns. In particular, current Android pattern users, the target population for Double Patterns, reported SUS scores in the 80th percentile and high perceptions of security and usability in responses to open- and closed-questions. Based on these findings, we would recommend adding Double Patterns as an advancement to Android patterns, much like allowing for added PIN length.
Mobile phones enable the collection of a wealth of private information, from unique identifiers (e.g., email addresses), to a users location, to their text messages. This information can be harvested by apps and sent to third parties, which can use i
t for a variety of purposes. In this paper we perform the largest study of private information collection (PIC) on Android to date. Leveraging an anonymized dataset collected from the customers of a popular mobile security product, we analyze the flows of sensitive information generated by 2.1M unique apps installed by 17.3M users over a period of 21 months between 2018 and 2019. We find that 87.2% of all devices send private information to at least five different domains, and that actors active in different regions (e.g., Asia compared to Europe) are interested in collecting different types of information. The United States (62% of the total) and China (7% of total flows) are the countries that collect most private information. Our findings raise issues regarding data regulation, and would encourage policymakers to further regulate how private information is used by and shared among the companies and how accountability can be truly guaranteed.
We present the design and design rationale for the user interfaces for Privacy Enhancements for Android (PE for Android). These UIs are built around two core ideas, namely that developers should explicitly declare the purpose of why sensitive data is
being used, and these permission-purpose pairs should be split by first party and third party uses. We also present a taxonomy of purposes and ways of how these ideas can be deployed in the existing Android ecosystem.
The emerging public awareness and government regulations of data privacy motivate new paradigms of collecting and analyzing data transparent and acceptable to data owners. We present a new concept of privacy and corresponding data formats, mechanisms
, and tradeoffs for privatizing data during data collection. The privacy, named Interval Privacy, enforces the raw data conditional distribution on the privatized data to be the same as its unconditional distribution over a nontrivial support set. Correspondingly, the proposed privacy mechanism will record each data value as a random interval containing it. The proposed interval privacy mechanisms can be easily deployed through most existing survey-based data collection paradigms, e.g., by asking a respondent whether its data value is within a randomly generated range. Another unique feature of interval mechanisms is that they obfuscate the truth but not distort it. The way of using narrowed range to convey information is complementary to the popular paradigm of perturbing data. Also, the interval mechanisms can generate progressively refined information at the discretion of individual respondents. We study different theoretical aspects of the proposed privacy. In the context of supervised learning, we also offer a method such that existing supervised learning algorithms designed for point-valued data could be directly applied to learning from interval-valued data.
Host-based anomaly detectors generate alarms by inspecting audit logs for suspicious behavior. Unfortunately, evaluating these anomaly detectors is hard. There are few high-quality, publicly-available audit logs, and there are no pre-existing framewo
rks that enable push-button creation of realistic system traces. To make trace generation easier, we created Xanthus, an automated tool that orchestrates virtual machines to generate realistic audit logs. Using Xanthus simple management interface, administrators select a base VM image, configure a particular tracing framework to use within that VM, and define post-launch scripts that collect and save trace data. Once data collection is finished, Xanthus creates a self-describing archive, which contains the VM, its configuration parameters, and the collected trace data. We demonstrate that Xanthus hides many of the tedious (yet subtle) orchestration tasks that humans often get wrong; Xanthus avoids mistakes that lead to non-replicable experiments.
سجل دخول لتتمكن من نشر تعليقات
التعليقات
جاري جلب التعليقات
سجل دخول لتتمكن من متابعة معايير البحث التي قمت باختيارها
