Abstract
Keyboard acoustic side channel attacks have been shown to utilize the audio leakage from typing on the keyboard to infer the typed words up to a certain degree of accuracy. Researchers have continued to improve upon the accuracy of such attacks by employing different techniques and attack vectors such as feature extraction and classification, keyboard geometry and triangulation.
While research is still ongoing towards further improving acoustic side channel attacks, much work has been lacking in building a working defense mechanism against such class of attacks. In this paper, we set out to propose a practical defense mechanism against keyboard acoustic attacks specifically on password typing and test its performance against several attack vectors. Our defense involves the use of various background sounds to mask the audio leakage from the keyboard thereby preventing the side channel attacks from gaining usable information about the typed password. The background sounds are generated by the device that is used to input the passwords. We also evaluate the usability of our approach and show that the addition of background sounds does not hamper users’ capability to input passwords.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
A similar concept is used in a vibrational side channel attack that measures the surface vibrations using accelerometers when the key is pressed.
References
Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42, 12 (1999)
Asonov, D., Agrawal, R.: Keyboard acoustic emanations. In: IEEE Symposium on Security and Privacy (2004)
Backes, M., Dürmuth, M., Gerling, S., Pinkal, M., Sporleder, C.: Acoustic side-channel attacks on printers. In: USENIX Security Symposium (2005)
Berger, Y., Wool, A., Yeredor, A.: Dictionary attacks using keyboard acoustic emanations. In: ACM Conference on Computer and Communications Security (2006)
Brooke, J.: Sus - a quick and dirty usability scale. In: Jordan, P., Thomas, B., Weerdmeester, B., McClelland, I.L. (eds.) Usability Evaluation in Industry. Taylor and Francis, London (1996)
Fiona, A.: Keyboard acoustic triangulation attack (2006). http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.100.3156&rep=rep.1&type=pdf. (Final Year Project)
Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 444–461. Springer, Heidelberg (2014). doi:10.1007/978-3-662-44371-2_25
Halevi, T., Saxena, N.: A closer look at keyboard acoustic emanations: random passwords, typing styles and decoding techniques. In: ACM Symposium on Information, Computer and Communications Security (2012)
Lewis, J.R., Sauro, J.: The factor structure of the system usability scale. In: Kurosu, M. (ed.) HCD 2009. LNCS, vol. 5619, pp. 94–103. Springer, Heidelberg (2009). doi:10.1007/978-3-642-02806-9_12
Marquardt, P., Verma, A., Carter, H., Traynor, P.: (sp)iphone: decoding vibrations from nearby keyboards using mobile phone accelerometers. In: ACM Conference on Computer and Communications Security (2011)
Morris, R., Thompson, K.: Password security: a case history. Commun. ACM 22, 11 (1979)
Ross, B., Jackson, C., Miyake, N., Boneh, D., Mitchell, J.C.: Stronger password authentication using browser extensions. In: USENIX Security Symposium (2005)
Song, D., Wagner, D., Tian, X.: Timing analysis of keystrokes and timing attacks on ssh. In: USENIX Security Symposium (2001)
Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: empirical results. IEEE Secur. Priv. 2, 5 (2004)
Zhu, T., Ma, Q., Zhang, S., Liu, Y.: Context-free attacks using keyboard acoustic emanations. In: ACM SIGSAC Conference on Computer and Communications Security, pp. 453–464 (2014)
Zhuang, L., Zhou, F., Tygar, J.D.: Keyboard acoustic emanations revisited. ACM Trans. Inf. Syst. Secur. 13, 1 (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
Audio for combined signal (x axis represents the time and y axis represents the normalized amplitude of the signal)
Spectrogram for combined signal
Rights and permissions
Copyright information
© 2017 International Financial Cryptography Association
About this paper
Cite this paper
Anand, S.A., Saxena, N. (2017). A Sound for a Sound: Mitigating Acoustic Side Channel Attacks on Password Keystrokes with Active Sounds. In: Grossklags, J., Preneel, B. (eds) Financial Cryptography and Data Security. FC 2016. Lecture Notes in Computer Science(), vol 9603. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-54970-4_21
Download citation
DOI: https://doi.org/10.1007/978-3-662-54970-4_21
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-54969-8
Online ISBN: 978-3-662-54970-4
eBook Packages: Computer ScienceComputer Science (R0)