Are Thermal Attacks a Realistic Threat? Investigating the Preconditions of Thermal Attacks in Users' Daily Lives

Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

Authors

  • Paul Bekaert
  • Norah Alotaibi
  • Florian Mathis
  • Nina Gerber
  • Aidan Christopher Rafferty
  • Mohamed Khamis
  • Karola Marky

Research Organisations

External Research Organisations

  • University of Glasgow
  • University of Edinburgh
  • Technische Universität Darmstadt
View graph of relations

Details

Original languageEnglish
Title of host publicationParticipative Computing for Sustainable Futures - Proceedings of the 12th Nordic Conference on Human-Computer Interaction, NordiCHI 2022
PublisherAssociation for Computing Machinery (ACM)
ISBN (electronic)9781450396998
Publication statusPublished - 8 Oct 2022
Event12th Nordic Conference on Human-Computer Interaction: Participative Computing for Sustainable Futures, NordiCHI 2022 - Aarhus, Denmark
Duration: 8 Oct 202212 Oct 2022

Publication series

NameACM International Conference Proceeding Series

Abstract

Thermal attacks refer to the possibility of capturing heat traces that result from interacting with user interfaces to reveal sensitive input, such as passwords. The technical feasibility and effectiveness of thermal attacks have already been demonstrated. Yet, several preconditions have to be met for successful thermal attacks. In this paper, we investigate user awareness of thermal attacks and to which extent the attack's preconditions are met in the users' daily lives. We present results from an online study with 101 participants showing that users are frequently at risk of thermal attacks based on their behavior, e.g., due to leaving devices unattended, or their choice of authentication method. Further, only 7 of our 101 participants had heard of thermal attacks. Based on our results, we discuss the implications on user security, operators of public spaces, and the development of thermal attack-resistant input methods.

Keywords

    side-channel attacks, thermal attacks, usable privacy, usable security

ASJC Scopus subject areas

Cite this

Are Thermal Attacks a Realistic Threat? Investigating the Preconditions of Thermal Attacks in Users' Daily Lives. / Bekaert, Paul; Alotaibi, Norah; Mathis, Florian et al.
Participative Computing for Sustainable Futures - Proceedings of the 12th Nordic Conference on Human-Computer Interaction, NordiCHI 2022. Association for Computing Machinery (ACM), 2022. 3546706 (ACM International Conference Proceeding Series).

Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

Bekaert, P, Alotaibi, N, Mathis, F, Gerber, N, Rafferty, AC, Khamis, M & Marky, K 2022, Are Thermal Attacks a Realistic Threat? Investigating the Preconditions of Thermal Attacks in Users' Daily Lives. in Participative Computing for Sustainable Futures - Proceedings of the 12th Nordic Conference on Human-Computer Interaction, NordiCHI 2022., 3546706, ACM International Conference Proceeding Series, Association for Computing Machinery (ACM), 12th Nordic Conference on Human-Computer Interaction: Participative Computing for Sustainable Futures, NordiCHI 2022, Aarhus, Denmark, 8 Oct 2022. https://doi.org/10.1145/3546155.3546706
Bekaert, P., Alotaibi, N., Mathis, F., Gerber, N., Rafferty, A. C., Khamis, M., & Marky, K. (2022). Are Thermal Attacks a Realistic Threat? Investigating the Preconditions of Thermal Attacks in Users' Daily Lives. In Participative Computing for Sustainable Futures - Proceedings of the 12th Nordic Conference on Human-Computer Interaction, NordiCHI 2022 Article 3546706 (ACM International Conference Proceeding Series). Association for Computing Machinery (ACM). https://doi.org/10.1145/3546155.3546706
Bekaert P, Alotaibi N, Mathis F, Gerber N, Rafferty AC, Khamis M et al. Are Thermal Attacks a Realistic Threat? Investigating the Preconditions of Thermal Attacks in Users' Daily Lives. In Participative Computing for Sustainable Futures - Proceedings of the 12th Nordic Conference on Human-Computer Interaction, NordiCHI 2022. Association for Computing Machinery (ACM). 2022. 3546706. (ACM International Conference Proceeding Series). doi: 10.1145/3546155.3546706
Bekaert, Paul ; Alotaibi, Norah ; Mathis, Florian et al. / Are Thermal Attacks a Realistic Threat? Investigating the Preconditions of Thermal Attacks in Users' Daily Lives. Participative Computing for Sustainable Futures - Proceedings of the 12th Nordic Conference on Human-Computer Interaction, NordiCHI 2022. Association for Computing Machinery (ACM), 2022. (ACM International Conference Proceeding Series).
Download
@inproceedings{c332c814a31847b7810e92aa6f404b78,
title = "Are Thermal Attacks a Realistic Threat? Investigating the Preconditions of Thermal Attacks in Users' Daily Lives",
abstract = "Thermal attacks refer to the possibility of capturing heat traces that result from interacting with user interfaces to reveal sensitive input, such as passwords. The technical feasibility and effectiveness of thermal attacks have already been demonstrated. Yet, several preconditions have to be met for successful thermal attacks. In this paper, we investigate user awareness of thermal attacks and to which extent the attack's preconditions are met in the users' daily lives. We present results from an online study with 101 participants showing that users are frequently at risk of thermal attacks based on their behavior, e.g., due to leaving devices unattended, or their choice of authentication method. Further, only 7 of our 101 participants had heard of thermal attacks. Based on our results, we discuss the implications on user security, operators of public spaces, and the development of thermal attack-resistant input methods.",
keywords = "side-channel attacks, thermal attacks, usable privacy, usable security",
author = "Paul Bekaert and Norah Alotaibi and Florian Mathis and Nina Gerber and Rafferty, {Aidan Christopher} and Mohamed Khamis and Karola Marky",
note = "Funding Information: This work was supported by the University of Edinburgh and the University of Glasgow jointly funded PhD studentships, by an EPSRC New Investigator award (EP/V008870/1) and by the PE-TRAS National Centre of Excellence for IoT Systems Cybersecurity, which has been funded by the UK EPSRC under grant number EP/S035362/1.; 12th Nordic Conference on Human-Computer Interaction: Participative Computing for Sustainable Futures, NordiCHI 2022 ; Conference date: 08-10-2022 Through 12-10-2022",
year = "2022",
month = oct,
day = "8",
doi = "10.1145/3546155.3546706",
language = "English",
series = "ACM International Conference Proceeding Series",
publisher = "Association for Computing Machinery (ACM)",
booktitle = "Participative Computing for Sustainable Futures - Proceedings of the 12th Nordic Conference on Human-Computer Interaction, NordiCHI 2022",
address = "United States",

}

Download

TY - GEN

T1 - Are Thermal Attacks a Realistic Threat? Investigating the Preconditions of Thermal Attacks in Users' Daily Lives

AU - Bekaert, Paul

AU - Alotaibi, Norah

AU - Mathis, Florian

AU - Gerber, Nina

AU - Rafferty, Aidan Christopher

AU - Khamis, Mohamed

AU - Marky, Karola

N1 - Funding Information: This work was supported by the University of Edinburgh and the University of Glasgow jointly funded PhD studentships, by an EPSRC New Investigator award (EP/V008870/1) and by the PE-TRAS National Centre of Excellence for IoT Systems Cybersecurity, which has been funded by the UK EPSRC under grant number EP/S035362/1.

PY - 2022/10/8

Y1 - 2022/10/8

N2 - Thermal attacks refer to the possibility of capturing heat traces that result from interacting with user interfaces to reveal sensitive input, such as passwords. The technical feasibility and effectiveness of thermal attacks have already been demonstrated. Yet, several preconditions have to be met for successful thermal attacks. In this paper, we investigate user awareness of thermal attacks and to which extent the attack's preconditions are met in the users' daily lives. We present results from an online study with 101 participants showing that users are frequently at risk of thermal attacks based on their behavior, e.g., due to leaving devices unattended, or their choice of authentication method. Further, only 7 of our 101 participants had heard of thermal attacks. Based on our results, we discuss the implications on user security, operators of public spaces, and the development of thermal attack-resistant input methods.

AB - Thermal attacks refer to the possibility of capturing heat traces that result from interacting with user interfaces to reveal sensitive input, such as passwords. The technical feasibility and effectiveness of thermal attacks have already been demonstrated. Yet, several preconditions have to be met for successful thermal attacks. In this paper, we investigate user awareness of thermal attacks and to which extent the attack's preconditions are met in the users' daily lives. We present results from an online study with 101 participants showing that users are frequently at risk of thermal attacks based on their behavior, e.g., due to leaving devices unattended, or their choice of authentication method. Further, only 7 of our 101 participants had heard of thermal attacks. Based on our results, we discuss the implications on user security, operators of public spaces, and the development of thermal attack-resistant input methods.

KW - side-channel attacks

KW - thermal attacks

KW - usable privacy

KW - usable security

UR - http://www.scopus.com/inward/record.url?scp=85140900903&partnerID=8YFLogxK

U2 - 10.1145/3546155.3546706

DO - 10.1145/3546155.3546706

M3 - Conference contribution

AN - SCOPUS:85140900903

T3 - ACM International Conference Proceeding Series

BT - Participative Computing for Sustainable Futures - Proceedings of the 12th Nordic Conference on Human-Computer Interaction, NordiCHI 2022

PB - Association for Computing Machinery (ACM)

T2 - 12th Nordic Conference on Human-Computer Interaction: Participative Computing for Sustainable Futures, NordiCHI 2022

Y2 - 8 October 2022 through 12 October 2022

ER -