In the Quest to Protect Users from Side-Channel Attacks - A User-Centred Design Space to Mitigate Thermal Attacks on Public Payment Terminals


Conference / Medium


Mohamed Khamis Yasmeen Abdrabou Shaun Macdonald Karola Marky

Research Hub

Research Hub D: Benutzerfreundlichkeit

Research Challenges

RC 10: Engineers and Usability
RC 11: End-users and Usability


Thermal attacks are an emerging threat that enables the reconstruction of user input after interaction with a device by analysing heat traces. There are several ways to protect users from thermal attacks that require different degrees of user involvement. In this paper, we first present a structured literature review to identify 15 protection strategies. Then, we investigate user perceptions of these strategies in an online study (N=306). Our results show that users intuitively use protection strategies that also work against other side-channel attacks. Further, users are willing to sacrifice convenience for the sake of verifying a strategy's efficacy. Yet, an ideal holistic defence from thermal attacks is one that is readily integrated into user interfaces by manufacturers in a way that the user can verify it. Further, users like resourceless strategies that fit their habits. We use the literature review and study results to identify a user-centred design space for thermal attack protection. We conclude the paper with specific recommendations for users, device manufacturers and interface providers to better protect individuals from thermal attacks.


Usable Security and Privacy
Empirical Studies on the Perception of Security and Privacy
Societal and Cultural Perspectives of Security and Privacy