research-article

Public Access

No Training Hurdles: Fast Training-Agnostic Attacks to Infer Your Typing

Authors:

Shangqing Zhao,

Haojin ZhuAuthors Info & Claims

CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

Pages 1747 - 1760

https://doi.org/10.1145/3243734.3243755

Published: 15 October 2018 Publication History

Abstract

Traditional methods to eavesdrop keystrokes leverage some malware installed in a target computer to record the keystrokes for an adversary. Existing research work has identified a new class of attacks that can eavesdrop the keystrokes in a non-invasive way without infecting the target computer to install a malware. The common idea is that pressing a key of a keyboard can cause a unique and subtle environmental change, which can be captured and analyzed by the eavesdropper to learn the keystrokes. For these attacks, however, a training phase must be accomplished to establish the relationship between an observed environmental change and the action of pressing a specific key. This significantly limits the impact and practicality of these attacks. In this paper, we discover that it is possible to design keystroke eavesdropping attacks without requiring the training phase. We create this attack based on the channel state information extracted from wireless signal. To eavesdrop keystrokes, we establish a mapping between typing each letter and its respective environmental change by exploiting the correlation among observed changes and known structures of dictionary words. We implement this attack on software-defined radio platforms and conduct a suite of experiments to validate the impact of this attack. We point out that this paper does not propose to use wireless signal for inferring keystrokes, since such work already exists. Instead, the main goal of this paper is to propose new techniques to remove the training process, which can make existing work unpractical.

Supplementary Material

MP4 File (p1747-fang.mp4)

Download
417.54 MB

References

[1]

Fadel Adib, Chen-Yu Hsu, Hongzi Mao, Dina Katabi, and Frédo Durand. 2015. Capturing the Human Figure Through a Wall. ACM Trans. Graph. Vol. 34, 6, Article 219 (Oct. 2015), 13 pages.

Digital Library

[2]

Fadel Adib and Dina Katabi. 2013. See Through Walls with WiFi!. In Proceedings of the 2013 ACM Conference on SIGCOMM (SIGCOMM '13). ACM, Hong Kong, China, 75--86.

Digital Library

[3]

Kamran Ali, Alex X. Liu, Wei Wang, and Muhammad Shahzad. 2015. Keystroke Recognition Using WiFi Signals. In Proceedings of the 21st Annual International Conference on Mobile Computing and Networking (MobiCom '15). ACM, Paris, France, 90--102.

Digital Library

[4]

Dmitri Asonov and Rakesh Agrawal. 2004. Keyboard acoustic emanations. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society, 3--11.

[5]

Davide Balzarotti, Marco Cova, and Giovanni Vigna. 2008. ClearShot: Eavesdropping on Keyboard Input from Video Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society, 170--183.

Digital Library

[6]

Yigael Berger, Avishai Wool, and Arie Yeredor. 2006. Dictionary Attacks Using Keyboard Acoustic Emanations Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS '06). ACM, Alexandria, Virginia, USA, 245--254.

Digital Library

[7]

Liang Cai and Hao Chen. 2011. TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion Proceedings of the 6th USENIX Conference on Hot Topics in Security (HotSec'11). USENIX Association, San Francisco, CA.

Digital Library

[8]

Bo Chen, Vivek Yenamandra, and Kannan Srinivasan. 2015. Tracking Keystrokes Using Wireless Signals. In Proceedings of the 13th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys '15). ACM, Florence, Italy, 31--44.

Digital Library

[9]

Alberto Compagno, Mauro Conti, Daniele Lain, and Gene Tsudik. 2017. Don'T Skype & Type!: Acoustic Eavesdropping in Voice-Over-IP Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (ASIA CCS '17). ACM, Abu Dhabi, United Arab Emirates, 703--715.

Digital Library

[10]

Mark Davies. 2017. Word frequency data from the Corpus of Contemporary American English (COCA). http://www.wordfrequency.info/free.asp.

[11]

Matt Ettus. 2005. USRP user's and developer's guide. Ettus Research LLC.

[12]

Andrea Goldsmith. 2005. Wireless Communications. Cambridge University Press, New York, NY, USA.

[13]

Jonathan Katz and Yehuda Lindell. 2007. Introduction to Modern Cryptography (Chapman & Hall/Crc Cryptography and Network Security Series). Chapman & Hall/CRC.

