{"id":"https://openalex.org/W2963215340","doi":"https://doi.org/10.3233/jcs-191289","title":"<i>PILOT</i> : Password and PIN information leakage from obfuscated typing videos","display_name":"<i>PILOT</i> : Password and PIN information leakage from obfuscated typing videos","publication_year":2019,"publication_date":"2019-06-06","ids":{"openalex":"https://openalex.org/W2963215340","doi":"https://doi.org/10.3233/jcs-191289","mag":"2963215340"},"language":"en","primary_location":{"id":"doi:10.3233/jcs-191289","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-191289","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5053461285","display_name":"Kiran S. Balagani","orcid":"https://orcid.org/0000-0002-7152-2936"},"institutions":[{"id":"https://openalex.org/I4210104314","display_name":"New York Institute of Technology","ror":"https://ror.org/01bghzb51","country_code":"US","type":"education","lineage":["https://openalex.org/I4210104314"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kiran Balagani","raw_affiliation_strings":["New York Institute of Technology, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"New York Institute of Technology, USA","institution_ids":["https://openalex.org/I4210104314"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050370344","display_name":"Matteo Cardaioli","orcid":null},"institutions":[{"id":"https://openalex.org/I138689650","display_name":"University of Padua","ror":"https://ror.org/00240q980","country_code":"IT","type":"education","lineage":["https://openalex.org/I138689650"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Matteo Cardaioli","raw_affiliation_strings":["GFT Italy, Italy","University of Padua, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"GFT Italy, Italy","institution_ids":[]},{"raw_affiliation_string":"University of Padua, Italy","institution_ids":["https://openalex.org/I138689650"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063847107","display_name":"Mauro Conti","orcid":"https://orcid.org/0000-0002-3612-1934"},"institutions":[{"id":"https://openalex.org/I138689650","display_name":"University of Padua","ror":"https://ror.org/00240q980","country_code":"IT","type":"education","lineage":["https://openalex.org/I138689650"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Mauro Conti","raw_affiliation_strings":["University of Padua, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Padua, Italy","institution_ids":["https://openalex.org/I138689650"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5033645370","display_name":"Paolo Gasti","orcid":"https://orcid.org/0000-0001-7810-3614"},"institutions":[{"id":"https://openalex.org/I4210104314","display_name":"New York Institute of Technology","ror":"https://ror.org/01bghzb51","country_code":"US","type":"education","lineage":["https://openalex.org/I4210104314"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Paolo Gasti","raw_affiliation_strings":["New York Institute of Technology, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"New York Institute of Technology, USA","institution_ids":["https://openalex.org/I4210104314"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060799238","display_name":"Martin Georgiev","orcid":"https://orcid.org/0000-0002-5558-6497"},"institutions":[{"id":"https://openalex.org/I204250578","display_name":"University of California, Irvine","ror":"https://ror.org/04gyf1771","country_code":"US","type":"education","lineage":["https://openalex.org/I204250578"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Martin Georgiev","raw_affiliation_strings":["University of California, Irvine, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of California, Irvine, USA","institution_ids":["https://openalex.org/I204250578"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029370033","display_name":"Tristan Gurtler","orcid":null},"institutions":[{"id":"https://openalex.org/I4210104314","display_name":"New York Institute of Technology","ror":"https://ror.org/01bghzb51","country_code":"US","type":"education","lineage":["https://openalex.org/I4210104314"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tristan Gurtler","raw_affiliation_strings":["New York Institute of Technology, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"New York Institute of Technology, USA","institution_ids":["https://openalex.org/I4210104314"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5031443144","display_name":"Daniele