Keyboard acoustic side channel attacks: exploring realistic and security-sensitive scenarios

Abstract

This research takes a closer look at keyboard acoustic emanations specifically for the purpose of eavesdropping over random passwords. In this scenario, dictionary and HMM language models are not applicable; the attacker can only utilize the raw acoustic information which has been recorded. This work investigates several existing signal processing techniques for this purpose and introduces a novel technique—time–frequency decoding—that improves the detection accuracy compared to previous techniques. It also carefully examines the effect of typing style—a crucial variable largely ignored by prior research—on the detection accuracy. The results show that using the same typing style (hunt and peck) for both training and decoding the data, the best case success rate for detecting correctly the typed key is 64 % per character. The results also show that changing the typing style, to touch typing, during the decoding stage reduces the success rate, but using the time–frequency technique, it is still possible to achieve a success rate of around 40 % per character. In these realistic scenarios, where the password is random, the approach described here can reduce the entropy of the search space by up to 57 % per character. This brings keyboard acoustic attack one step closer to a full-fledged vulnerability.

This is a preview of subscription content, log in to check access.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Notes

  1. 1.

    HMM model can still be useful for creating the training data, but not for the actual password guessing/decoding.

  2. 2.

    Contextual or timing information may be used to determine this. As an example, the first keyboard input a user may provide every morning, while logging to her work computer, would usually be a password.

References

  1. 1.

    “Keyboard Acoustic Emanations Revisited” presentation. http://cs.unc.edu/fabian/courses/CS600.624/slides/emanations

  2. 2.

    Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42(12), 40–46 (1999)

    Article  Google Scholar 

  3. 3.

    Asonov, D., Agrawal, R.: Keyboard acoustic emanations. In: IEEE Symposium on Security and Privacy (2004)

  4. 4.

    Backes, M., Durmuth, M., Gerling, S., Pinkal, M., Sporleder, C.: Acoustic side-channel attacks on printers. In: Usenix Security Symposium (2010)

  5. 5.

    Balzarotti, D., Cova, M., Vigna, G.: ClearShot: Eavesdropping on keyboard input from video. In: Proceedings of the 2008 IEEE Symposium on Security and Privacy (2008)

  6. 6.

    Berger, Y., Wool, A., Yeredor, A.: Dictionary attacks using keyboard acoustic emanations. In: Conference on Computer and Communications Security, SESSION: Attacks and Cryptanalysis, pp. 245–254 (2006)

  7. 7.

    Briol, R.: Emanation: How to keep your data confidential. In: Symposium on Electromagnetic Security for Information Protection, SEPI (1991)

  8. 8.

    Fiona, A.H.Y.: Keyboard acoustic triangulation attack. Final Year Project. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.100.3156&rep=rep1&type=pdf

  9. 9.

    Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis. In: International Cryptology Conference (CRYPTO) (2014)

  10. 10.

    Halevi, T., Saxena, N.: On pairing constrained wireless devices based on secrecy of auxiliary channels: the case of acoustic eavesdropping. In: ACM Conference on Computer and Communications Security (2010)

  11. 11.

    Inglesant, P., Sasse, M.A.: The true cost of unusable password policies: password use in the wild. In: CHI ’10: Proceedings of the 28th International Conference on Human Factors in Computing Systems, pp. 383–392 (2010)

  12. 12.

    Lachlan, R.: Normalization for Dynamic Time Warping. http://luscinia.sourceforge.net/page26/page14/page14.html

  13. 13.

    Marquardt, P., Verma, A., Carter, H., Traynor, P.: iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers. In: 18th ACM Conference on Computer and Communications Security in Chicago, 2011; proceedings, pp. 551–562. doi:10.1145/2046707.2046771 Key: citeulike:9931496

  14. 14.

    Moore, A.: School of Computer Science, Carnegie Mellon University. Hidden Markov Model. http://www.autonlab.org/tutorials/hmm14

  15. 15.

    Morris, R., Thompson, K.: Password security: a case history. Commun. ACM 22(11), 594–597 (1979)

    Article  Google Scholar 

  16. 16.

    Rabiner, L., Juang, B.: Fundamentals of Speech Recognition. Prentice-Hall, Upper Saddle River (1993)

  17. 17.

    Rabiner, L., Juang, B.H.: Mel-frequency cepstrum coefficients. Prentice-Hall Signal Processing Series (1993). ISBN:0-13-015157-2

  18. 18.

    Shamir, A., Tromer, E.: Acoustic cryptanalysis: on nosy people and noisy machines. http://people.csail.mit.edu/tromer/acoustic/

  19. 19.

    Shay, R., Komanduri, S., Patrick, K.G., Leon, P.G., Mazurek, M.L., Bauer, L., Christin, N., Cranor, L.F.: Encountering stronger password requirements: user attitudes and behaviors. In: SOUPS ’10: Proceedings of the Sixth Symposium on Usable Privacy and Security (2010)

  20. 20.

    Song, D., Wagner, D.,Tian, X.: Timing analysis of keystrokes and timing attacks on ssh. In: Tenth USENIX Security Symposium (2001)

  21. 21.

    Typing. Wikipedia. http://en.wikipedia.org/wiki/Typing

  22. 22.

    Veyrat-Charvillon, N., Grard, B., Renauld, M., Standaert, F.-X.: An optimal key enumeration algorithm and its application to side-channel attacks. In: 19th International Conference, Selected Areas in Cryptography (2012)

  23. 23.

    Wool, A., Berger, Y.: Personal communication on the subject of typing styles used in prior research on keyboard acoustic emanations (2010)

  24. 24.

    Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: empirical results. IEEE Secur. Priv. 2(5), 25–31 (2004)

    Article  Google Scholar 

  25. 25.

    Zhuang, L., Zhou, F., Tygar, J.D.: Keyboard acoustic emanations revisited. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 373–382, November (2005)

  26. 26.

    Zhuang, L., Zhou, F., Tygar, J.D.: Keyboard acoustic emanations revisited. ACM Trans. Inf. Syst. Secur. (TISSEC) 13(1), 3–26 (October 2009)

Download references

Acknowledgments

The authors would like to thank Avishai Wool, Yigael Berger, and Doug Tygar for discussions related to prior work on keyboard acoustic emanations. This work was supported in part by the NSF (under Grant No. 0966187). The views and conclusions contained in this document are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied, of any of the sponsors.

Author information

Affiliations

Authors

Corresponding author

Correspondence to Tzipora Halevi.

Appendix: Algortihms

Appendix: Algortihms

figurea
figureb
figurec

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Halevi, T., Saxena, N. Keyboard acoustic side channel attacks: exploring realistic and security-sensitive scenarios. Int. J. Inf. Secur. 14, 443–456 (2015). https://doi.org/10.1007/s10207-014-0264-7

Download citation

Keywords

  • Keyboard acoustic emanations
  • Random passwords
  • Signal processing