Cashtags: Protecting the Input and Displays of Sensitive DataGrants: NSF grants CNS-1065127, IIA-1358147, and FSU Research Foundation
PIs: An-I Andy Wang, Florida State University Michael Mitchell, Florida State University Peter Reiher, University of California, Los Angeles
Past contributers: Ratnesh Patidar, Manik Saini, Parteek Singh, Florida State University
Mobile computing is the new norm. As people feel increasingly comfortable computing in public places such as coffee shops and transportation hubs, the threat of exposing sensitive information increases. While solutions exist to guard the communication channels used by mobile devices, the visual channel remains largely open. Shoulder surfing is becoming a viable threat in a world where users are often surrounded by high-power cameras, and sensitive information can be extracted from images using only modest computing power.
In response, we present Cashtags: a system to defend against attacks on mobile devices based on visual observations. The system allows users to safely access pieces of sensitive information in public by intercepting and replacing sensitive data elements with non-sensitive data elements before they are displayed on the screen. In addition, the system provides a means of computing with sensitive data in a non-observable way, while maintaining full functionality and legacy compatibility across applications.
Figure 1: On-screen sensitive data (left) and data protected by masking with cashtag aliases (right). Figure 2: Display data paths for the Android platform.
- Michael Mitchell, An-I Andy Wang, and Peter Reiher. Cashtags: Protecting Input and Displays of Sensitive Data, Proceedings of the 24th USENIX Security Symposium, August 2015. [16 pages, 16% acceptance rate] Supersedes Technical Report TR-141209, Department of Computer Science, Florida State University, December 2014.
- Michael Mitchell, An-I Andy Wang, Peter Reiher, Ratnesh Patidar, Manik Saini, and Parteek Singh. Mobile Usage Patterns and Privacy Implications, Proceedings of the IEEE 2015 International Workshop on the Impact of Human Mobility in Pervasive Systems and Applications (PerMoby), March 2015. Supersedes Technical Report TR-131104, Department of Computer Science, Florida State University, November 2013.
Michael Mitchell. Cashtags: Protecting Input and Display of Sensitive Data (preview, slides, defense). Presented at the 24th USENIX Security Symposium, Washington, D. C., August 14, 2015.
Michael Mitchell. Mobile Usage Patterns and Privacy Implications. Presented at the IEEE 2015 International Workshop on the Impact of Human Mobility in Pervasive Systems and Applications (PerMoby), St. Louis, Missouri, March 27, 2015.
Michael Mitchell. You are being watched! Protect your personal data with $cashtags. Presented at the FSU Fall Three-Minute Thesis Contest, Tallahassee Florida, 2014.
Kate Mueller. Neuroscience Student Wins Timed Thesis Competition. Florida State 24/7, November 19, 2014.
This material is based upon work supported by the National Science Foundation under grant no. CNS-1065127. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation, US Department of Education, the Philanthropic Education Organization, or the FSU Research Foundation.
Last modified: June 23, 2015