experiments

.gitignore

@@ -245,3 +245,4 @@ TSWLatexianTemp*
 
 TIFS.pdf
 TIFS.pdf
+TIFS.pdf

TIFS.tex

@@ -8,8 +8,8 @@
 \author{Guixin Ye, Zhanyong Tang, Dingyi Fang, Xiaojiang Chen,
         Willy Wolff, Adam J. Aviv and Zheng Wang
 
-    \thanks{G. Ye, Z. Tang, D. Fang, and X. Chen are with Northwest University, China, E-mails: [email protected], {zytang, dyf, xjchen}@nwu.edu.cn }%
-    \thanks{Willy Wolf and Zheng Wang are with Lancaster University, U.K., E-mails: {w.wolff, z.wang}@lancaster.ac.uk}%
+    \thanks{G. Ye, Z. Tang, D. Fang, and X. Chen are with Northwest University, China, E-mails: [email protected], \{zytang, dyf, xjchen\}@nwu.edu.cn }%
+    \thanks{Willy Wolf and Zheng Wang are with Lancaster University, U.K., E-mails: \{w.wolff, z.wang\}@lancaster.ac.uk}%
     \thanks{Adam J. Aviv is with Naval Academy, U.S.A., E-mail: [email protected]}
 
     \thanks{
@@ -20,12 +20,12 @@
             paper, providing new insights to the original paper:
 
             (1)	It provides new evaluations to understand the impact of the screen size and the camera model on the success of the attack (section~\ref{section: screen-size and cameras});
-            
+
             (2)	It extends the attacking method to break PIN-based passwords, demonstrating the applicability of the attack on PIN-based passwords (section~\ref{section: attacking-pin-passwords});
 
             (3)	It includes a limited study to evaluate the effectiveness of the attack, where the video footage only captures the fingertip (section~\ref{section: limited-study});
-            
-            (4) It evaluates the security strength of patterns using an alternative security strength metric (section~\ref{sec:eval_gussingp});
+
+            (4) It evaluates the security strength of patterns using an alternative security metric (section~\ref{sec:eval_gussingp});
 
             (5)	It proposes a simple, yet effective countermeasure. By making some small modifications to the way a pattern lock is generated, the success rate of the attack will drop significantly (section~\ref{section: potential-remedy});
 

evaluation.tex

@@ -105,10 +105,60 @@ \section{Experimental Results}
        \begin{figure}[!t]
             \centering
             \includegraphics[width=0.5\textwidth]{fig/usibility_crackingNum.pdf}
-            \caption{The attacking success rate when grouping patterns using the guessing probability calculated by Equation~\ref{equ:guessing_number}.}
+            \caption{The attacking success rate when grouping patterns based on how likely a pattern will be used. 
+            The likelihood is calculate using Equation~\ref{equ:guessing_number}.
+            \FIXME{Change the ``Guessing probability of pattern locks" to ``Likelihood of patterns to be used".}}
             \label{fig:usage-crackingNum}
         \end{figure}
 