Digital Library

[14]

Swarun Kumar, Ezzeldin Hamed, Dina Katabi, and Li Erran Li. 2014. LTE Radio Analytics Made Easy and Accessible. In Proceedings of the 2014 ACM Conference on SIGCOMM (SIGCOMM '14). ACM, Chicago, Illinois, USA, 211--222.

Digital Library

[15]

Mengyuan Li, Yan Meng, Junyi Liu, Haojin Zhu, Xiaohui Liang, Yao Liu, and Na Ruan. 2016. When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals. In Proceedings of the 23Nd ACM SIGSAC Conference on Computer and Communications Security (CCS '16). ACM, Vienna, Austria, 1068--1079.

Digital Library

[16]

Jian Liu, Yan Wang, Gorkem Kar, Yingying Chen, Jie Yang, and Marco Gruteser. 2015 a. Snooping Keystrokes with Mm-level Audio Ranging on a Single Phone Proceedings of the 21st Annual International Conference on Mobile Computing and Networking (MobiCom '15). ACM, Paris, France, 142--154.

Digital Library

[17]

Xiangyu Liu, Zhe Zhou, Wenrui Diao, Zhou Li, and Kehuan Zhang. 2015 b. When Good Becomes Evil: Keystroke Inference with Smartwatch Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security (CCS '15). ACM, Denver, Colorado, USA, 1273--1285.

Digital Library

[18]

Philip Marquardt, Arunabh Verma, Henry Carter, and Patrick Traynor. 2011. (Sp)iPhone: Decoding Vibrations from Nearby Keyboards Using Mobile Phone Accelerometers. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS '11). ACM, Chicago, Illinois, USA, 551--562.

Digital Library

[19]

Joshua Mason, Kathryn Watkins, Jason Eisner, and Adam Stubblefield. 2006. A Natural Language Approach to Automated Cryptanalysis of Two-time Pads Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS '06). ACM, Alexandria, Virginia, USA, 235--244.

Digital Library

[20]

IEEE Subcommittee on Subjective Measurements. 1969. IEEE Recommended Practice for Speech Quality Measurements. IEEE Transactions on Audio and Electroacoustics Vol. 17, 3 (Sep. 1969), 227--246.

[21]

Alan V. Oppenheim, Alan S. Willsky, and S. Hamid Nawab. 1996. Signals & Systems (2Nd Ed.). Prentice-Hall, Inc., Upper Saddle River, NJ, USA.

Digital Library

[22]

Angela Orebaugh. 2006. An Instant Messaging Intrusion Detection System Framework: Using character frequency analysis for authorship identification and validation Proceedings 40th Annual 2006 International Carnahan Conference on Security Technology. 160--172.

[23]

Emmanuel Owusu, Jun Han, Sauvik Das, Adrian Perrig, and Joy Zhang. 2012. ACCessory: Password Inference Using Accelerometers on Smartphones Proceedings of the Twelfth Workshop on Mobile Computing Systems and Applications (HotMobile '12). ACM, San Diego, California, Article 9, 6 pages.

Digital Library

[24]

Qifan Pu, Sidhant Gupta, Shyamnath Gollakota, and Shwetak Patel. 2013. Whole-home Gesture Recognition Using Wireless Signals Proceedings of the 19th Annual International Conference on Mobile Computing and Networking (MobiCom '13). ACM, New York, NY, USA, 27--38.

Digital Library

[25]

Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. 2009. Hey, You, Get off of My Cloud: Exploring Information Leakage in Third-party Compute Clouds. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS '09). ACM, Chicago, Illinois, USA, 199--212.

Digital Library

[26]

Stan Salvador and Philip Chan. 2007. Toward Accurate Dynamic Time Warping in Linear Time and Space. Intell. Data Anal. Vol. 11, 5 (Oct. 2007), 561--580.

Digital Library

[27]

Jonathon Shlens. 2014. A Tutorial on Principal Component Analysis. CoRR Vol. abs/1404.1100 (2014). http://arxiv.org/abs/1404.1100

[28]

Diksha Shukla, Rajesh Kumar, Abdul Serwadda, and Vir V. Phoha. 2014. Beware, Your Hands Reveal Your Secrets!. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS '14). ACM, Scottsdale, Arizona, USA, 904--917.

Digital Library

[29]

Dawn Xiaodong Song, David Wagner, and Xuqing Tian. 2001. Timing Analysis of Keystrokes and Timing Attacks on SSH Proceedings of the 10th Conference on USENIX Security Symposium - Volume 10 (SSYM'01). USENIX Association, Washington, D.C., Article 25.

