research-article

A closer look at keyboard acoustic emanations: random passwords, typing styles and decoding techniques

Authors:

T. Halevi,

N. SaxenaAuthors Info & Claims

ASIACCS '12: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security

Pages 89 - 90

https://doi.org/10.1145/2414456.2414509

Published: 02 May 2012 Publication History

Get Access

Abstract

We take a closer look at keyboard acoustic emanations specifically for the purpose of eavesdropping over random passwords. In this scenario, dictionary and HMM language models are not applicable; the attacker can only utilize the raw acoustic information which has been recorded. We investigate several existing signal processing techniques for our purpose, and introduce a novel technique -- time-frequency decoding -- that improves the detection accuracy compared to previous techniques. We also carefully examine the effect of typing style -- a crucial variable largely ignored by prior research -- on the detection accuracy. Our results show that using the same typing style (hunt and peck) for both training and decoding the data, the best case success rate for detecting correctly the typed key is 64% per character. The results also show that changing the typing style, to touch typing, during the decoding stage reduces the success rate, but using the time-frequency technique, we can still achieve a success rate of around 40% per character.

Our work takes the keyboard acoustic attack one step further, bringing it closer to a full-fledged vulnerability under realistic scenarios (different typing styles and random passwords). Our results suggest that while the performance of these attacks degrades under such conditions, it is still possible, utilizing the time-frequency technique, to considerably reduce the exhaustive search complexity of retrieving a random password.

References

[1]

D. Asonov and R. Agrawal. Keyboard acoustic emanations. In IEEE Symposium on Security and Privacy, 2004.

Crossref

Google Scholar

[2]

Y. Berger, A. Wool and A. Yeredor, Dictionary Attacks Using Keyboard Acoustic Emanations. In Conference on Computer and Communications Security, SESSION: Attacks and cryptanalysis, Pages: 245--254, 2006.

Digital Library

Google Scholar

[3]

P. Inglesant and M. A. Sasse. The true cost of unusable password policies: password use in the wild. In CHI '10: Proceedings of the 28th international conference on Human factors in computing systems, pages 383--392, 2010.

Digital Library

Google Scholar

[4]

A. Moore, School of Computer Science, Carnegie Mellon University. Hidden Markov Model. http://www.autonlab.org/tutorials/hmm14.pdf.

Google Scholar

[5]

"Keyboard Acoustic Emanations Revisited" presentation. http://cs.unc.edu/~fabian/courses/CS600.624/slides/emanations.pdf.

Google Scholar

[6]

Typing. Wikipedia, available at http://en.wikipedia.org/wiki/Typing.

Google Scholar

[7]

R. Shay, S. Komanduri, K. G. Patrick, P. G. Leon, M. L. Mazurek, L. Bauer, N. Christin and L. F. Cranor. Encountering stronger password requirements: user attitudes and behaviors In SOUPS '10: Proceedings of the Sixth Symposium on Usable Privacy and Security, 2010.

Digital Library

Google Scholar

[8]

A. Wool and Y. Berger. Personal communication on the subject of typing styles used in prior research on keyboard acoustic emanations. April, 2010.

Google Scholar

[9]

L. Zhuang, F. Zhou, J. D. Tygar, Keyboard Acoustic Emanations Revisited. In Proceedings of the 12th ACM Conference on Computer and Communications Security, November 2005, pp. 373--382.

Digital Library

Google Scholar

[10]

L. Zhuang, F. Zhou, J. D. Tygar, Keyboard Acoustic Emanations Revisited. In ACM Transactions on Information and System Security (TISSEC), October 2009, Volume 13 Issue 1, pp. 3--26.

Digital Library

Google Scholar

Cited By

View all

Ozkan AKilic BAcarturk C(2024)Keystroke Transcription from Acoustic Emanations Using Continuous Wavelet TransformMachine Learning for Cyber Security10.1007/978-981-97-2458-1_1(1-16)Online publication date: 23-Apr-2024
https://doi.org/10.1007/978-981-97-2458-1_1
Harrison JToreini EMehrnezhad M(2023)A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW59978.2023.00034(270-280)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSPW59978.2023.00034
Manimaran SSastry VGopalan N(2022)BPLMSBT: Blockchain-Based Permission List for Mitigating the Sensor-Based Threats on SmartphonesIEEE Sensors Journal10.1109/JSEN.2022.316789322:11(11075-11087)Online publication date: 1-Jun-2022
https://doi.org/10.1109/JSEN.2022.3167893
Show More Cited By

Index Terms

A closer look at keyboard acoustic emanations: random passwords, typing styles and decoding techniques

Recommendations

I Know Your Keyboard Input: A Robust Keystroke Eavesdropper Based-on Acoustic Signals
MM '21: Proceedings of the 29th ACM International Conference on Multimedia