+
+
+       \subsubsection{Evaluation using alternative security metric}
+       \label{sec:eval_gussingp}
+        In addition to using the complexity metric defined by Equation~\ref{equ:compscore}, we also evaluate our attack 
+        based on how likely a pattern will be used by users. 
+        For this purpose, we use
+        the guessing probability  proposed in~\cite{Heidt2016Refining}. This metric
+        measures the pattern's strength by considering how likely a pattern is to be guessed. The guessing probability
+        is the likelihood estimation from the hidden Markov model trained on collected, real-world
+        data~\cite{uellenbeck2013quantifying}. The larger the likelihood, the more likely the pattern would have been
+        selected by a user. 
+
+        %Intuitively, if an attacker is to guess the pattern, he would start from a candidate pattern with the
+        %largest guessing probability (because that pattern is most likely to be used by users).
+        %Therefore, the probability can be use as a proxy for categorizing how frequent a pattern would be used by ordinary users. 
+
+
+          To translate the guessing probability to a frequency score, we first sort all the 120 testing patterns used
+          in this experiment in descending order, based on their guessing probabilities. In this way, patterns with a
+          higher probability (i.e. more commonly used patterns) will appear before those with a lower probability (less commonly
+          used patterns). Next, we give each pattern a numeric number (i.e. \emph{the guessing number}), starting from 1 for
+          the first pattern, and we increase the number by 1 as we move down to next pattern on the sorted list. We then use the following
+          formulate to calculate the frequency score, $f_{P}$, of a pattern: $P$:
+
+        \begin{equation}
+            f_{P}=\log_{10} {G_P}
+            \label{equ:guessing_number}
+        \end{equation}
+        where $G_P$ is the guessing number of pattern $P$. 
+
+
+            Using Equation~\ref{equ:guessing_number}, less commonly used patterns will have a low frequency score. With
+            this metric in place, we divide our 120 patterns collected from our participants into three categories:
+            \emph{low}, \emph{median} and \emph{high}. Patterns in the \emph{high} group are more likely to be used by users and patterns in the
+            \emph{low} group are less likely to be used daily. The high group has a value of less than 4.2, the median group
+            has a score between 4.2 and 5.1, and the low group must have a score greater than 5.1.
+            Using this partition strategy, each group has around 30 patterns. 
+
+
+            Figure~\ref{fig:usage-crackingNum} illustrates the cracking success rate for different categories under
+            numbers of attempts.  As can be seen from the diagram, the success rate with one attempt for the patterns
+            in the high group is 42.5\%. This success rate is lower than patterns in other groups. This is because that
+            the patterns in this group are simple and symmetry patterns, for which our tracking algorithm produces more
+            than one candidate pattern. This is in line with our observation using the complexity metric defined in
+            Equation~\ref{equ:compscore}. Nonetheless, our attack can successfully crack over 90\% of the pattern of
+            each group. This confirms that video-side channel is a real thread for Android locking pattern.
+
         \begin{table}[!t]
             \centering
             \caption{Tracking precision vs filming distance}
@@ -123,8 +173,8 @@ \section{Experimental Results}
                 \textbf{device edge} & 100\% & 99.4\% & 90.6\% & 69\% \\
                 \bottomrule
             \end{tabular}
-        \end{table}     
-        
+        \end{table}
+
          \begin{figure*}[!ht]
             \centering
             \subfigure{
@@ -157,34 +207,7 @@ \section{Experimental Results}
 
             \caption{Tracked fingertip trajectories (user's perspective) for the pattern shown in (d) from a video filmed from a distance of 2m (a), 3m (b), and 3.5m (c) respectively away from the target device. The tracking quality decreases when the filming distance is greater than 3m. }
             \label{fig:distance-show}
-        \end{figure*}   
-
-       \subsubsection{Evaluation using other security metric}
-       \label{sec:eval_gussingp}
-        In addition to the complexity metric defined by Equation~\ref{equ:compscore}, we also evaluate our attack using
-        the guessing probability calculated by guessing number proposed in~\cite{Heidt2016Refining}. This metric measures the pattern’s strength by
-        considering how many guesses is required to guess the given pattern. The guessing number is calculated using
-        a Markov model built from real-world user data~\cite{uellenbeck2013quantifying}. Intuitively, it will take less
-        guesses to crack a more commonly used pattern. Therefore, this metric can be used as a proxy to estimate how
-        likely a pattern will be used. We quantify the guessing probability, $GP_{P}$, of a pattern, $P$, as follows:
-
-        \begin{equation}
-            GP_{P}=\log_{10} {G_P}
-            \label{equ:guessing_number}
-        \end{equation}
-        where $G_P$ is the guessing number of the pattern.
-
-            Using this metric, we divide our 120 patterns collected from our participants into three categories: low, median and
-            high. Patterns in the high group are more likely to be used by users and patterns in the low group are less likely to
-            be used daily. The high group has a value of less than 4.2, the median group has a score between 4.2 and 5.1, and the low group must have a score greater than 5.1. Figure~\ref{fig:usage-crackingNum} illustrates the cracking
-            success rate for different categories under numbers of attempts.  As can be seen from the diagram, the success rate
-            with one attempt for the patterns in the high group is 42.5\%. This success rate is lower than patterns in other
-            groups. This is because that the patterns in this group are simple and symmetry patterns, for which our tracking
-            algorithm produces more than one candidate pattern. This is in line with our observation using the complexity metric
-            defined in Equation~\ref{equ:compscore}. Nonetheless, our attack can successfully crack over 90\% of the pattern of
-            each group. This confirms that video-side channel is a real thread for Android locking pattern.
-
-
+        \end{figure*}
 
     \subsection{Impact of Filming Distances \label{sec:distances}}
                 \begin{figure}[t!]
@@ -221,7 +244,7 @@ \section{Experimental Results}
            2.5 meters. Such a distance allows an attacker to
            record the video without raising suspicions in many day-to-day scenarios (some of these are
            depicted in Figure~\ref{fig:fig1}).
-           
+
 \begin{figure}[t!]
     \centering
     \vspace{0.6cm}
@@ -349,7 +372,7 @@ \section{Experimental Results}
                 \bottomrule
             \end{tabular}
         \end{table}
-        
+
 
     \begin{table}[!t]
             \centering