Towards identifying and preventing behavioral side channel attack on recording attack resilient unaided authentication services

摘要

Side channel attacks, based on the human behavior, have not received much attention in the domain of recording attack resilient unaided authentication services (RARUAS) that purely rely on human visual perception but not on hidden auxiliary channels. In this paper, for the first time, we have made an extensive analysis to show - how human behavior during the login can weaken the claimed security standard of RARUAS. We identify this threat as behavioral side channel attack. To make situation more alarming, our investigation revealed that the identified threat model is capable of reducing the claimed session resiliency of any RARUAS by a significant extent. For dealing with this threat model, the latter part of our proposal introduces a novel defense strategy that reduces attackers' efficiency and improves the session resiliency. The subsequent study indicates that by nature of its design, the pro- posed defense strategy does not make any significant impact on the usability standard. To validate our claims, we have made a thorough experimental study to show that the pro- posed defense strategy is truly deployable in practice for improving the situation against the behavioral side channel attack. (C) 2019 Elsevier Ltd. All rights reserved.