ABSTRACT
The emanations of electronic and mechanical devices have raised serious privacy concerns. It proves possible for an attacker to recover the keystrokes by acoustic signal emanations. Most existing malicious applications adopt context-based approaches, which assume that the typed texts are potentially correlated. Those approaches often incur a high cost during the context learning stage, and can be limited by randomly typed contents (e.g., passwords). Also, context correlations can increase the risk of successive false recognition. We present a context-free and geometry-based approach to recover keystrokes. Using off-the-shelf smartphones to record acoustic emanations from keystrokes, this design estimates keystrokes' physical positions based on the Time Difference of Arrival (TDoA) method. We conduct extensive experiments and the results show that more than 72.2\% of keystrokes can be successfully recovered.
- P. Arena. Apple iPhone 5 has three microphones and HD voice support, what's in it for you. http://www.phonearena.com/news/Apple-iPhone-5-has-three-microphones-and-HD-voice-support-whats-in-it-for-you_id34486, 2012. {Online; accessed 30-July-2014}.Google Scholar
- D. Asonov and R. Agrawal. Keyboard acoustic emanations. In Proceedings of IEEE Symposium on Security and Privacy, pages 3--11, 2004.Google ScholarCross Ref
- M. Backes, M. Dürmuth, S. Gerling, M. Pinkal, and C. Sporleder. Acoustic side-channel attacks on printers. In Proceedings of USENIX Security Symposium, pages 307--322, 2010. Google ScholarDigital Library
- D. Barrera, H. G. Kayacik, P. C. van Oorschot, and A. Somayaji. A methodology for empirical analysis of permission-based security models and its application to android. In Proceedings of ACM CCS, pages 73--84, 2010. Google ScholarDigital Library
- A. O. Bauer. Some aspects of military line communicatoins as deployed by the german armed forces prior to 1945. In Proceedings of 5th Aunnual Colloquium, The History of Military Comunications, 1999.Google Scholar
- Y. Berger, A. Wool, and A. Yeredor. Dictionary attacks using keyboard acoustic emanations. In Proceedings of ACM CCS, pages 245--254, 2006. Google ScholarDigital Library
- D. Dagon, T. Martin, and T. Starner. Mobile phones as computing devices: The viruses are coming! IEEE Pervasive Computing, 3(4):11--15, 2004. Google ScholarDigital Library
- A. Davis, M. Rubinstein, N. Wadhwa, G. Mysore, F. Durand, and W. T. Freeman. The visual microphone: Passive recovery of sound from video. ACM Transactions on Graphics, 33(4):79:1--79:10, 2014. Google ScholarDigital Library
- W. V. Eck. Electromagnetic radiation from video display units: An eavesdropping risk? In Computers and Security, pages 4:269--286, 1985. Google ScholarDigital Library
- J. Elson, L. Girod, and D. Estrin. Fine-grained network time synchronization using reference broadcasts. ACM SIGOPS Operating Systems Review, 36(SI):147--163, 2002. Google ScholarDigital Library
- W. Enck, M. Ongtang, and P. D. McDaniel. On lightweight mobile phone application certification. In Proceedings of ACM CCS, pages 235--245, 2009. Google ScholarDigital Library
- L. Girod, M. Lukac, V. Trifa, and D. Estrin. A self-calibrating distributed acoustic sensing platform. In Proceedings of ACM SenSys, pages 335--336, 2006. Google ScholarDigital Library
- A. Harter, A. Hopper, P. Steggles, A. Ward, and P. Webster. The anatomy of a context-aware application. Wireless Networks, 8(2--3):187--197, 2002. Google ScholarDigital Library
- M. Hazas and A. Hopper. Broadband ultrasonic location systems for improved indoor positioning. IEEE TMC, 5(5):536--547, 2006. Google ScholarDigital Library
- Y. Jia, Y. Luo, Y. Lin, and I. Kozintsev. Distributed microphone arrays for digital home and office. In Proceedings of IEEE ICASSP, pages 1065--1068, 2006.Google Scholar
- C. Knapp and G. C. Carter. The generalized correlation method for estimation of time delay. IEEE Transactions on Acoustics, Speech and Signal Processing, 24(4):320--327, 1976.Google ScholarCross Ref
- M. Maróti, P. Völgyesi, S. Dóra, B. Kusy, A. Nádas, Á. Lédeczi, G. Balogh, and K. Molnár. Radio interferometric geolocation. In Proceedings of ACM SenSys, pages 1--12, 2005. Google ScholarDigital Library
- P. Marquardt, A. Verma, H. Carter, and P. Traynor. (sp)iphone: decoding vibrations from nearby keyboards using mobile phone accelerometers. In Proceedings of ACM CCS, pages 551--562, 2011. Google ScholarDigital Library
- R. Meng, J. Isenhower, C. Qin, and S. Nelakuditi. Can smartphone sensors enhance kinect experience? In Proceedings of ACM MobiHoc, pages 265--266, 2012. Google ScholarDigital Library
- E. Miluzzo, A. Varshavsky, S. Balakrishnan, and R. R. Choudhury. Tapprints: your finger taps have fingerprints. In Proceedings of ACM MobiSys, pages 323--336, 2012. Google ScholarDigital Library
- E. Nordström, D. Aldman, F. Bjurefors, and C. Rohner. Search-based picture sharing with mobile phones. In Proceedings of ACM MobiHoc, pages 327--328, 2009. Google ScholarDigital Library
- C. Peng, G. Shen, and Y. Zhang. Beepbeep: A high-accuracy acoustic-based system for ranging and localization using COTS devices. ACM Trans. Embedded Comput. Syst., 11(1):4, 2012. Google ScholarDigital Library
- C. Qin, X. Bao, R. R. Choudhury, and S. Nelakuditi. Tagsense: a smartphone-based approach to automatic image tagging. In Proceedings of ACM MobiSys, pages 1--14, 2011. Google ScholarDigital Library
- J. Qiu, D. Chu, X. Meng, and T. Moscibroda. On the feasibility of real-time phone-to-phone 3d localization. In Proceedings of ACM SenSys, pages 190--203, 2011. Google ScholarDigital Library
- Y. Rui and D. Florencio. Time delay estimation in the presence of correlated noise and reverberation. In Proceedings of IEEE ICASSP, pages ii--133, 2004.Google ScholarCross Ref
- R. SINGEL. Declassified NSA Document Reveals the Secret History of TEMPEST. http://www.wired.com/2008/04/nsa-release-se, 2004. {Online; accessed 23-July-2014}.Google Scholar
- S. Singh, S. Nelakuditi, R. R. Choudhury, and Y. Tong. Your smartphone can watch the road and you: mobile assistant for inattentive drivers. In Proceedings of ACM MobiHoc, pages 261--262, 2012. Google ScholarDigital Library
- F. Sivrikaya and B. Yener. Time synchronization in sensor networks: a survey. Network, IEEE, 18(4):45--50, 2004. Google ScholarDigital Library
- D. X. Song, D. Wagner, and X. Tian. Timing analysis of keystrokes and timing attacks on ssh. In Proceedings of USENIX Security Symposium, 2001. Google ScholarDigital Library
- S. Sur, T. Wei, and X. Zhang. Autodirective audio capturing through a synchronized smartphone array. In Proceedings of ACM MobiSys, pages 28--41, 2014. Google ScholarDigital Library
- T. Thomas. Malware on the move., 2008.Google Scholar
- H. Wang and P. Chu. Voice source localization for automatic camera pointing system in videoconferencing. In Proceedings of IEEE ICASSP, pages 187--190, 1997. Google ScholarDigital Library
- J. Wang, K. Zhao, X. Zhang, and C. Peng. Ubiquitous keyboard for small mobile devices: harnessing multipath fading for fine-grained keystroke localization. In Proceedings of ACM MobiSys, pages 14--27, 2014. Google ScholarDigital Library
- Y. Wang, J. Yang, H. Liu, Y. Chen, M. Gruteser, and R. P. Martin. Sensing vehicle dynamics for determining driver phone use. In MobiSys, pages 41--54, 2013. Google ScholarDigital Library
- J. Yang, S. Sidhom, G. Chandrasekaran, T. Vu, H. Liu, N. Cecan, Y. Chen, M. Gruteser, and R. P. Martin. Detecting driver phone use leveraging car speakers. In Proceedings of ACM MobiCom, pages 97--108, 2011. Google ScholarDigital Library
- Z. Zhang, D. Chu, X. Chen, and T. Moscibroda. Swordfight: enabling a new class of phone-to-phone action games on commodity phones. In Proceedings of ACM MobiSys, pages 1--14, 2012. Google ScholarDigital Library
- L. Zhuang, F. Zhou, and J. D. Tygar. Keyboard acoustic emanations revisited. In Proceedings of ACM CCS, pages 373--382, 2005. Google ScholarDigital Library
Index Terms
- Context-free Attacks Using Keyboard Acoustic Emanations
Recommendations
Keyboard Emanations in Remote Voice Calls: Password Leakage and Noise(less) Masking Defenses
CODASPY '18: Proceedings of the Eighth ACM Conference on Data and Application Security and PrivacyKeyboard acoustic side channel attacks to date have been mostly studied in the context of an adversary eavesdropping on keystrokes by placing a listening device near the intended victim creating a local eavesdropping scenario. However, being in close ...
Dictionary attacks using keyboard acoustic emanations
CCS '06: Proceedings of the 13th ACM conference on Computer and communications securityWe present a dictionary attack that is based on keyboard acoustic emanations. We combine signal processing and efficient data structures and algorithms, to successfully reconstruct single words of 7-13 characters from a recording of the clicks made when ...
Keyboard acoustic emanations revisited
We examine the problem of keyboard acoustic emanations. We present a novel attack taking as input a 10-minute sound recording of a user typing English text using a keyboard and recovering up to 96% of typed characters. There is no need for training ...
Comments