Lain","orcid":"https://orcid.org/0000-0001-6101-7306"},"institutions":[{"id":"https://openalex.org/I138689650","display_name":"University of Padua","ror":"https://ror.org/00240q980","country_code":"IT","type":"education","lineage":["https://openalex.org/I138689650"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Daniele Lain","raw_affiliation_strings":["University of Padua, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Padua, Italy","institution_ids":["https://openalex.org/I138689650"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019447795","display_name":"Charissa Miller","orcid":null},"institutions":[{"id":"https://openalex.org/I4210104314","display_name":"New York Institute of Technology","ror":"https://ror.org/01bghzb51","country_code":"US","type":"education","lineage":["https://openalex.org/I4210104314"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Charissa Miller","raw_affiliation_strings":["New York Institute of Technology, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"New York Institute of Technology, USA","institution_ids":["https://openalex.org/I4210104314"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5077578368","display_name":"Kendall Molas","orcid":null},"institutions":[{"id":"https://openalex.org/I4210104314","display_name":"New York Institute of Technology","ror":"https://ror.org/01bghzb51","country_code":"US","type":"education","lineage":["https://openalex.org/I4210104314"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kendall Molas","raw_affiliation_strings":["New York Institute of Technology, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"New York Institute of Technology, USA","institution_ids":["https://openalex.org/I4210104314"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5031972170","display_name":"Nikita Samarin","orcid":"https://orcid.org/0000-0001-7595-1079"},"institutions":[{"id":"https://openalex.org/I4210104314","display_name":"New York Institute of Technology","ror":"https://ror.org/01bghzb51","country_code":"US","type":"education","lineage":["https://openalex.org/I4210104314"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Nikita Samarin","raw_affiliation_strings":["New York Institute of Technology, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"New York Institute of Technology, USA","institution_ids":["https://openalex.org/I4210104314"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065444629","display_name":"Eugen Saraci","orcid":null},"institutions":[{"id":"https://openalex.org/I138689650","display_name":"University of Padua","ror":"https://ror.org/00240q980","country_code":"IT","type":"education","lineage":["https://openalex.org/I138689650"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Eugen Saraci","raw_affiliation_strings":["University of Padua, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Padua, Italy","institution_ids":["https://openalex.org/I138689650"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5009882362","display_name":"Gene Tsudik","orcid":"https://orcid.org/0000-0002-8467-8614"},"institutions":[{"id":"https://openalex.org/I204250578","display_name":"University of California, Irvine","ror":"https://ror.org/04gyf1771","country_code":"US","type":"education","lineage":["https://openalex.org/I204250578"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Gene Tsudik","raw_affiliation_strings":["University of California, Irvine, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of California, Irvine, USA","institution_ids":["https://openalex.org/I204250578"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5030027972","display_name":"Lynn Wu","orcid":"https://orcid.org/0000-0001-8840-9318"},"institutions":[{"id":"https://openalex.org/I4210104314","display_name":"New York Institute of Technology","ror":"https://ror.org/01bghzb51","country_code":"US","type":"education","lineage":["https://openalex.org/I4210104314"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Lynn Wu","raw_affiliation_strings":["New York Institute of Technology, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"New York Institute of Technology, USA","institution_ids":["https://openalex.org/I4210104314"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":13,"corresponding_author_ids":["https://openalex.org/A5050370344"],"corresponding_institution_ids":["https://openalex.org/I138689650"],"apc_list":null,"apc_paid":null,"fwci":3.1734,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.93078131,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":"27","issue":"4","first_page":"405","last_page":"425"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9743000268936157,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.9407204985618591},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7713152170181274},{"id":"https://openalex.org/keywords/keystroke-logging","display_name":"Keystroke logging","score":0.7071511745452881},{"id":"https://openalex.org/keywords/alphanumeric","display_name":"Alphanumeric","score":0.7008867859840393},{"id":"https://openalex.org/keywords/information-leakage","display_name":"Information leakage","score":0.655197262763977},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5716388821601868},{"id":"https://openalex.org/keywords/masking","display_name":"Masking (illustration)","score":0.5213935971260071},{"id":"https://openalex.org/keywords/password-strength","display_name":"Password strength","score":0.5150982737541199},{"id":"https://openalex.org/keywords/password-cracking","display_name":"Password cracking","score":0.5091184973716736},{"id":"https://openalex.org/keywords/cognitive-password","display_name":"Cognitive password","score":0.4765078127384186},{"id":"https://openalex.org/keywords/leakage","display_name":"Leakage (economics)","score":0.45983192324638367},{"id":"https://openalex.org/keywords/keystroke-dynamics","display_name":"Keystroke dynamics","score":0.42306458950042725},{"id":"https://openalex.org/keywords/one-time-password","display_name":"One-time password","score":0.26369935274124146},{"id":"https://openalex.org/keywords/s/key","display_name":"S/KEY","score":0.21174564957618713},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.11771523952484131}],"concepts":[{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.9407204985618591},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7713152170181274},{"id":"https://openalex.org/C161615301","wikidata":"https://www.wikidata.org/wiki/Q309396","display_name":"Keystroke logging","level":2,"score":0.7071511745452881},{"id":"https://openalex.org/C2781003394","wikidata":"https://www.wikidata.org/wiki/Q737372","display_name":"Alphanumeric","level":2,"score":0.7008867859840393},{"id":"https://openalex.org/C2779201187","wikidata":"https://www.wikidata.org/wiki/Q2775060","display_name":"Information leakage","level":2,"score":0.655197262763977},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5716388821601868},{"id":"https://openalex.org/C2777402240","wikidata":"https://www.wikidata.org/wiki/Q6783436","display_name":"Masking (illustration)","level":2,"score":0.5213935971260071},{"id":"https://openalex.org/C70530487","wikidata":"https://www.wikidata.org/wiki/Q1990841","display_name":"Password strength","level":4,"score":0.5150982737541199},{"id":"https://openalex.org/C3847113","wikidata":"https://www.wikidata.org/wiki/Q2746524","display_name":"Password cracking","level":5,"score":0.5091184973716736},{"id":"https://openalex.org/C23875713","wikidata":"https://www.wikidata.org/wiki/Q5141232","display_name":"Cognitive password","level":5,"score":0.4765078127384186},{"id":"https://openalex.org/C2777042071","wikidata":"https://www.wikidata.org/wiki/Q6509304","display_name":"Leakage (economics)","level":2,"score":0.45983192324638367},{"id":"https://openalex.org/C79540074","wikidata":"https://www.wikidata.org/wiki/Q3269465","display_name":"Keystroke dynamics","level":4,"score":0.42306458950042725},{"id":"https://openalex.org/C89479133","wikidata":"https://www.wikidata.org/wiki/Q1137840","display_name":"One-time password","level":3,"score":0.26369935274124146},{"id":"https://openalex.org/C4957475","wikidata":"https://www.wikidata.org/wiki/Q242186","display_name":"S/KEY","level":3,"score":0.21174564957618713},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.11771523952484131},{"id":"https://openalex.org/C139719470","wikidata":"https://www.wikidata.org/wiki/Q39680","display_name":"Macroeconomics","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C142362112","wikidata":"https://www.wikidata.org/wiki/Q735","display_name":"Art","level":0,"score":0.0},{"id":"https://openalex.org/C153349607","wikidata":"https://www.wikidata.org/wiki/Q36649","display_name":"Visual