Digital Library

[30]

Jingchao Sun, Xiaocong Jin, Yimin Chen, Jinxue Zhang, Rui Zhang, and Yanchao Zhang. 2016. VISIBLE: Video-Assisted Keystroke Inference from Tablet Backside Motion Proceedings of the 23th Annual Network and Distributed System Security Conference (NDSS '16). The Internet Society, San Diego, California, USA.

[31]

Guanhua Wang, Yongpan Zou, Zimu Zhou, Kaishun Wu, and Lionel M. Ni. 2014 b. We Can Hear You with Wi-Fi!. In Proceedings of the 20th Annual International Conference on Mobile Computing and Networking (MobiCom '14). ACM, Maui, Hawaii, USA, 593--604.

Digital Library

[32]

He Wang, Ted Tsung-Te Lai, and Romit Roy Choudhury. 2015. MoLe: Motion Leaks Through Smartwatch Sensors. In Proceedings of the 21st Annual International Conference on Mobile Computing and Networking (MobiCom '15). ACM, Paris, France, 155--166.

Digital Library

[33]

Jue Wang and Dina Katabi. 2013. Dude, Where's My Card?: RFID Positioning That Works with Multipath and Non-line of Sight. In Proceedings of the ACM SIGCOMM 2013 Conference on SIGCOMM (SIGCOMM '13). ACM, Hong Kong, China, 51--62.

Digital Library

[34]

Junjue Wang, Kaichen Zhao, Xinyu Zhang, and Chunyi Peng. 2014 a. Ubiquitous Keyboard for Small Mobile Devices: Harnessing Multipath Fading for Fine-grained Keystroke Localization. In Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys '14). ACM, Bretton Woods, New Hampshire, USA, 14--27.

Digital Library

[35]

Qinggang Yue, Zhen Ling, Xinwen Fu, Benyuan Liu, Kui Ren, and Wei Zhao. 2014. Blind Recognition of Touched Keys on Mobile Devices Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS '14). ACM, Scottsdale, Arizona, USA, 1403--1414.

Digital Library

[36]

Qinggang Yue, Zhen Ling, Wei Yu, Benyuan Liu, and Xinwen Fu. 2015. Blind Recognition of Text Input on Mobile Devices via Natural Language Processing Proceedings of the 2015 Workshop on Privacy-Aware Mobile Computing (PAMCO '15). ACM, Hangzhou, China, 19--24.

Digital Library

[37]

Kehuan Zhang and Xiaofeng Wang. 2009. Peeping Tom in the Neighborhood: Keystroke Eavesdropping on Multi-User Systems. In Proceedings of the 18th Conference on USENIX Security Symposium (SSYM'09). USENIX Association, Montreal, Canada, 17--32.

Digital Library

[38]

Tong Zhu, Qiang Ma, Shanfeng Zhang, and Yunhao Liu. 2014. Context-free Attacks Using Keyboard Acoustic Emanations Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS '14). ACM, Scottsdale, Arizona, USA, 453--464.

Digital Library

[39]

Li Zhuang, Feng Zhou, and J. D. Tygar. 2005. Keyboard Acoustic Emanations Revisited. In Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS '05). ACM, Alexandria, VA, USA, 373--382.

Digital Library

Cited By

Chen SJiang HHu JZheng TWang MXiao ZLiu DLuo J(2025)Echoes of Fingertip: Unveiling POS Terminal Passwords Through Wi-Fi Beamforming FeedbackIEEE Transactions on Mobile Computing10.1109/TMC.2024.346556424:2(662-676)Online publication date: Feb-2025
https://doi.org/10.1109/TMC.2024.3465564
Luo JCao HJiang HYang YChen Z(2024)MIMOCrypt: Multi-User Privacy-Preserving Wi-Fi Sensing via MIMO Encryption2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00025(2812-2830)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00025
Hu JJiang HChen SZhang QXiao ZLiu DLiu JLi B(2024)WiShield: Privacy Against Wi-Fi Human TrackingIEEE Journal on Selected Areas in Communications10.1109/JSAC.2024.341459742:10(2970-2984)Online publication date: Oct-2024
https://doi.org/10.1109/JSAC.2024.3414597
Show More Cited By

Index Terms

No Training Hurdles: Fast Training-Agnostic Attacks to Infer Your Typing
1. Security and privacy
  1. Network security
    1. Mobile and wireless security

