Skip to main content
SpringerLink
Log in

On the Practicality of Motion Based Keystroke Inference Attack

  • Conference paper
Trust and Trustworthy Computing (Trust 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7344))

Included in the following conference series:

Abstract

Recent researches have shown that motion sensors may be used as a side channel to infer keystrokes on the touchscreen of smartphones. However, the practicality of this attack is unclear. For example, does this attack work on different devices, screen dimensions, keyboard layouts, or keyboard types? Does this attack depend on specific users or is it user independent? To answer these questions, we conducted a user study where 21 participants typed a total of 47,814 keystrokes on four different mobile devices in six settings. Our results show that this attack remains effective even though the accuracy is affected by user habits, device dimension, screen orientation, and keyboard layout. On a number-only keyboard, after the attacker tries 81 4-digit PINs, the probability that she has guessed the correct PIN is 65%, which improves the accuracy rate of random guessing by 81 times. Our study also indicates that inference based on the gyroscope is more accurate than that based on the accelerometer. We evaluated two classification techniques in our prototype and found that they are similarly effective.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Keystroke logging wiki page, http://en.wikipedia.org/wiki/Keystroke_logging

  2. Asonov, D., Agrawal, R.: Keyboard acoustic emanations. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 3–11 (May 2004)

    Google Scholar 

  3. Aylward, R., Lovell, S.D., Paradiso, J.A.: A compact, wireless, wearable sensor network for interactive dance ensembles. In: International Workshop on Wearable and Implantable Body Sensor Networks, BSN 2006, pages 4, p. 70 (April 2006)

    Google Scholar 

  4. Cai, L., Chen, H.: Touchlogger: inferring keystrokes on touch screen from smartphone motion. In: Proceedings of the 6th USENIX Conference on Hot Topics in Security, HotSec 2011, p. 9 (2011)

    Google Scholar 

  5. Cai, L., Machiraju, S., Chen, H.: Defending against sensor-sniffing attacks on mobile phones. In: Proceedings of the 1st ACM Workshop on Networking, Systems, and Applications for Mobile Handhelds, MobiHeld 2009, pp. 31–36 (2009)

    Google Scholar 

  6. Choe, B., Min, J.-K., Cho, S.-B.: Online Gesture Recognition for User Interface on Accelerometer Built-in Mobile Phones. In: Wong, K.W., Mendis, B.S.U., Bouzerdoum, A. (eds.) ICONIP 2010, Part II. LNCS, vol. 6444, pp. 650–657. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  7. Chong, M.K., Marsden, G., Gellersen, H.: Gesturepin: using discrete gestures for associating mobile devices. In: Proceedings of the 12th International Conference on Human Computer Interaction with Mobile Devices and Services, MobileHCI 2010, pp. 261–264 (2010)

    Google Scholar 

  8. Kune, D.F., Kim, Y.: Timing attacks on pin input devices. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 678–680 (2010)

    Google Scholar 

  9. Madzarov, D.G.G., Chorbev, I.: A multiclass svm classifier utilizing binary decision tree. In: Informatica33, pp. 233–241 (2009)

    Google Scholar 

  10. Hancke, G.P.: Gesture recognition as ubiquitous input for mobile phones (2008)

    Google Scholar 

  11. Lester, J., Hannaford, B., Borriello, G.: “Are You with Me?” - Using Accelerometers to Determine If Two Devices Are Carried by the Same Person. In: Ferscha, A., Mattern, F. (eds.) PERVASIVE 2004. LNCS, vol. 3001, pp. 33–50. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  12. Liu, J., Wang, Z., Zhong, L., Wickramasuriya, J., Vasudevan, V.: uwave: Accelerometer-based personalized gesture recognition and its applications. Pervasive and Mobile Computing 5, 1–9 (2009)

    Article  MATH  Google Scholar 

  13. Mayrhofer, R., Gellersen, H.-W.: Shake Well Before Use: Authentication Based on Accelerometer Data. In: LaMarca, A., Langheinrich, M., Truong, K.N. (eds.) Pervasive 2007. LNCS, vol. 4480, pp. 144–161. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  14. Min, C.-H., Tewfik, A.H.: Automatic characterization and detection of behavioral patterns using linear predictive coding of accelerometer sensor data. In: Proceedings of the International Conference of IEEE Engineering in Medicine and Biology Society, vol. 2010, pp. 220–223 (2010)