arts","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.3233/jcs-191289","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-191289","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"},{"id":"pmh:oai:www.research.unipd.it:11577/3305760","is_oa":false,"landing_page_url":"http://hdl.handle.net/11577/3305760","pdf_url":null,"source":{"id":"https://openalex.org/S4377196283","display_name":"Research Padua  Archive (University of Padua)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I138689650","host_organization_name":"University of Padua","host_organization_lineage":["https://openalex.org/I138689650"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W170161968","https://openalex.org/W1930624869","https://openalex.org/W1955645522","https://openalex.org/W1973132608","https://openalex.org/W1993164261","https://openalex.org/W2004333922","https://openalex.org/W2007488200","https://openalex.org/W2032227103","https://openalex.org/W2036455589","https://openalex.org/W2074367177","https://openalex.org/W2076501458","https://openalex.org/W2099244020","https://openalex.org/W2108525321","https://openalex.org/W2128025167","https://openalex.org/W2135032965","https://openalex.org/W2135359429","https://openalex.org/W2141666987","https://openalex.org/W2149359921","https://openalex.org/W2162003954","https://openalex.org/W2171920515","https://openalex.org/W2250366030","https://openalex.org/W2408661706","https://openalex.org/W2525572646","https://openalex.org/W2579193977","https://openalex.org/W2733765803","https://openalex.org/W2793573497","https://openalex.org/W2887483103","https://openalex.org/W6605925933"],"related_works":["https://openalex.org/W1982158666","https://openalex.org/W137322897","https://openalex.org/W3131491961","https://openalex.org/W2969720675","https://openalex.org/W2054626033","https://openalex.org/W2021087413","https://openalex.org/W2953105088","https://openalex.org/W3129147562","https://openalex.org/W2980143468","https://openalex.org/W2906808255"],"abstract_inverted_index":{"This":[0,165],"paper":[1],"studies":[2],"leakage":[3,94,188],"of":[4,12,23,60,159],"user":[5],"passwords":[6,111],"and":[7,41,128],"PINs":[8,161],"based":[9],"on":[10,15,70,124,140],"observations":[11],"typing":[13],"feedback":[14],"screens":[16],"or":[17,27,73],"from":[18,45,58],"projectors":[19],"in":[20,83,91,101,112,133,142,190],"the":[21,129,160,186],"form":[22],"masked":[24],"characters":[25,63],"(\u2217":[26],"\u2219)":[28],"that":[29,179],"indicate":[30,88,178],"keystrokes.":[31],"To":[32],"this":[33,191],"end,":[34],"we":[35,152],"developed":[36],"an":[37,77],"attack":[38,53,85,130],"called":[39],"Password":[40],"Pin":[42],"Information":[43],"Leakage":[44],"Obfuscated":[46],"Typing":[47],"Videos":[48],"(":[49,145],"PILOT":[50,107,121],").":[51],"Our":[52,175],"extracts":[54],"inter-keystroke":[55,105],"timing":[56],"information":[57,187],"videos":[59],"password":[61,69,181],"masking":[62,182],"displayed":[64],"when":[65],"users":[66],"type":[67],"their":[68,74],"a":[71,168],"computer,":[72],"PIN":[75],"at":[76],"ATM.":[78],"We":[79],"conducted":[80],"several":[81],"experiments":[82],"various":[84],"scenarios.":[86],"Results":[87],"that,":[89],"while":[90],"some":[92],"cases":[93],"is":[95,98],"minor,":[96],"it":[97],"quite":[99],"substantial":[100],"others.":[102],"By":[103],"leveraging":[104],"timings,":[106],"recovers":[108],"8-character":[109],"alphanumeric":[110],"as":[113,115],"little":[114],"19":[116],"attempts.":[117,164],"When":[118],"guessing":[119,127],"PINs,":[120],"significantly":[122],"improved":[123],"both":[125],"random":[126,173],"strategy":[131],"adopted":[132],"our":[134],"prior":[135],"work":[136],"(In":[137],"European":[138],"Symposium":[139],"Research":[141],"Computer":[143],"Security":[144],"2018":[146],")":[147],"263\u2013280":[148],"Springer).":[149],"In":[150],"particular,":[151],"were":[153],"able":[154],"to":[155,167,172],"guess":[156],"about":[157],"3%":[158],"within":[162],"10":[163],"corresponds":[166],"26-fold":[169],"improvement":[170],"compared":[171],"guessing.":[174],"results":[176],"strongly":[177],"secure":[180],"GUIs":[183],"must":[184],"consider":[185],"identified":[189],"paper.":[192]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":1}],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2019-07-30T00:00:00"}