Final published version
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - In the Quest to Protect Users from Side-Channel Attacks - A User-Centred Design Space to Mitigate Thermal Attacks on Public Payment Terminals.
AU - Marky, Karola
AU - Macdonald, Shaun Alexander
AU - Abdrabou, Yasmeen
AU - Khamis, Mohamed
PY - 2023/9/11
Y1 - 2023/9/11
N2 - Thermal attacks are an emerging threat that enables the reconstruction of user input after interaction with a device by analysing heat traces. There are several ways to protect users from thermal attacks that require different degrees of user involvement. In this paper, we first present a structured literature review to identify 15 protection strategies. Then, we investigate user perceptions of these strategies in an online study (N = 306). Our results show that users intuitively use protection strategies that also work against other side-channel attacks. Further, users are willing to sacrifice convenience for the sake of verifying a strategy's efficacy. Yet, an ideal holistic defence from thermal attacks is one that is readily integrated into user interfaces by manufacturers in a way that the user can verify it. Further, users like resourceless strategies that fit their habits. We use the literature review and study results to identify a user-centred design space for thermal attack protection. We conclude the paper with specific recommendations for users, device manufacturers and interface providers to better protect individuals from thermal attacks.
AB - Thermal attacks are an emerging threat that enables the reconstruction of user input after interaction with a device by analysing heat traces. There are several ways to protect users from thermal attacks that require different degrees of user involvement. In this paper, we first present a structured literature review to identify 15 protection strategies. Then, we investigate user perceptions of these strategies in an online study (N = 306). Our results show that users intuitively use protection strategies that also work against other side-channel attacks. Further, users are willing to sacrifice convenience for the sake of verifying a strategy's efficacy. Yet, an ideal holistic defence from thermal attacks is one that is readily integrated into user interfaces by manufacturers in a way that the user can verify it. Further, users like resourceless strategies that fit their habits. We use the literature review and study results to identify a user-centred design space for thermal attack protection. We conclude the paper with specific recommendations for users, device manufacturers and interface providers to better protect individuals from thermal attacks.
M3 - Conference contribution/Paper
T3 - 32nd USENIX Security Symposium, USENIX Security 2023
SP - 5235
EP - 5252
BT - 32nd USENIX Security Symposium, USENIX Security 2023
PB - USENIX Association
ER -