Keyboard acoustic side channel attacks to date have been mostly studied in the context of an adversary eavesdropping on keystrokes by placing a listening device near the intended victim creating a local eavesdropping scenario. However, being in close physical proximity of the victim significantly limits the applicability of the attack. In this paper, we study the keyboard acoustic side channel attacks in remote attack settings and propose countermeasures in such attack settings. Specifically, we introduce an offense-defense system that: (1) highlights the threat of a remote adversary eavesdropping on keystrokes while the victim is on a VoIP call, and (2) builds a way to mask the leakage through the use of system-generated sounds. On the offensive side, we show the feasibility of existing acoustic side channel attacks adapted to a remote eavesdropper setting against sensitive input such as random passwords, PINs etc. On the defensive side, we demonstrate a software-based approach towards masking the keystroke emanations as a defense mechanism against such attacks and evaluate its effectiveness. In particular, we study the use of white noise and fake keystrokes as masking sounds and show the latter to be an effective means to cloak such side channel attacks. Finally, we discuss a novel way of masking by virtually inserting the masking signal in remote voice calls without distracting the user.
[1]
Adi Shamir,et al.
RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis
,
2014,
CRYPTO.
[2]
Dan Boneh,et al.
Stronger Password Authentication Using Browser Extensions
,
2005,
USENIX Security Symposium.
[3]
Yunhao Liu,et al.
Context-free Attacks Using Keyboard Acoustic Emanations
,
2014,
CCS.
[4]
Mauro Conti,et al.
Don't Skype & Type!: Acoustic Eavesdropping in Voice-Over-IP
,
2016,
AsiaCCS.
[5]
Charles V. Wright,et al.
Spot Me if You Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations
,
2008,
2008 IEEE Symposium on Security and Privacy (sp 2008).
[6]
Manfred Pinkal,et al.
Acoustic Side-Channel Attacks on Printers
,
2010,
USENIX Security Symposium.
[7]
Nitesh Saxena,et al.
A closer look at keyboard acoustic emanations: random passwords, typing styles and decoding techniques
,
2012,
ASIACCS '12.
[8]
Feng Zhou,et al.
Keyboard acoustic emanations revisited
,
2005,
CCS '05.
[9]
Rakesh Agrawal,et al.
Keyboard acoustic emanations
,
2004,
IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.
[10]
Arie Yeredor,et al.
Dictionary attacks using keyboard acoustic emanations
,
2006,
CCS '06.