Recommendations

Keystroke statistical learning model for web authentication
ASIACCS '07: Proceedings of the 2nd ACM symposium on Information, computer and communications security

Keystroke typing characteristics is considered as one of the important biometric features that can be used to protect users against malicious attacks. In this paper we propose a statistical model for web authentication with keystroke typing ...
Keystroke pressure-based typing biometrics authentication system using support vector machines
ICCSA'07: Proceedings of the 2007 international conference on Computational science and Its applications - Volume Part II

Security of an information system depends to a large extent on its ability to authenticate legitimate users as well as to withstand attacks of various kinds. Confidence in its ability to provide adequate authentication is, however, waning. This is ...
Typing Patterns: A Key to User Identification

The deficiencies of traditional password-based access systems have become more acute as these systems have grown in size and scope. Researchers are actively investigating ways to improve the security of password systems or offer replacements. One ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

October 2018

2359 pages

ISBN:9781450356930

DOI:10.1145/3243734

General Chairs:
David Lie
University of Toronto
,
Mohammad Mannan
Concordia University
,
Program Chairs:
Michael Backes
CISPA Helmholtz Center i.G.
,
XiaoFeng Wang
Indiana University

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 October 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

CCS '18

Sponsor:

SIGSAC

CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security

October 15 - 19, 2018

Toronto, Canada

Acceptance Rates

CCS '18 Paper Acceptance Rate 134 of 809 submissions, 17%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

27
Total Citations
View Citations
1,011
Total Downloads

Downloads (Last 12 months)163
Downloads (Last 6 weeks)28

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Chen SJiang HHu JZheng TWang MXiao ZLiu DLuo J(2025)Echoes of Fingertip: Unveiling POS Terminal Passwords Through Wi-Fi Beamforming FeedbackIEEE Transactions on Mobile Computing10.1109/TMC.2024.346556424:2(662-676)Online publication date: Feb-2025
https://doi.org/10.1109/TMC.2024.3465564
Luo JCao HJiang HYang YChen Z(2024)MIMOCrypt: Multi-User Privacy-Preserving Wi-Fi Sensing via MIMO Encryption2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00025(2812-2830)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00025
Hu JJiang HChen SZhang QXiao ZLiu DLiu JLi B(2024)WiShield: Privacy Against Wi-Fi Human TrackingIEEE Journal on Selected Areas in Communications10.1109/JSAC.2024.341459742:10(2970-2984)Online publication date: Oct-2024
https://doi.org/10.1109/JSAC.2024.3414597
Chen SJiang HHu JXiao ZLiu D(2024)Silent Thief: Password Eavesdropping Leveraging Wi-Fi Beamforming Feedback from POS TerminalIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621321(321-330)Online publication date: 20-May-2024
https://doi.org/10.1109/INFOCOM52122.2024.10621321
He QYang EFang S(2024)A Survey on Human Profile Information Inference via Wireless SignalsIEEE Communications Surveys & Tutorials10.1109/COMST.2024.337339726:4(2577-2610)Online publication date: Dec-2025
https://doi.org/10.1109/COMST.2024.3373397
Rachakonda LSiddula MSathya V(2024)A comprehensive study on IoT privacy and security challenges with focus on spectrum sharing in Next-Generation networks (5G/6G/beyond)High-Confidence Computing10.1016/j.hcc.2024.1002204:2(100220)Online publication date: Jun-2024
https://doi.org/10.1016/j.hcc.2024.100220
Taheritajar AHarris ZRahaeimehr R(2024)A Survey on Acoustic Side Channel Attacks on KeyboardsInformation and Communications Security10.1007/978-981-97-8798-2_6(99-121)Online publication date: 25-Dec-2024
https://doi.org/10.1007/978-981-97-8798-2_6
Ren YWang YTan SChen YYang JCalandrino JTroncoso C(2023)Person re-identification in 3D spaceProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620529(5217-5234)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620529
Tu YShan LHossen MRampazzi SButler KHei XCalandrino JTroncoso C(2023)Auditory eyesightProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620248(175-192)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620248
Zhao YZhao YLi SHan HXie L(2023)UltraSnoop: Placement-agnostic Keystroke Snooping via Smartphone-based Ultrasonic SonarACM Transactions on Internet of Things10.1145/36144404:4(1-24)Online publication date: 22-Nov-2023
https://dl.acm.org/doi/10.1145/3614440
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten