Computing technology is continually evolving, and, perhaps, the biggest shift in modern computing is the advent of Smartphone (and tablet) computers. As a result of this explosion of new computing technology, computer security researchers continually ask the questions like: How does computer security of smartphones differ from that of traditional computers? In many ways, smartphones suffers from all the same security issues as traditional computers, e.g. viruses, worms, phishing, etc. This is because smartphones are computers in all senses and are thus susceptible to the same vulnerabilities and attacks as traditional computers. However, smartphones' interaction layer and visual interface, namely the touch screen, introduce new security issues not considered on traditional computers.  We interact with our smartphones in a tactile, hand-held way by holding the device and touching and gesturing on the screen. As smartphones and tablets become ever more prevalent, it is important to understand how the human interaction layer affects the security of these devices.

In this talk, I will show how this interaction layer leads to novel security vulnerabilities via two side channels I exposed in my research: smudge attacks and sensor-based side channels. I will also present new results in the area of usable security from a recentlyconcluded study on perceptions of secure vs. usable passwords for theAndroid password pattern scheme. I will demonstrate how there remainsa gap in how we perceive secure input parameters in tactile settings and how these results might inform the better design of graphical passwords on smartphone/tablet devices.