skip to main content
research-article

Keyboard acoustic emanations revisited

Published:06 November 2009Publication History
Skip Abstract Section

Abstract

We examine the problem of keyboard acoustic emanations. We present a novel attack taking as input a 10-minute sound recording of a user typing English text using a keyboard and recovering up to 96% of typed characters. There is no need for training recordings labeled with the corresponding clear text. A recognizer bootstrapped from a 10-minute sound recording can even recognize random text such as passwords: In our experiments, 90% of 5-character random passwords using only letters can be generated in fewer than 20 attempts by an adversary; 80% of 10-character passwords can be generated in fewer than 75 attempts by an adversary. In the attack, we use the statistical constraints of the underlying content, English language, to reconstruct text from sound recordings without knowing the corresponding clear text. The attack incorporates a combination of standard machine learning and speech recognition techniques, including cepstrum features, Hidden Markov Models, linear classification, and feedback-based incremental learning.

References

  1. Asonov, D. and Agrawal, R. 2004. Keyboard acoustic emanations. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 3--11.Google ScholarGoogle Scholar
  2. Atkinson, K. 2005a. GNU Aspell. http://aspell.sourceforge.net.Google ScholarGoogle Scholar
  3. Atkinson, K. 2005b. Spell checker oriented word lists. http://wordlist.sourceforge.net.Google ScholarGoogle Scholar
  4. Bar-El, H. 2003. Introduction to side channel attacks. http://www.hbarel.com/Misc/side_channel_attacks.html.Google ScholarGoogle Scholar
  5. Bilmes, J. A. 1997. A gentle tutorial of the EM algorithm and its application to parameter estimation for Gaussian mixture and Hidden Markov Models. Tech. rep. ICSI-TR-97-021, International Computer Science Institute, Berkeley, CA. ftp://ftp.icsi.berkeley.edu/pub/techreports/1997/tr-97-021.pdf.Google ScholarGoogle Scholar
  6. Briol, R. 1991. Emanation: How to keep your data confidential. In Proceedings of the Symposium on Electromagnetic Security for Information Protection. ACM, New York, 225--234.Google ScholarGoogle Scholar
  7. Childers, D. G., Skinner, D. P., and Kemerait, R. C. 1977. The cepstrum: A guide to processing. Proc. IEEE 65, 10, 1428--1443.Google ScholarGoogle ScholarCross RefCross Ref
  8. Fine, S., Singer, Y., and Tishby, N. 1998. The hierarchical Hidden Markov Model: Analysis and applications. Mach. Learn. 32, 1, 41--62. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Jordan, M. I. 2005. An Introduction to Probabilistic Graphical Models. In preparation.Google ScholarGoogle Scholar
  10. Jurafsky, D. and Martin, J. H. 2000. Speech and Language Processing: An Introduction to Natural Language Processing, Computational Linguistics, and Speech Recognition. Prentice Hall, Upper Saddle River, NJ. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Kuhn, M. G. 2002. Optical time-domain eavesdropping risks of CRT displays. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 3--18. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Kuhn, M. G. 2003. Compromising emanations: Eavesdropping risks of computer displays. Tech. rep. UCAM-CL-TR-577, Computer Laboratory, University of Cambridge, UK. http://www.usenix.org/events/sec09/tech/full_papers/sec09_attacks.pdf.Google ScholarGoogle Scholar
  13. Rabiner, L. R. and Juang, H. 1986. An introduction to Hidden Markov Models. IEEE Trans. Acoust. Speech Signal Process. 3, 4--16.Google ScholarGoogle Scholar
  14. Russell, S. and Norvig, P. 2003. Artificial Intelligence: A Modern Approach, 2nd Ed. Prentice Hall, Upper Saddle River, NJ. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Shamir, A. and Tromer, E. 2004. Acoustic cryptanalysis. http://www.wisdom.weizmann.ac.il/~tromer/acoustic.Google ScholarGoogle Scholar
  16. Song, D., Wagner, D., and Tian, X. 2001. Timing analysis of keystrokes and timing attacks on ssh. In Proceeding of the 10th USENIX Security Symposium. USENIX Association, Berkley, CA, 337--352. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Thede, S. M. and Harper, M. P. 1999. A second-order Hidden Markov Model for part-of-speech tagging. In Proceedings of the 37th Conference on Association for Computational Linguistics. Morgan Kaufmann, San Francisco, CA, 175--182. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Wasserman, P. D. 1993. Advanced Methods in Neural Computing. Wiley, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Keyboard acoustic emanations revisited

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!