Abstract
We examine the problem of keyboard acoustic emanations. We present a novel attack taking as input a 10-minute sound recording of a user typing English text using a keyboard and recovering up to 96% of typed characters. There is no need for training recordings labeled with the corresponding clear text. A recognizer bootstrapped from a 10-minute sound recording can even recognize random text such as passwords: In our experiments, 90% of 5-character random passwords using only letters can be generated in fewer than 20 attempts by an adversary; 80% of 10-character passwords can be generated in fewer than 75 attempts by an adversary. In the attack, we use the statistical constraints of the underlying content, English language, to reconstruct text from sound recordings without knowing the corresponding clear text. The attack incorporates a combination of standard machine learning and speech recognition techniques, including cepstrum features, Hidden Markov Models, linear classification, and feedback-based incremental learning.
- Asonov, D. and Agrawal, R. 2004. Keyboard acoustic emanations. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 3--11.Google Scholar
- Atkinson, K. 2005a. GNU Aspell. http://aspell.sourceforge.net.Google Scholar
- Atkinson, K. 2005b. Spell checker oriented word lists. http://wordlist.sourceforge.net.Google Scholar
- Bar-El, H. 2003. Introduction to side channel attacks. http://www.hbarel.com/Misc/side_channel_attacks.html.Google Scholar
- Bilmes, J. A. 1997. A gentle tutorial of the EM algorithm and its application to parameter estimation for Gaussian mixture and Hidden Markov Models. Tech. rep. ICSI-TR-97-021, International Computer Science Institute, Berkeley, CA. ftp://ftp.icsi.berkeley.edu/pub/techreports/1997/tr-97-021.pdf.Google Scholar
- Briol, R. 1991. Emanation: How to keep your data confidential. In Proceedings of the Symposium on Electromagnetic Security for Information Protection. ACM, New York, 225--234.Google Scholar
- Childers, D. G., Skinner, D. P., and Kemerait, R. C. 1977. The cepstrum: A guide to processing. Proc. IEEE 65, 10, 1428--1443.Google Scholar
Cross Ref
- Fine, S., Singer, Y., and Tishby, N. 1998. The hierarchical Hidden Markov Model: Analysis and applications. Mach. Learn. 32, 1, 41--62. Google Scholar
Digital Library
- Jordan, M. I. 2005. An Introduction to Probabilistic Graphical Models. In preparation.Google Scholar
- Jurafsky, D. and Martin, J. H. 2000. Speech and Language Processing: An Introduction to Natural Language Processing, Computational Linguistics, and Speech Recognition. Prentice Hall, Upper Saddle River, NJ. Google Scholar
Digital Library
- Kuhn, M. G. 2002. Optical time-domain eavesdropping risks of CRT displays. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 3--18. Google Scholar
Digital Library
- Kuhn, M. G. 2003. Compromising emanations: Eavesdropping risks of computer displays. Tech. rep. UCAM-CL-TR-577, Computer Laboratory, University of Cambridge, UK. http://www.usenix.org/events/sec09/tech/full_papers/sec09_attacks.pdf.Google Scholar
- Rabiner, L. R. and Juang, H. 1986. An introduction to Hidden Markov Models. IEEE Trans. Acoust. Speech Signal Process. 3, 4--16.Google Scholar
- Russell, S. and Norvig, P. 2003. Artificial Intelligence: A Modern Approach, 2nd Ed. Prentice Hall, Upper Saddle River, NJ. Google Scholar
Digital Library
- Shamir, A. and Tromer, E. 2004. Acoustic cryptanalysis. http://www.wisdom.weizmann.ac.il/~tromer/acoustic.Google Scholar
- Song, D., Wagner, D., and Tian, X. 2001. Timing analysis of keystrokes and timing attacks on ssh. In Proceeding of the 10th USENIX Security Symposium. USENIX Association, Berkley, CA, 337--352. Google Scholar
Digital Library
- Thede, S. M. and Harper, M. P. 1999. A second-order Hidden Markov Model for part-of-speech tagging. In Proceedings of the 37th Conference on Association for Computational Linguistics. Morgan Kaufmann, San Francisco, CA, 175--182. Google Scholar
Digital Library
- Wasserman, P. D. 1993. Advanced Methods in Neural Computing. Wiley, New York. Google Scholar
Digital Library
Index Terms
Keyboard acoustic emanations revisited
Recommendations
Dictionary attacks using keyboard acoustic emanations
CCS '06: Proceedings of the 13th ACM conference on Computer and communications securityWe present a dictionary attack that is based on keyboard acoustic emanations. We combine signal processing and efficient data structures and algorithms, to successfully reconstruct single words of 7-13 characters from a recording of the clicks made when ...
Keyboard acoustic emanations revisited
CCS '05: Proceedings of the 12th ACM conference on Computer and communications securityWe examine the problem of keyboard acoustic emanations. We present a novel attack taking as input a 10-minute sound recording of a user typing English text using a keyboard, and then recovering up to 96% of typed characters. There is no need for a ...
Keyboard Emanations in Remote Voice Calls: Password Leakage and Noise(less) Masking Defenses
CODASPY '18: Proceedings of the Eighth ACM Conference on Data and Application Security and PrivacyKeyboard acoustic side channel attacks to date have been mostly studied in the context of an adversary eavesdropping on keystrokes by placing a listening device near the intended victim creating a local eavesdropping scenario. However, being in close ...






Comments