This research takes a closer look at keyboard acoustic emanations specifically for the purpose of eavesdropping over random passwords. In this scenario, dictionary and HMM language models are not applicable; the attacker can only utilize the raw acoustic information which has been recorded. This work investigates several existing signal processing techniques for this purpose and introduces a novel technique—time–frequency decoding—that improves the detection accuracy compared to previous techniques. It also carefully examines the effect of typing style—a crucial variable largely ignored by prior research—on the detection accuracy. The results show that using the same typing style (hunt and peck) for both training and decoding the data, the best case success rate for detecting correctly the typed key is 64 % per character. The results also show that changing the typing style, to touch typing, during the decoding stage reduces the success rate, but using the time–frequency technique, it is still possible to achieve a success rate of around 40 % per character. In these realistic scenarios, where the password is random, the approach described here can reduce the entropy of the search space by up to 57 % per character. This brings keyboard acoustic attack one step closer to a full-fledged vulnerability.
This is a preview of subscription content, log in to check access.
Buy single article
Instant access to the full article PDF.
Price includes VAT for USA
Subscribe to journal
Immediate online access to all issues from 2019. Subscription will auto renew annually.
This is the net price. Taxes to be calculated in checkout.
HMM model can still be useful for creating the training data, but not for the actual password guessing/decoding.
Contextual or timing information may be used to determine this. As an example, the first keyboard input a user may provide every morning, while logging to her work computer, would usually be a password.
“Keyboard Acoustic Emanations Revisited” presentation. http://cs.unc.edu/fabian/courses/CS600.624/slides/emanations
Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42(12), 40–46 (1999)
Asonov, D., Agrawal, R.: Keyboard acoustic emanations. In: IEEE Symposium on Security and Privacy (2004)
Backes, M., Durmuth, M., Gerling, S., Pinkal, M., Sporleder, C.: Acoustic side-channel attacks on printers. In: Usenix Security Symposium (2010)
Balzarotti, D., Cova, M., Vigna, G.: ClearShot: Eavesdropping on keyboard input from video. In: Proceedings of the 2008 IEEE Symposium on Security and Privacy (2008)
Berger, Y., Wool, A., Yeredor, A.: Dictionary attacks using keyboard acoustic emanations. In: Conference on Computer and Communications Security, SESSION: Attacks and Cryptanalysis, pp. 245–254 (2006)
Briol, R.: Emanation: How to keep your data confidential. In: Symposium on Electromagnetic Security for Information Protection, SEPI (1991)
Fiona, A.H.Y.: Keyboard acoustic triangulation attack. Final Year Project. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.100.3156&rep=rep1&type=pdf
Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis. In: International Cryptology Conference (CRYPTO) (2014)
Halevi, T., Saxena, N.: On pairing constrained wireless devices based on secrecy of auxiliary channels: the case of acoustic eavesdropping. In: ACM Conference on Computer and Communications Security (2010)
Inglesant, P., Sasse, M.A.: The true cost of unusable password policies: password use in the wild. In: CHI ’10: Proceedings of the 28th International Conference on Human Factors in Computing Systems, pp. 383–392 (2010)
Lachlan, R.: Normalization for Dynamic Time Warping. http://luscinia.sourceforge.net/page26/page14/page14.html
Marquardt, P., Verma, A., Carter, H., Traynor, P.: iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers. In: 18th ACM Conference on Computer and Communications Security in Chicago, 2011; proceedings, pp. 551–562. doi:10.1145/2046707.2046771 Key: citeulike:9931496
Moore, A.: School of Computer Science, Carnegie Mellon University. Hidden Markov Model. http://www.autonlab.org/tutorials/hmm14
Morris, R., Thompson, K.: Password security: a case history. Commun. ACM 22(11), 594–597 (1979)
Rabiner, L., Juang, B.: Fundamentals of Speech Recognition. Prentice-Hall, Upper Saddle River (1993)
Rabiner, L., Juang, B.H.: Mel-frequency cepstrum coefficients. Prentice-Hall Signal Processing Series (1993). ISBN:0-13-015157-2
Shamir, A., Tromer, E.: Acoustic cryptanalysis: on nosy people and noisy machines. http://people.csail.mit.edu/tromer/acoustic/
Shay, R., Komanduri, S., Patrick, K.G., Leon, P.G., Mazurek, M.L., Bauer, L., Christin, N., Cranor, L.F.: Encountering stronger password requirements: user attitudes and behaviors. In: SOUPS ’10: Proceedings of the Sixth Symposium on Usable Privacy and Security (2010)
Song, D., Wagner, D.,Tian, X.: Timing analysis of keystrokes and timing attacks on ssh. In: Tenth USENIX Security Symposium (2001)
Typing. Wikipedia. http://en.wikipedia.org/wiki/Typing
Veyrat-Charvillon, N., Grard, B., Renauld, M., Standaert, F.-X.: An optimal key enumeration algorithm and its application to side-channel attacks. In: 19th International Conference, Selected Areas in Cryptography (2012)
Wool, A., Berger, Y.: Personal communication on the subject of typing styles used in prior research on keyboard acoustic emanations (2010)
Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: empirical results. IEEE Secur. Priv. 2(5), 25–31 (2004)
Zhuang, L., Zhou, F., Tygar, J.D.: Keyboard acoustic emanations revisited. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 373–382, November (2005)
Zhuang, L., Zhou, F., Tygar, J.D.: Keyboard acoustic emanations revisited. ACM Trans. Inf. Syst. Secur. (TISSEC) 13(1), 3–26 (October 2009)
The authors would like to thank Avishai Wool, Yigael Berger, and Doug Tygar for discussions related to prior work on keyboard acoustic emanations. This work was supported in part by the NSF (under Grant No. 0966187). The views and conclusions contained in this document are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied, of any of the sponsors.
About this article
Cite this article
Halevi, T., Saxena, N. Keyboard acoustic side channel attacks: exploring realistic and security-sensitive scenarios. Int. J. Inf. Secur. 14, 443–456 (2015). https://doi.org/10.1007/s10207-014-0264-7
- Keyboard acoustic emanations
- Random passwords
- Signal processing