Context-free Attacks Using Keyboard Acoustic Emanations

The emanations of electronic and mechanical devices have raised serious privacy concerns. It proves possible for an attacker to recover the keystrokes by acoustic signal emanations. Most existing malicious applications adopt context-based approaches, which assume that the typed texts are potentially correlated. Those approaches often incur a high cost during the context learning stage, and can be limited by randomly typed contents (e.g., passwords). Also, context correlations can increase the risk of successive false recognition. We present a context-free and geometry-based approach to recover keystrokes. Using off-the-shelf smartphones to record acoustic emanations from keystrokes, this design estimates keystrokes' physical positions based on the Time Difference of Arrival (TDoA) method. We conduct extensive experiments and the results show that more than 72.2\% of keystrokes can be successfully recovered.

[1]  Yong Rui,et al.  Time delay estimation in the presence of correlated noise and reverberation , 2004, 2004 IEEE International Conference on Acoustics, Speech, and Signal Processing.

[2]  Richard P. Martin,et al.  Detecting driver phone use leveraging car speakers , 2011, MobiCom.

[3]  Paul C. van Oorschot,et al.  A methodology for empirical analysis of permission-based security models and its application to android , 2010, CCS '10.

[4]  Deborah Estrin,et al.  A self-calibrating distributed acoustic sensing platform , 2006, SenSys '06.

[5]  Andy Hopper,et al.  Broadband ultrasonic location systems for improved indoor positioning , 2006, IEEE Transactions on Mobile Computing.

[6]  Chuan Qin,et al.  Can smartphone sensors enhance kinect experience? , 2012, MobiHoc '12.

[7]  Fikret Sivrikaya,et al.  Time synchronization in sensor networks: a survey , 2004, IEEE Network.

[8]  Rakesh Agrawal,et al.  Keyboard acoustic emanations , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[9]  Yu Luo,et al.  Distributed Microphone Arrays for Digital Home and Office , 2006, 2006 IEEE International Conference on Acoustics Speech and Signal Processing Proceedings.

[10]  Andy Hopper,et al.  The Anatomy of a Context-Aware Application , 1999, Wirel. Networks.

[11]  Feng Zhou,et al.  Keyboard acoustic emanations revisited , 2005, CCS '05.

[12]  Dawn Xiaodong Song,et al.  Timing Analysis of Keystrokes and Timing Attacks on SSH , 2001, USENIX Security Symposium.

[13]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[14]  Tom Martin,et al.  Mobile phones as computing devices: the viruses are coming! , 2004, IEEE Pervasive Computing.

[15]  David Chu,et al.  On the feasibility of real-time phone-to-phone 3D localization , 2011, SenSys.

[16]  Chuan Qin,et al.  TagSense: a smartphone-based approach to automatic image tagging , 2011, MobiSys '11.

[17]  David Chu,et al.  SwordFight: enabling a new class of phone-to-phone action games on commodity phones , 2012, MobiSys '12.

[18]  Romit Roy Choudhury,et al.  Tapprints: your finger taps have fingerprints , 2012, MobiSys '12.

[19]  Miklós Maróti,et al.  Radio interferometric geolocation , 2005, SenSys '05.

[20]  Srihari Nelakuditi,et al.  Your smartphone can watch the road and you: mobile assistant for inattentive drivers , 2012, MobiHoc '12.

[21]  Deborah Estrin,et al.  Proceedings of the 5th Symposium on Operating Systems Design and Implementation Fine-grained Network Time Synchronization Using Reference Broadcasts , 2022 .

[22]  Richard P. Martin,et al.  Sensing vehicle dynamics for determining driver phone use , 2013, MobiSys '13.

[23]  Hong Wang,et al.  Voice source localization for automatic camera pointing system in videoconferencing , 1997, 1997 IEEE International Conference on Acoustics, Speech, and Signal Processing.

[24]  G. Carter,et al.  The generalized correlation method for estimation of time delay , 1976 .

[25]  van EckWim Electromagnetic radiation from video display units: an eavesdropping risk? , 1985 .

[26]  Deborah Estrin,et al.  The design and implementation of a self-calibrating distributed acoustic sensing platform , 2006, SenSys '06.

[27]  Xinyu Zhang,et al.  Autodirective audio capturing through a synchronized smartphone array , 2014, MobiSys.

[28]  Wim van Eck,et al.  Electromagnetic radiation from video display units: An eavesdropping risk? , 1985, Comput. Secur..

[29]  Erik Nordström,et al.  Search-based picture sharing with mobile phones , 2009, MobiHoc '09.

[30]  Guobin Shen,et al.  BeepBeep: A high-accuracy acoustic-based system for ranging and localization using COTS devices , 2012, TECS.

[31]  Manfred Pinkal,et al.  Acoustic Side-Channel Attacks on Printers , 2010, USENIX Security Symposium.

[32]  Patrick Traynor,et al.  (sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers , 2011, CCS '11.

[33]  Xinyu Zhang,et al.  Ubiquitous keyboard for small mobile devices: harnessing multipath fading for fine-grained keystroke localization , 2014, MobiSys.

[34]  Arie Yeredor,et al.  Dictionary attacks using keyboard acoustic emanations , 2006, CCS '06.