Cracking Passwords using Keyboard Acoustics and Language Modeling

This project looks at how user input can be reconstructed from an audio recording of a user typing. The keyboard acoustic attack outlined in [35] is fully reimplemented and a number of extensions to their methods are developed. A novel keystroke error function is demonstrated which allows for optimal thresholds to be found when extracting keystrokes and a bagging technique is applied to previous clustering methods which increases the text recovery accuracy and removes the necessity for hand-labelled data. The properties of keystroke audio recordings are also examined and some of the limiting factors which impact on keystroke recognition are explored.

[1]  E. Abbott,et al.  Flatland: a Romance of Many Dimensions , 1884, Nature.

[2]  B. P. Bogert,et al.  The quefrency analysis of time series for echoes : cepstrum, pseudo-autocovariance, cross-cepstrum and saphe cracking , 1963 .

[3]  H. Landau Sampling, data transmission, and the Nyquist rate , 1967 .

[4]  Fred A. Stahl A homophonic cipher for computational cryptography , 1973, AFIPS National Computer Conference.

[5]  Yang He Extended Viterbi algorithm for second order hidden Markov process , 1988, [1988 Proceedings] 9th International Conference on Pattern Recognition.

[6]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[7]  J. Quisquater,et al.  A Practical Implementation of the Timing Attack , 1998, CARDIS.

[8]  Mary P. Harper,et al.  A Second-Order Hidden Markov Model for Part-of-Speech Tagging , 1999, ACL.

[9]  James H. Martin,et al.  Speech and language processing: an introduction to natural language processing , 2000 .

[10]  Rita Mayer-Sommer,et al.  Smartly Analyzing the Simplicity and the Power of Simple Power Analysis on Smartcards , 2000, CHES.

[11]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[12]  Dawn Xiaodong Song,et al.  Timing Analysis of Keystrokes and Timing Attacks on SSH , 2001, USENIX Security Symposium.

[13]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[14]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[15]  I. Scott MacKenzie,et al.  Input-based Language Modelling in the Design of High Performance Text Input Techniques , 2003, Graphics Interface.

[16]  Rakesh Agrawal,et al.  Keyboard acoustic emanations , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[17]  Leo Breiman,et al.  Bagging Predictors , 1996, Machine Learning.

[18]  Eran Tromer,et al.  Acoustic cryptanalysis : on nosy people and noisy machines , 2004 .

[19]  Feng Zhou,et al.  Keyboard acoustic emanations revisited , 2005, CCS '05.

[20]  Steven J. Murdoch,et al.  Hot or not: revealing hidden services by their clock skew , 2006, CCS '06.

[21]  Arie Yeredor,et al.  Dictionary attacks using keyboard acoustic emanations , 2006, CCS '06.

[22]  Christopher D. Manning,et al.  Introduction to Information Retrieval , 2010, J. Assoc. Inf. Sci. Technol..