Recently, smart devices equipped with microphones have become increasingly popular in people's lives. However, when users type on a keyboard near devices with microphones, the acoustic signals generated by different keystrokes may leak the user's ...
Context-free Attacks Using Keyboard Acoustic Emanations
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

The emanations of electronic and mechanical devices have raised serious privacy concerns. It proves possible for an attacker to recover the keystrokes by acoustic signal emanations. Most existing malicious applications adopt context-based approaches, ...
Keyboard Emanations in Remote Voice Calls: Password Leakage and Noise(less) Masking Defenses
CODASPY '18: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy

Keyboard acoustic side channel attacks to date have been mostly studied in the context of an adversary eavesdropping on keystrokes by placing a listening device near the intended victim creating a local eavesdropping scenario. However, being in close ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ASIACCS '12: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security

May 2012

119 pages

ISBN:9781450316484

DOI:10.1145/2414456

General Chairs:
Heung Youl Youm
SoonChunHyang University, Korea
,
Yoojae Won
Kisa, Korea

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 May 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ASIA CCS '12

Sponsor:

SIGSAC

ASIA CCS '12: 7th ACM Symposium on Information, Compuer and Communications Security

May 2 - 4, 2012

Seoul, Korea

Acceptance Rates

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

27
Total Citations
View Citations
417
Total Downloads

Downloads (Last 12 months)27
Downloads (Last 6 weeks)3

Reflects downloads up to 25 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Ozkan AKilic BAcarturk C(2024)Keystroke Transcription from Acoustic Emanations Using Continuous Wavelet TransformMachine Learning for Cyber Security10.1007/978-981-97-2458-1_1(1-16)Online publication date: 23-Apr-2024
https://doi.org/10.1007/978-981-97-2458-1_1
Harrison JToreini EMehrnezhad M(2023)A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW59978.2023.00034(270-280)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSPW59978.2023.00034
Manimaran SSastry VGopalan N(2022)BPLMSBT: Blockchain-Based Permission List for Mitigating the Sensor-Based Threats on SmartphonesIEEE Sensors Journal10.1109/JSEN.2022.316789322:11(11075-11087)Online publication date: 1-Jun-2022
https://doi.org/10.1109/JSEN.2022.3167893
Manimaran SSastry VGopalan N(2022)SBTDDLComputers and Security10.1016/j.cose.2022.102729118:COnline publication date: 1-Jul-2022
https://dl.acm.org/doi/10.1016/j.cose.2022.102729
Manimaran SSastry VGopalan N(2022)STMAD: sensor-based threat’s mitigation on smartphones using allowlist and denylistThe Journal of Supercomputing10.1007/s11227-022-04523-278:14(16336-16363)Online publication date: 4-May-2022
https://doi.org/10.1007/s11227-022-04523-2
Balagani KCardaioli MCecconello SConti MTsudik G(2022)We Can Hear Your PIN Drop: An Acoustic Side-Channel Attack on ATM PIN PadsComputer Security – ESORICS 202210.1007/978-3-031-17140-6_31(633-652)Online publication date: 25-Sep-2022
https://doi.org/10.1007/978-3-031-17140-6_31
Yu ZKaplan ZYan QZhang N(2021)Security and Privacy in the Emerging Cyber-Physical World: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2021.308145023:3(1879-1919)Online publication date: Nov-2022
https://doi.org/10.1109/COMST.2021.3081450
Sikder APetracca GAksu HJaeger TUluagac A(2021)A Survey on Sensor-Based Threats and Attacks to Smart Devices and ApplicationsIEEE Communications Surveys & Tutorials10.1109/COMST.2021.306450723:2(1125-1159)Online publication date: Oct-2022
https://doi.org/10.1109/COMST.2021.3064507
Sikder AAksu HUluagac A(2020)A Context-Aware Framework for Detecting Sensor-Based Threats on Smart DevicesIEEE Transactions on Mobile Computing10.1109/TMC.2019.289325319:2(245-261)Online publication date: 1-Feb-2020
https://doi.org/10.1109/TMC.2019.2893253
Cardaioli MConti MBalagani KGasti P(2020)Your PIN Sounds Good! Augmentation of PIN Guessing Strategies via Audio LeakageComputer Security – ESORICS 202010.1007/978-3-030-58951-6_35(720-735)Online publication date: 12-Sep-2020
https://doi.org/10.1007/978-3-030-58951-6_35
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

I Know Your Keyboard Input: A Robust Keystroke Eavesdropper Based-on Acoustic Signals

Context-free Attacks Using Keyboard Acoustic Emanations

Keyboard Emanations in Remote Voice Calls: Password Leakage and Noise(less) Masking Defenses