DeepAI AI Chat
Log In Sign Up

IntegriScreen: Visually Supervising Remote User Interactions on Compromised Clients

by   Ivo Sluganovic, et al.

Remote services and applications that users access via their local clients (laptops or desktops) usually assume that, following a successful user authentication at the beginning of the session, all subsequent communication reflects the user's intent. However, this is not true if the adversary gains control of the client and can therefore manipulate what the user sees and what is sent to the remote server. To protect the user's communication with the remote server despite a potentially compromised local client, we propose the concept of continuous visual supervision by a second device equipped with a camera. Motivated by the rapid increase of the number of incoming devices with front-facing cameras, such as augmented reality headsets and smart home assistants, we build upon the core idea that the user's actual intended input is what is shown on the client's screen, despite what ends up being sent to the remote server. A statically positioned camera enabled device can, therefore, continuously analyze the client's screen to enforce that the client behaves honestly despite potentially being malicious. We evaluate the present-day feasibility and deployability of this concept by developing a fully functional prototype, running a host of experimental tests on three different mobile devices, and by conducting a user study in which we analyze participants' use of the system during various simulated attacks. Experimental evaluation indeed confirms the feasibility of the concept of visual supervision, given that the system consistently detects over 98 evaluated attacks, while study participants with little instruction detect the remaining attacks with high probability.


page 6

page 9


Feasibility of Corneal Imaging for Handheld Augmented Reality

Smartphones are a popular device class for mobile Augmented Reality but ...

Client-Server Sessions in Linear Logic

We introduce coexponentials, a new set of modalities for Classical Linea...

Shielding Collaborative Learning: Mitigating Poisoning Attacks through Client-Side Detection

Collaborative learning allows multiple clients to train a joint model wi...

Formal Methods Analysis of the Secure Remote Password Protocol

We analyze the Secure Remote Password (SRP) protocol for structural weak...

TOPCAT Visualisation over the Web

The desktop GUI catalogue analysis tool TOPCAT, and its command-line cou...

Real-time Speech Interruption Analysis: From Cloud to Client Deployment

Meetings are an essential form of communication for all types of organiz...

Revisiting Client Puzzles for State Exhaustion Attacks Resilience

In this paper, we address the challenges facing the adoption of client p...