Edwin Yang
Skip Abstract Section
Abstract
Existing research work has identified a new class of attacks that can eavesdrop on the keystrokes in a non-invasive way without infecting the target computer to install malware. The common idea is that pressing a key of a keyboard can cause a unique and subtle environmental change, which can be captured and analyzed by the eavesdropper to learn the keystrokes. For these attacks, however, a training phase must be accomplished to establish the relationship between an observed environmental change and the action of pressing a specific key. This significantly limits the impact and practicality of these attacks. In this paper, we discover that it is possible to design keystroke eavesdropping attacks without requiring the training phase. We create this attack based on the channel state information extracted from the wireless signal. To eavesdrop on keystrokes, we establish a mapping between typing each letter and its respective environmental change by exploiting the correlation among observed changes and known structures of dictionary words. To defend against this attack, we propose a reactive jamming mechanism that launches the jamming only during the typing period. Experimental results on software-defined radio platforms validate the impact of the attack and the performance of the defense.
- [1] , “No training hurdles: Fast training-agnostic attacks to infer your typing,” in Proc. ACM SIGSAC Conf. Comput. Commun. Secur.,
Oct. 2018 , pp. 1747–1760.Google Scholar
- [2] , “Tracking keystrokes using wireless signals,” in Proc. 13th Annu. Int. Conf. Mobile Syst., Appl., Services,
May 2015 , pp. 31–44.Google Scholar - [3] , “Keystroke recognition using WiFi signals,” in Proc. 21st Annu. Int. Conf. Mobile Comput. Netw.,
Sep. 2015 , pp. 90–102.Google Scholar - [4] , “When CSI meets public WiFi: Inferring your mobile phone password via WiFi signals,” in Proc. ACM SIGSAC Conf. Comput. Commun. Secur.,
Oct. 2016 , pp. 1068–1079.Google Scholar - [5] , “(sp)iPhone: Decoding vibrations from nearby keyboards using mobile phone accelerometers,” in Proc. 18th ACM Conf. Comput. Commun. Secur. (CCS),
2011 , pp. 551–562.Google Scholar - [6] , “ACCessory: Password inference using accelerometers on smartphones,” in Proc. 12th Workshop Mobile Comput. Syst. Appl. (HotMobile),
2012 , pp. 9:1–9:6.Google Scholar - [7] , “Keyboard acoustic emanations,” in Proc. IEEE Symp. Secur. Privacy,
May 2004 , pp. 3–11.Google Scholar - [8] , “Keyboard acoustic emanations revisited,” in Proc. 12th ACM Conf. Comput. Commun. Secur. (CCS),
2005 , pp. 373–382.Google Scholar - [9] , “Ubiquitous keyboard for small mobile devices: Harnessing multipath fading for fine-grained keystroke localization,” in Proc. 12th Annu. Int. Conf. Mobile Syst., Appl., Services,
Jun. 2014 , pp. 14–27.Google Scholar - [10] , “Timing analysis of keystrokes and timing attacks on SSH,” in Proc. 10th Conf. USENIX Secur. Symp. (SSYM), vol. 10,
2001 , pp. 1–17.Google Scholar - [11] , “Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds,” in Proc. 16th ACM Conf. Comput. Commun. Secur. (CCS),
2009 , pp. 199–212.Google Scholar - [12] , “Peeping tom in the neighborhood: Keystroke eavesdropping on multi-user systems,” in Proc. 18th Conf. USENIX Secur. Symp. (SSYM),
2009 , pp. 17–32.Google Scholar - [13] , “Don’t skype & type!: Acoustic eavesdropping in voice-over-IP,” in Proc. ACM Asia Conf. Comput. Commun. Secur.,
