research-article

Context-free Attacks Using Keyboard Acoustic Emanations

Authors:
Tong Zhu

Tsinghua University & Tsinghua National Lab IOT Center WuXi, Beijing, China

Tsinghua University & Tsinghua National Lab IOT Center WuXi, Beijing, China
View Profile

,
Qiang Ma

Tsinghua University & Tsinghua National Lab IOT Center WuXi, Tsinghua, China

Tsinghua University & Tsinghua National Lab IOT Center WuXi, Tsinghua, China
View Profile

,
Shanfeng Zhang

Tsinghua University & HKUST, Beijing, China

Tsinghua University & HKUST, Beijing, China
View Profile

,
Yunhao Liu

Tsinghua University, Beijing, China

Tsinghua University, Beijing, China
View Profile

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications SecurityNovember 2014Pages 453–464https://doi.org/10.1145/2660267.2660296

Published:03 November 2014Publication History

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

Pages 453–464

ABSTRACT

The emanations of electronic and mechanical devices have raised serious privacy concerns. It proves possible for an attacker to recover the keystrokes by acoustic signal emanations. Most existing malicious applications adopt context-based approaches, which assume that the typed texts are potentially correlated. Those approaches often incur a high cost during the context learning stage, and can be limited by randomly typed contents (e.g., passwords). Also, context correlations can increase the risk of successive false recognition. We present a context-free and geometry-based approach to recover keystrokes. Using off-the-shelf smartphones to record acoustic emanations from keystrokes, this design estimates keystrokes' physical positions based on the Time Difference of Arrival (TDoA) method. We conduct extensive experiments and the results show that more than 72.2\% of keystrokes can be successfully recovered.

References

P. Arena. Apple iPhone 5 has three microphones and HD voice support, what's in it for you. http://www.phonearena.com/news/Apple-iPhone-5-has-three-microphones-and-HD-voice-support-whats-in-it-for-you_id34486, 2012. {Online; accessed 30-July-2014}.Google Scholar
D. Asonov and R. Agrawal. Keyboard acoustic emanations. In Proceedings of IEEE Symposium on Security and Privacy, pages 3--11, 2004.Google ScholarCross Ref
M. Backes, M. Dürmuth, S. Gerling, M. Pinkal, and C. Sporleder. Acoustic side-channel attacks on printers. In Proceedings of USENIX Security Symposium, pages 307--322, 2010. Google ScholarDigital Library
D. Barrera, H. G. Kayacik, P. C. van Oorschot, and A. Somayaji. A methodology for empirical analysis of permission-based security models and its application to android. In Proceedings of ACM CCS, pages 73--84, 2010. Google ScholarDigital Library
A. O. Bauer. Some aspects of military line communicatoins as deployed by the german armed forces prior to 1945. In Proceedings of 5th Aunnual Colloquium, The History of Military Comunications, 1999.Google Scholar
Y. Berger, A. Wool, and A. Yeredor. Dictionary attacks using keyboard acoustic emanations. In Proceedings of ACM CCS, pages 245--254, 2006. Google ScholarDigital Library
D. Dagon, T. Martin, and T. Starner. Mobile phones as computing devices: The viruses are coming! IEEE Pervasive Computing, 3(4):11--15, 2004. Google ScholarDigital Library
A. Davis, M. Rubinstein, N. Wadhwa, G. Mysore, F. Durand, and W. T. Freeman. The visual microphone: Passive recovery of sound from video. ACM Transactions on Graphics, 33(4):79:1--79:10, 2014. Google ScholarDigital Library
W. V. Eck. Electromagnetic radiation from video display units: An eavesdropping risk? In Computers and Security, pages 4:269--286, 1985. Google ScholarDigital Library
J. Elson, L. Girod, and D. Estrin. Fine-grained network time synchronization using reference broadcasts. ACM SIGOPS Operating Systems Review, 36(SI):147--163, 2002. Google ScholarDigital Library
W. Enck, M. Ongtang, and P. D. McDaniel. On lightweight mobile phone application certification. In Proceedings of ACM CCS, pages 235--245, 2009. Google ScholarDigital Library
L. Girod, M. Lukac, V. Trifa, and D. Estrin. A self-calibrating distributed acoustic sensing platform. In Proceedings of ACM SenSys, pages 335--336, 2006. Google ScholarDigital Library
A. Harter, A. Hopper, P. Steggles, A. Ward, and P. Webster. The anatomy of a context-aware application. Wireless Networks, 8(2--3):187--197, 2002. Google ScholarDigital Library
M. Hazas and A. Hopper. Broadband ultrasonic location systems for improved indoor positioning. IEEE TMC, 5(5):536--547, 2006. Google ScholarDigital Library
Y. Jia, Y. Luo, Y. Lin, and I. Kozintsev. Distributed microphone arrays for digital home and office. In Proceedings of IEEE ICASSP, pages 1065--1068, 2006.Google Scholar
C. Knapp and G. C. Carter. The generalized correlation method for estimation of time delay. IEEE Transactions on Acoustics, Speech and Signal Processing, 24(4):320--327, 1976.Google ScholarCross Ref
M. Maróti, P. Völgyesi, S. Dóra, B. Kusy, A. Nádas, Á. Lédeczi, G. Balogh, and K. Molnár. Radio interferometric geolocation. In Proceedings of ACM SenSys, pages 1--12, 2005. Google ScholarDigital Library
P. Marquardt, A. Verma, H. Carter, and P. Traynor. (sp)iphone: decoding vibrations from nearby keyboards using mobile phone accelerometers. In Proceedings of ACM CCS, pages 551--562, 2011. Google ScholarDigital Library
R. Meng, J. Isenhower, C. Qin, and S. Nelakuditi. Can smartphone sensors enhance kinect experience? In Proceedings of ACM MobiHoc, pages 265--266, 2012. Google ScholarDigital Library
E. Miluzzo, A. Varshavsky, S. Balakrishnan, and R. R. Choudhury. Tapprints: your finger taps have fingerprints. In Proceedings of ACM MobiSys, pages 323--336, 2012. Google ScholarDigital Library
E. Nordström, D. Aldman, F. Bjurefors, and C. Rohner. Search-based picture sharing with mobile phones. In Proceedings of ACM MobiHoc, pages 327--328, 2009. Google ScholarDigital Library
C. Peng, G. Shen, and Y. Zhang. Beepbeep: A high-accuracy acoustic-based system for ranging and localization using COTS devices. ACM Trans. Embedded Comput. Syst., 11(1):4, 2012. Google ScholarDigital Library
C. Qin, X. Bao, R. R. Choudhury, and S. Nelakuditi. Tagsense: a smartphone-based approach to automatic image tagging. In Proceedings of ACM MobiSys, pages 1--14, 2011. Google ScholarDigital Library
J. Qiu, D. Chu, X. Meng, and T. Moscibroda. On the feasibility of real-time phone-to-phone 3d localization. In Proceedings of ACM SenSys, pages 190--203, 2011. Google ScholarDigital Library
Y. Rui and D. Florencio. Time delay estimation in the presence of correlated noise and reverberation. In Proceedings of IEEE ICASSP, pages ii--133, 2004.Google ScholarCross Ref
R. SINGEL. Declassified NSA Document Reveals the Secret History of TEMPEST. http://www.wired.com/2008/04/nsa-release-se, 2004. {Online; accessed 23-July-2014}.Google Scholar
S. Singh, S. Nelakuditi, R. R. Choudhury, and Y. Tong. Your smartphone can watch the road and you: mobile assistant for inattentive drivers. In Proceedings of ACM MobiHoc, pages 261--262, 2012. Google ScholarDigital Library
F. Sivrikaya and B. Yener. Time synchronization in sensor networks: a survey. Network, IEEE, 18(4):45--50, 2004. Google ScholarDigital Library
D. X. Song, D. Wagner, and X. Tian. Timing analysis of keystrokes and timing attacks on ssh. In Proceedings of USENIX Security Symposium, 2001. Google ScholarDigital Library
S. Sur, T. Wei, and X. Zhang. Autodirective audio capturing through a synchronized smartphone array. In Proceedings of ACM MobiSys, pages 28--41, 2014. Google ScholarDigital Library
T. Thomas. Malware on the move., 2008.Google Scholar
H. Wang and P. Chu. Voice source localization for automatic camera pointing system in videoconferencing. In Proceedings of IEEE ICASSP, pages 187--190, 1997. Google ScholarDigital Library
J. Wang, K. Zhao, X. Zhang, and C. Peng. Ubiquitous keyboard for small mobile devices: harnessing multipath fading for fine-grained keystroke localization. In Proceedings of ACM MobiSys, pages 14--27, 2014. Google ScholarDigital Library
Y. Wang, J. Yang, H. Liu, Y. Chen, M. Gruteser, and R. P. Martin. Sensing vehicle dynamics for determining driver phone use. In MobiSys, pages 41--54, 2013. Google ScholarDigital Library
J. Yang, S. Sidhom, G. Chandrasekaran, T. Vu, H. Liu, N. Cecan, Y. Chen, M. Gruteser, and R. P. Martin. Detecting driver phone use leveraging car speakers. In Proceedings of ACM MobiCom, pages 97--108, 2011. Google ScholarDigital Library
Z. Zhang, D. Chu, X. Chen, and T. Moscibroda. Swordfight: enabling a new class of phone-to-phone action games on commodity phones. In Proceedings of ACM MobiSys, pages 1--14, 2012. Google ScholarDigital Library
L. Zhuang, F. Zhou, and J. D. Tygar. Keyboard acoustic emanations revisited. In Proceedings of ACM CCS, pages 373--382, 2005. Google ScholarDigital Library

Index Terms

Context-free Attacks Using Keyboard Acoustic Emanations
1. Security and privacy
  1. Cryptography
    1. Cryptanalysis and other attacks
  2. Intrusion/anomaly detection and malware mitigation
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Keyboard Emanations in Remote Voice Calls: Password Leakage and Noise(less) Masking Defenses
CODASPY '18: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy

Keyboard acoustic side channel attacks to date have been mostly studied in the context of an adversary eavesdropping on keystrokes by placing a listening device near the intended victim creating a local eavesdropping scenario. However, being in close ...
Read More
Dictionary attacks using keyboard acoustic emanations
CCS '06: Proceedings of the 13th ACM conference on Computer and communications security

We present a dictionary attack that is based on keyboard acoustic emanations. We combine signal processing and efficient data structures and algorithms, to successfully reconstruct single words of 7-13 characters from a recording of the clicks made when ...
Read More
Keyboard acoustic emanations revisited

We examine the problem of keyboard acoustic emanations. We present a novel attack taking as input a 10-minute sound recording of a user typing English text using a keyboard and recovering up to 96% of typed characters. There is no need for training ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security
November 2014
1592 pages
ISBN:9781450329576
DOI:10.1145/2660267
General Chair:
Gail-Joon Ahn
Arizona State University, USA
,
Program Chairs:
Moti Yung
Google -- Columbia University, USA
,
Ninghui Li
Purdue University, USA
Copyright © 2014 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 3 November 2014
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
acoustic emanations
context-free attack
keystroke recovery
Qualifiers
- research-article
Conference

Acceptance Rates
CCS '14 Paper Acceptance Rate114of585submissions,19%Overall Acceptance Rate1,261of6,999submissions,18%
More
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 107
  Total Citations
  View Citations
- 1,872
  Total Downloads
- Downloads (Last 12 months)90
- Downloads (Last 6 weeks)5
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Context-free Attacks Using Keyboard Acoustic Emanations

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Keyboard Emanations in Remote Voice Calls: Password Leakage and Noise(less) Masking Defenses

Dictionary attacks using keyboard acoustic emanations

Keyboard acoustic emanations revisited