SecTap: Secure Back Of Device Input System For Mobile Devices

Zhen Ling Southeast University, P.R. China
Luo Junzhou Southeast University, P.R. China
Yaowen Liu Southeast University, P.R. China
Ming Yang Southeast University, P.R. China
Kui Wu University of Victoria, Canada
Xinwen Fu University of Central Florida, USA


Smart mobile devices have become an integral part of people's life and users often input sensitive information on these devices. However, various side channel attacks against mobile devices pose a plethora of serious threats against user security and privacy. To mitigate these attacks, we present a novel secure Back-of-Device (BoD) input system, SecTap, for mobile devices. To use SecTap, a user tilts her mobile device to move a cursor on the keyboard and tap the back of the device to secretly input data. We design a tap detection method by processing the stream of accelerometer readings to identify the user's taps in real time. The orientation sensor of the mobile device is used to control the direction and the speed of cursor movement. We also propose an obfuscation technique to randomly and effectively accelerate the cursor movement. This technique not only preserves the input performance but also keeps the adversary from inferring the tapped keys. Extensive empirical experiments were conducted on different smart phones to demonstrate the usability and security on both Android and iOS platforms.

You may want to know: