My Google Glass Sees Your Passwords!

My Google Glass Sees Your Passwords!

时间： 地点：计算机楼313会议室

报告简介：

In this presentation, we introduce a novel computer vision based attack that automatically discloses inputs on a touch enabled device. Our spying camera, including Google Glass, can take a video of the victim tapping on the touch screen and automatically recognize more than 90% of the tapped passcodes from three meters away, even if our naked eyes cannot see those passcodes or anything on the touch screen. The basic idea is to track the movement of the fingertip and use the fingertip's relative position on the touch screen to recognize the touch input. We carefully analyze the shadow formation around the fingertip, apply the optical flow, deformable part-based model (DPM) object detector, k-means clustering and other computer vision techniques to automatically track the touching fingertip and locate the touched points. Planar homography is then applied to map the estimated touched points to a software keyboard in a reference image. Our work is substantially different from related work on blind recognition of touch inputs. We target passcodes where no language model can be applied to correct estimated touched keys. We are interested in scenarios such as conferences and similar gathering places where a Google Glass, webcam, or smartphone can be used for a stealthy attack. Extensive experiments were performed to demonstrate the impact of this attack. As a countermeasure, we design a context aware Privacy Enhancing Keyboard (PEK) which pops up a randomized keyboard on Android systems for sensitive information such as password inputs and shows a conventional QWERTY keyboard for normal inputs.

报告人简介：

付新文博士是马萨诸塞大学洛厄尔分校(University of Massachusetts Lowell)计算机系副教授，网络取证中心主任。他于1995年在中国西安交通大学获得电子工程学士学位，1998年在中国科技大学获得电子工程硕士学位，2005年在美国德克萨斯A&M大学获得计算机工程博士学位。他的主要研究方向为网络安全与隐私，数字取证，信息保障，系统可靠性与网络QoS，无线网络。付新文博士在2008年由于在北达科他州立大学杰出的科研工作他获得了Merrill Hunter Award。他在IEEE ICC 2008，2013和WASA 2013获得最佳论文奖，在2011年获得马萨诸塞大学洛厄尔分校计算机系教学奖，同年他指导的博士生在ACM MobiCom获得ACM 研究生研究竞赛的银牌。付新文教授已在安全学术会议和期刊发表了100余篇研究论文，其中在IEEE S&P (Oakland)，ACM CCS，ACM Mobihoc，IEEE INFOCOM以及ICDCS等国际顶级会议以及 ACM/IEEE Transactions on Networking (ToN)，IEEE Transactions on Parallel and Distributed Systems (TPDS)，IEEE Transactions on Computers (TC)，IEEE Transaction on Mobile Computing (TMC)，IEEE Transactions on Vehicular Technology (TVT)等国际期刊上发表论文数十篇。他撰写网络流量分析书籍1本，参与撰写相关网络安全书籍5本。他在各种知名技术安全会议上发表演讲，包括Black Hat。在2005-2014年期间他的研究工作获得了10余个项目资助，其中得到了美国NSF 130余万美元项目的资助。付新文教授是ACM、IEEE会员，担任IEEE TrustCom2010，Globecom2011国际会议程序委员会副主席，ICNC2015安全分会程序委员会主席和IEEE INFOCOM、IEEE ICDCS、SecureComm和DFRWS国际会议的程序委员会委员。

计算机网络和信息集成教育部重点实验室（东南大学）