    Google Scholar 

  15. Nasiri, S., Sachs, D., Maia, M.: Selection and integration of mems-based motion processing in consumer apps (July 2009), http://invensense.com/mems/gyro/documents/whitepapers/Selection-and-integration-of-MEMS-based-motion-processing-in-consumer-apps-070809-EE-Times.pdf

  16. Niu, Y., Chen, H.: Gesture authentication with touch input for mobile devices. In: 3rd International Conference on Security and Privacy in Mobile Information and Communication Systems, MobiSec 2011 (May 2011)

    Google Scholar 

  17. Owusu, E., Han, J., Das, S., Perrig, A., Zhang, J.: Accessory: password inference using accelerometers on smartphones. In: Proceedings of the Twelfth Workshop on Mobile Computing Systems and Applications, HotMobile 2012, pp. 9:1–9:6. ACM, New York (2012)

    Google Scholar 

  18. Pham, C., Plötz, T., Olivier, P.: A Dynamic Time Warping Approach to Real-Time Activity Recognition for Food Preparation. In: de Ruyter, B., Wichert, R., Keyson, D.V., Markopoulos, P., Streitz, N., Divitini, M., Georgantas, N., Mana Gomez, A. (eds.) AmI 2010. LNCS, vol. 6439, pp. 21–30. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  19. Popescu, A., Block, S.: DeviceOrientation event specification, editor’s draft 9 (February 2011), http://dev.w3.org/geo/api/spec-source-orientation.html

  20. Song, D.X., Wagner, D., Tian, X.: Timing analysis of keystrokes and timing attacks on ssh. In: Proceedings of the 10th conference on USENIX Security Symposium, vol. 10, p. 25 (2001)

    Google Scholar 

  21. Vuagnoux, M., Pasini, S.: Compromising electromagnetic emanations of wired and wireless keyboards. In: Proceedings of the 18th Conference on USENIX Security Symposium, SSYM 2009, pp. 1–16 (2009)

    Google Scholar 

  22. Wu, J., Pan, G., Zhang, D., Qi, G., Li, S.: Gesture Recognition with a 3-D Accelerometer. In: Zhang, D., Portmann, M., Tan, A.-H., Indulska, J. (eds.) UIC 2009. LNCS, vol. 5585, pp. 25–38. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  23. Xu, N., Zhang, F., Luo, Y., Jia, W., Xuan, D., Teng, J.: Stealthy video capturer: a new video-based spyware in 3G smartphones. In: Proceedings of the Second ACM Conference on Wireless Network Security, WiSec 2009, pp. 69–78 (2009)

    Google Scholar 

  24. Zhang, K., Zhou, X., Intwala, M., Kapadia, A., Wang, X.: Soundcomber: A stealthy and context-aware sound trojan for smartphones. In: Proceedings of the 18th Annual Networkand Distributed System Security Symposium, NDSS 2011 (2011)

    Google Scholar 

  25. Zhuang, L., Zhou, F., Tygar, J.D.: Keyboard acoustic emanations revisited. ACM Transactions on Information and System Security 13, 3:1–3:26 (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of California, Davis, USA

    Liang Cai & Hao Chen

Authors
  1. Liang Cai
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hao Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Technical University Darmstadt, Hochschulstrasse 10, 64289, Darmstadt, Germany

    Stefan Katzenbeisser  & Melanie Volkamer  & 

  2. Institute of Software Technology and Interactive Systems, Vienna University of Technology and SBA Research, Favoritenstrsse 9-11, 1040, Vienna, Austria

    Edgar Weippl

  3. School of Informatics, Indiana University, 901 East Tenth Street, 47405, Bloomington, IN, USA

    L. Jean Camp

  4. Department of Computer Science, University of North Carolina at Chapel Hill, 201 S. Columbia Street UNH-CH, 27599-3175, Chapel Hill, NC, USA

    Mike Reiter

  5. Huawei America R&D, 2330 Central Expressway, 95050, Santa Clara, CA, USA

    Xinwen Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cai, L., Chen, H. (2012). On the Practicality of Motion Based Keystroke Inference Attack. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds) Trust and Trustworthy Computing. Trust 2012. Lecture Notes in Computer Science, vol 7344. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30921-2_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-30921-2_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-30920-5

  • Online ISBN: 978-3-642-30921-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation