Panagiotis Andriotis

A pilot study on the security of pattern screen-lock methods and soft side channel attacks

Graphical passwords that allow a user to unlock a smartphones screen are one of the Android operating systems features and many users prefer them instead of traditional text-based codes. A variety of attacks has been proposed against this mechanism, of which notable are methods that recover the lock patterns using the oily residues left on screens when people move their fingers to reproduce the unlock code. In this paper we present a pilot study on user habits when setting a pattern lock and on their perceptions regarding what constitutes a secure pattern. We use our surveys results to establish a scheme, which combines a behaviour-based attack and a physical attack on graphical lock screen methods, aiming to reduce the search space of possible combinations forming a pattern, to make it partially or fully retrievable.

Complexity Metrics and User Strength Perceptions of the Pattern-Lock Graphical Authentication Method

One of the most popular contemporary graphical password approaches is the Pattern-Lock authentication mechanism that comes integrated with the Android mobile operating system. In this paper we investigate the impact of password strength meters on the selection of a perceivably secure pattern. We first define a suitable metric to measure pattern strength, taking into account the constraints imposed by the Pattern-Lock mechanisms design. We then implement an app via which we conduct a survey for Android users, retaining demographic information of responders and their perceptions on what constitutes a pattern complex enough to be secure. Subsequently, we display a pattern strength meter to the participant and investigate whether this additional prompt influences the user to change their pattern to a more effective and complex one. We also investigate potential correlations between our findings and results of a previous pilot study in order to detect any significant biases on setting a Pattern-Lock.

Risk Assessment for Mobile Systems Through a Multilayered Hierarchical Bayesian Network

Mobile systems are facing a number of application vulnerabilities that can be combined together and utilized to penetrate systems with devastating impact. When assessing the overall security of a mobile system, it is important to assess the security risks posed by each mobile applications (apps), thus gaining a stronger understanding of any vulnerabilities present. This paper aims at developing a three-layer framework that assesses the potential risks which apps introduce within the Android mobile systems. A Bayesian risk graphical model is proposed to evaluate risk propagation in a layered risk architecture. By integrating static analysis, dynamic analysis, and behavior analysis in a hierarchical framework, the risks and their propagation through each layer are well modeled by the Bayesian risk graph, which can quantitatively analyze risks faced to both apps and mobile systems. The proposed hierarchical Bayesian risk graph model offers a novel way to investigate the security risks in mobile environment and enables users and administrators to evaluate the potential risks. This strategy allows to strengthen both app security as well as the security of the entire system.

Multilevel Visualization Using Enhanced Social Network Analysis with Smartphone Data

While technology matures and becomes more productive, mobile devices can be affordable and, consequently, fully integrated in peoples lives. After their unexpected bloom and acceptance, Online Social Networks are now sources of valuable information. The authors therefore use them for tasks varying from direct marketing to forensic analysis. The authors have already seen Social Network Forensics techniques focused on particular networks implementing methods that collect data from user accounts. During the forensic analysis it is common to aggregate information from different sources but, usually, this procedure causes correlation problems. Here, the authors present their method to correlate data gathered from various social networks in combination with smartphones creating a new form of social map of the user under investigation. In addition, the authors introduce a multi level graph that utilises the correlated information from the smartphone and the social networks and demonstrates in three dimensions the relevance of each contact with the suspect.

Smartphone Message Sentiment Analysis.

Humans tend to use specific words to express their emotional states in written and oral communications. Scientists in the area of text mining and natural language processing have studied sentiment fingerprints residing in text to extract the emotional polarity of customers for a product or to evaluate the popularity of politicians. Recent research focused on micro-blogging has found notable similarities between Twitter feeds and SMS (short message service) text messages. This paper investigates the common characteristics of both formats for sentiment analysis purposes and verifies the correctness of the similarity assumption. A lexicon-based approach is used to extract and compute the sentiment scores of SMS messages found on smartphones. The data is presented along a timeline that depicts a sender’s emotional fingerprint. This form of analysis and visualization can enrich a forensic investigation by conveying potential psychological patterns from text messages.

A Comparative Study of Android Users’ Privacy Preferences Under the Runtime Permission Model

Android users recently were given the ability to selectively grant access to sensitive resources of their mobile devices when apps request them at runtime. The Android fine-grained runtime permission model has been gracefully accepted by the majority of users, who also seem to be consistent regarding their privacy and security preferences. In this paper we analyse permission data collected by Android devices that were utilising the runtime permission model. The reconstructed data represent apps’ settings snapshots. We compare behavioural insights extracted from the acquired data with users’ privacy preferences reported in our previous work. In addition, compared with the responses received from another group of mobile device users, users’ privacy settings seem to be affected by the functionality of apps. Furthermore, we advise visual schemata that describe users’ privacy settings and point out a usability issue regarding the installation process of Android apps under the runtime permission model.

Impact of User Data Privacy Management Controls on Mobile Device Investigations

There are many different types of mobile device users, but most of them do not seek to expand the functionality of their smartphones and prefer to interact with them using predefined user profiles and settings. However, “power users” are always seeking opportunities to gain absolute control of their devices and expand their capabilities. For this reason, power users attempt to obtain “super user” privileges (root) or jailbreak their devices. Meanwhile, the “bring your own device” (BYOD) trend in the workplace and increased numbers of high profile users who demand enhanced data privacy and protection are changing the mobile device landscape. This chapter discusses variations of the Android operating system that attempt to bypass the limitations imposed by the previous Android permission model (up to version 5.1) and highlights the fact that forensic analysts will encounter devices with altered characteristics. Also, the chapter discusses the Android permission model introduced in the latest operating system (version M or 6.0) that will likely change the way users interact with apps.

A study on usability and security features of the Android pattern lock screen

Purpose – The Android pattern lock screen (or graphical password) is a popular user authentication method that relies on the advantages provided by the visual representation of a password, which enhance its memorability. Graphical passwords are vulnerable to attacks (e.g. shoulder surfing); thus, the need for more complex passwords becomes apparent. This paper aims to focus on the features that constitute a usable and secure pattern and investigate the existence of heuristic and physical rules that possibly dictate the formation of a pattern. Design/methodology/approach – The authors conducted a survey to study the users’ understanding of the security and usability of the pattern lock screen. The authors developed an Android application that collects graphical passwords, by simulating user authentication in a mobile device. This avoids any potential bias that is introduced when the survey participants are not interacting with a mobile device while forming graphical passwords (e.g. in Web or hard-copy surv...

Highlighting Relationships of a Smartphone’s Social Ecosystem in Potentially Large Investigations

Social media networks are becoming increasingly popular because they can satisfy diverse needs of individuals (both personal and professional). Modern mobile devices are empowered with increased capabilities, taking advantage of the technological progress that makes them smarter than their predecessors. Thus, a smartphone user is not only the phone owner, but also an entity that may have different facets and roles in various social media networks. We believe that these roles can be aggregated in a single social ecosystem, which can be derived by the smartphone. In this paper, we present our concept of the social ecosystem in contemporary devices and we attempt to distinguish the different communities that occur from the integration of social networking in our lives. In addition, we propose techniques to highlight major actors within the ecosystem. Moreover, we demonstrate our suggested visualization scheme, which illustrates the linking of entities that live in separate communities using data taken from the smartphone. Finally, we extend our concept to include various parallel ecosystems during potentially large investigations and we link influential entities in a vertical fashion. We particularly examine cases where data aggregation is performed by specific applications, producing volumes of textual data that can be analyzed with text mining methods. Our analysis demonstrates the risks of the rising “bring your own device” trend in enterprise environments.

Messaging Activity Reconstruction with Sentiment Polarity Identification

Sentiment Analysis aims to extract information related to the emotional state of the person that produced a text document and also describe the sentiment polarity of the short or long message. This kind of information might be useful to a forensic analyst because it provides indications about the psychological state of the person under investigation at a given time. In this paper we use machine-learning algorithms to classify short texts SMS, which could be found in the internal memory of a smartphone and extract the mood of the person that sent them. The basic goal of our method is to achieve low False Positive Rates. Moreover, we present two visualization schemes with the intention to provide the ability to digital forensic analysts to see graphical representations of the messaging activity of their suspects and therefore focus on specific areas of interest reducing their workload.