Browse > Article
http://dx.doi.org/10.13089/JKIISC.2022.32.2.227

Side-Channel Attack of Android Pattern Screen Lock Exploiting Cache-Coherent Interface in ARM Processors  

Kim, Youngpil (Incheon National University)
Lee, Kyungwoon (Kyungpook National University)
Yoo, Seehwan (Dankook University)
Yoo, Chuck (Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.32, no.2, 2022 , pp. 227-242 More about this Journal
Abstract
This paper presents a Cache-Coherency Interconnect(CCI)-based Android pattern screen lock(PSL) attack on modern ARM processors. CCI has been introduced to maintain the cache coherency between the big core cluster and the little core cluster. That is, CCI is the central interconnect inside SoC that maintains cache coherency and shares data. In this paper, we reveal that CCI can be a side channel in security, that an adversary can observe security-sensitive operations. We design and implement a technique to compromise Android PSL within only a few attempts using the information of CCI in user-level applications on Android Nougat. Further, we analyzed the relationship between the pattern complexity and security. Our evaluation results show that complex and simple patterns would have similar security strengths against the proposed technique.
Keywords
Pattern screen lock; Cache-coherency interconnect; Side channel attack;
Citations & Related Records
연도 인용수 순위
  • Reference
1 S. Uellenbeck, et al., "Quantifying the security of graphical passwords: the case of android unlock patterns," Proceedings of the 2013 ACM SIGSAC conference on Computer and Communications Security. pp. 161-172, Nov. 2013.
2 Man Zhou, et al., "Pattern listener: Cracking android pattern lock using acoustic signals," Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. pp. 1775-1787, Oct. 2018.
3 Man Zhou, et al., "Stealing your android patterns via acoustic signals," IEEE Transactions on Mobile Computing, vol. 20, no. 4, pp. 1656-1671, Apr. 2021.   DOI
4 J. Bonneau, "The science of guessing: analyzing an anonymized corpus of 70 million passwords," Proceedings of the 2012 IEEE Symposium on Security and Privacy, pp. 538-552, Jul. 2012.
5 C. Sun, et al., "Dissecting pattern unlock: The effect of pattern strength meter on pattern selection," Elsevier Journal of Information Securityand Applications, vol. 19, no. 4-5, pp. 308-320, Nov. 2014.   DOI
6 Guixin Ye, et al., "A Video-based Attack for Android Pattern Lock," ACM Transactions on Privacy and Security, vol. 21, no. 4, pp. 1-31, Nov. 2018.
7 Guixin Ye, et al., "Cracking Android Pattern Lock in Five Attempts," Proceedings of the 2017 Network and Distributed System Security Symposium, pp. 1-15. Feb. 2017.
8 Volker Roth, et al., "APIN-entry method resilient against shoulder surfing," Proceedings of the 11th ACM conference on Computer and communications security, pp. 236-245, Oct. 2004.
9 Michael Backes, et al., "Compromising reflections-or-how to read LCD monitors around the corner," Proceedings of the 2008 IEEE Symposium on Security and Privacy, pp. 158-169, May 2008.
10 Baris Coskun and Cormac Herley,"Can ''something you know'' be saved?" International Conference on Information Security, LNCS 5222, pp.421-440, Sep. 2008.
11 Patrick Cronin, et al., "Charger-Surfing: Exploiting a Power Line Side-Channel for Smartphone Information Leakage," Proceedings in 30th USENIX Security Symposium, pp.681-698, Aug. 2021.
12 ARM Developer site, "Corelink cci-400 cache coherent interconnect technical reference manual," http://infocenter.arm.com/help/topic/com.arm.doc.ddi0470c/DDI0470C_cci400_r0p2_trm.pdf,Mar. 2022.
13 Adam J. Aviv, et al., "Smudge attacks on smart phone touch screens," Proceedings of the Workshop on Offensive Technologies, pp. 1-7, Aug. 2010.
14 Wolfram Mathworld site, "Parallelogram law," http://mathworld.wolfram.com/ParallelogramLaw.html, Mar. 2022.
15 Marian Harbach, et al., "The an atomy of smartphone unlocking: A field study of and roid lock screens," Proceedings of the 2016 CHI conference on Human Factors in Computing Systems, pp. 4806-4817, May. 2016.
16 Jie Zhang, et al., "Privacy leakage in mobile sensing: Your unlock passwords can be leaked through wireless hotspot functionality," Hindawi Mobile Information Systems,vol. 2016, no. 8793025, Apr. 2016.
17 Arvind Narayanan and Vitaly Shmatikov, "Fast dictionary attacks on passwords using time-space tradeoff, " Proceedings of the 12th ACM conference on Computer and communications security, pp. 364-372, Nov. 2005.
18 James L. Massey, "Guessing and entropy." Proceedings of the 1994 IEEE International Symposium on Information Theory, pp. 204-204, Jul. 1994.
19 Christian Cachin, "Entropy measures and unconditional security in cryptography," doctorial dissertation, ETH Zurich, 1997.
20 Philippe Golle and David Wagner,"Cryptanalysis of a cognitive authentication scheme," Proceedings of the 2007 IEEE Symposium on Security and Privacy, pp. 66-70, May 2007.
21 Claude Castelluccia, et al., "Adaptive password-strength meters from markov models," Proceedings of the 19th Annual Network and Distributed System Security Symposium, pp. 1-14, Feb. 2012.
22 Diksha Shukla, et al., "Beware, your hands reveal your secrets!," Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. pp. 904-917, Nov. 2014.
23 Qinggang Yue, et al., "Blind recognition of touched keys on mobile devices," Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1403-1414, Nov. 2014.
24 M. Egele, et al., "A survey on automated dynamic malware-analysis techniques and tools," ACM computing surveys, vol. 44, no. 2, pp. 1-42, Feb.2012.
25 Philippe Oechslin, "Making a faster cryptanalytic time-memory trade-off," Annual International Cryptology Conference, LNCS 2729, pp. 617-630, Aug. 2003.
26 Michel Marie Deza and Elena Deza, Encyclopedia of distances, Springer, Berlin, Heidelberg, pp. 1-583, 2009.
27 Panagiotis Andriotis, et al., "A pilot study on the security of pattern screen-lock methods and soft side channel attacks," Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks, pp. 1-6, Apr. 2013.
28 Seunghun Cha, et al., "Boosting the guessing attack performance on android lock patterns with smudge attacks," Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 313-326, Apr. 2017.
29 Roger Schneider, "Survey of peaks/valleys identification in time series," Student project 2011, Department of Informatics, University of Zurich, Aug. 2011.
30 Youngbae Song, et al., "On the effectiveness of pattern lock strength meters: Measuring the strength of real world pattern locks," Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 2343-2352, Apr. 2015.
31 Darren Davis, et al., "On user choice in graphical password schemes, " Proceedings of the USENIX security symposium, pp. 151-164, Aug. 2004.