Apr. 2017 , pp. 703–715.Google Scholar - [14] , “WiPOS: A POS terminal password inference system based on wireless signals,” IEEE Internet Things J., vol. 7, no. 8, pp. 7506–7516, Aug. 2020.Google Scholar
- [15] , Introduction to Modern Cryptography (Chapman & Hall/CRC Cryptography and Network Security Series). London, U.K.: Chapman & Hall, 2007.Google ScholarDigital Library
- [16] (2017). Statistical Distributions of English Text. [Online]. Available: http://www.data-compression.com/english.htmlGoogle Scholar
- [17] . (2017). Word Frequency Data From the Corpus of Contemporary American English (COCA). [Online]. Available: http://www.wordfrequency.info/free.aspGoogle Scholar
- [18] , “Whole-home gesture recognition using wireless signals,” in Proc. 19th Annu. Int. Conf. Mobile Comput. Netw. (MobiCom),
2013 , pp. 27–38.Google Scholar - [19] , “Where are you from: Confusing location distinction using virtual multipath camouflage,” in Proc. 20th Annu. Int. Conf. Mobile Comput. Netw.,
Sep. 2014 , pp. 225–236.Google Scholar - [20] , “See through walls with WiFi!” in Proc. ACM SIGCOMM Conf. SIGCOMM,
Aug. 2013 , pp. 75–86.Google Scholar - [21] , “Capturing the human figure through a wall,” ACM Trans. Graph., vol. 34, no. 6, p. 219, Oct. 2015.Google Scholar
- [22] , “Manipulatable wireless key establishment,” in Proc. IEEE Conf. Commun. Netw. Secur. (CNS),
Oct. 2017 , pp. 1–9.Google Scholar - [23] , Wireless Communications. New York, NY, USA: Cambridge Univ. Press, 2005.Google ScholarCross Ref
- [24] , “We can hear you with Wi-Fi!” in Proc. 20th Annu. Int. Conf. Mobile Comput. Netw.,
Sep. 2014 , pp. 593–604.Google Scholar - [25] , “Toward accurate dynamic time warping in linear time and space,” Intell. Data Anal., vol. 11, no. 5, pp. 561–580, 2007.Google Scholar
- [26] , “Dude, where’s my card?: RFID positioning that works with multipath and non-line of sight,” in Proc. ACM SIGCOMM Conf. (SIGCOMM),
Aug. 2013 , pp. 51–62.Google Scholar - [27] , “LTE radio analytics made easy and accessible,” in Proc. ACM Conf. SIGCOMM,
Aug. 2014 , pp. 211–222.Google Scholar - [28] , “Wireless communications under broadband reactive jamming attacks,” IEEE Trans. Depend. Sec. Comput., vol. 13, no. 3, pp. 394–408, May/Jun. 2016.Google Scholar
- [29] , “Jamming of UAV remote control systems using software defined radio,” in Proc. Int. Conf. Mil. Commun. Inf. Syst. (ICMCIS),
May 2018 , pp. 1–6.Google Scholar - [30] SparkFun Electronics. (2022). Sparkfun Transceiver Breakout nrf24l01+ (RP-SMA). [Online]. Available: https://www.sparkfun.com/products/705Google Scholar
- [31] , USRP User’s and Developer’s Guide. Santa Clara, CA, USA: Ettus Research LLC, 2005.Google Scholar
- [32] , “A tutorial on principal component analysis,” 2014, arXiv:1404.1100.Google Scholar
- [33] , Signals & Systems, 2nd ed. Upper Saddle River, NJ, USA: Prentice-Hall, Inc., 1996.Google Scholar
- [34] , “IEEE recommended practice for speech quality measurements,” IEEE Trans. Audio Electroacoust., vol. AU-17, no. 3, pp. 227–246, Sep. 1969.Google Scholar
- [35] (2017). London Attack: Assailant Shot Dead After 4 Killed Near Parliament. [Online]. Available: http://www.cnn.com/2017/03/22/europe/U.K.-parliament-firearms-incident/index.htmlGoogle Scholar
- [36] , The Linux Kernel Module Programming Guide. Paramount, CA, USA: CreateSpace, 2009.Google ScholarDigital Library
- [37] (2017). 2012 Yahoo! Voices Hack. [Online]. Available: https://en.wikipedia.org/wiki/2012_Yahoo!_Voices_hackGoogle Scholar
- [38] , “Stealing your Android patterns via acoustic signals,” IEEE Trans. Mobile Comput., vol. 20, no. 4, pp. 1656–1671, Apr. 2021.Google Scholar
- [39] , “Context-free attacks using keyboard acoustic emanations,” in Proc. ACM SIGSAC Conf. Comput. Commun. Secur.,
Nov. 2014 , pp. 453–464.Google Scholar - [40] , “Snooping keystrokes with mm-level audio ranging on a single phone,” in Proc. 21st Annu. Int. Conf. Mobile Comput. Netw.,
Sep. 2015 , pp. 142–154.Google Scholar - [41] , “An indirect eavesdropping attack of keystrokes on touch screen through acoustic sensing,” IEEE Trans. Mobile Comput., vol. 20, no. 2, pp. 337–351, Feb. 2021.Google Scholar
- [42] , “Dictionary attacks using keyboard acoustic emanations,” in Proc. 13th ACM Conf. Comput. Commun. Secur. (CCS),
2006 , pp. 245–254.Google Scholar - [43] , “SpiderMon: Towards using cell towers as illuminating sources for keystroke monitoring,” in Proc. IEEE INFOCOM Conf. Comput. Commun.,
Jul. 2020 , pp. 666–675.Google Scholar - [44] , “ClearShot: Eavesdropping on keyboard input from video,” in Proc. IEEE Symp. Secur. Privacy (SP),
May 2008 , pp. 170–183.Google Scholar - [45] , “Beware, your hands reveal your secrets!” in Proc. ACM SIGSAC Conf. Comput. Commun. Secur.,
Nov. 2014 , pp. 904–917.Google Scholar - [46] , “Blind recognition of text input on mobile devices via natural language processing,” in Proc. Workshop Privacy-Aware Mobile Comput.,
Jun. 2015 , pp. 19–24.Google Scholar - [47] , “EyeTell: Video-assisted touchscreen keystroke inference from eye movements,” in Proc. IEEE Symp. Secur. Privacy (SP),
May 2018 , pp. 144–160.Google Scholar - [48] , “VISIBLE: Video-assisted keystroke inference from tablet backside motion,” in Proc. Netw. Distrib. Syst. Secur. Symp.,
2016 , pp. 1–15.Google Scholar - [49] , “Blind recognition of touched keys on mobile devices,” in Proc. ACM SIGSAC Conf. Comput. Commun. Secur.,
Nov. 2014 , pp. 1403–1414.Google Scholar - [50] , “An instant messaging intrusion detection system framework: Using character frequency analysis for authorship identification and validation,” in Proc. 40th Annu. Int. Carnahan Conf. Secur. Technol.,
Oct. 2006 , pp. 160–172.Google Scholar - [51] , “A natural language approach to automated cryptanalysis of two-time pads,” in Proc. 13th ACM Conf. Comput. Commun. Secur. (CCS),
2006 , pp. 235–244.Google Scholar
Index Terms
- Wireless Training-Free Keystroke Inference Attack and Defense
Index terms have been assigned to the content through auto-classification.
Recommendations
Enhanced Mixup Training: a Defense Method Against Membership Inference Attack
Information Security Practice and ExperienceAbstractMembership inference attacks (MIAs) have powerful attack ability to threaten the privacy of users. In general, it mainly utilizes model-based or metric-based inference methods to infer whether a particular data sample is in the training dataset of ...
A lab implementation of SYN flood attack and defense
SIGITE '08: Proceedings of the 9th ACM SIGITE conference on Information technology educationA "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. SYN flood attack is one of the most common types of DoS. In this lab, we model and simulate a real world ...
Exploring Defense of SQL Injection Attack in Penetration Testing
SQLIA is adopted to attack websites with and without confidential information. Hackers utilized the compromised website as intermediate proxy to attack others for avoiding being committed of cyber-criminal and also enlarging the scale of Distributed ...
Comments