Identity authentication based on keystroke latencies
Communications of the ACM
Authentication via keystroke dynamics
Proceedings of the 4th ACM conference on Computer and communications security
A Practical Implementation of the Timing Attack
CARDIS '98 Proceedings of the The International Conference on Smart Card Research and Applications
A Survey of Longest Common Subsequence Algorithms
SPIRE '00 Proceedings of the Seventh International Symposium on String Processing Information Retrieval (SPIRE'00)
Pin: building customized program analysis tools with dynamic instrumentation
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Keyboard acoustic emanations revisited
Proceedings of the 12th ACM conference on Computer and communications security
Dictionary attacks using keyboard acoustic emanations
Proceedings of the 13th ACM conference on Computer and communications security
Timing analysis of keystrokes and timing attacks on SSH
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Remote timing attacks are practical
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Secretly monopolizing the CPU without superuser privileges
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Securing Statically-verified Communications Protocols Against Timing Attacks
Electronic Notes in Theoretical Computer Science (ENTCS)
Proceedings of the 17th ACM conference on Computer and communications security
Fingerprinting websites using remote traffic analysis
Proceedings of the 17th ACM conference on Computer and communications security
Timing attacks on PIN input in VoIP networks
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
Website detection using remote traffic analysis
PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies
Enhanced operating system security through efficient and fine-grained address space randomization
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Students who don't understand information flow should be eaten: an experience paper
CSET'12 Proceedings of the 5th USENIX conference on Cyber Security Experimentation and Test
NoisyKey: tolerating keyloggers via keystrokes hiding
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
Collaborative TCP sequence number inference attack: how to crack sequence number under a second
Proceedings of the 2012 ACM conference on Computer and communications security
Hi-index | 0.00 |
A multi-user system usually involves a large amount of information shared among its users. The security implications of such information can never be underestimated. In this paper, we present a new attack that allows a malicious user to eavesdrop on other users' keystrokes using such information. Our attack takes advantage of the stack information of a process disclosed by its virtual file within procfs, the process file system supported by Linux. We show that on a multi-core system, the ESP of a process when it is making system calls can be effectively sampled by a "shadow" program that continuously reads the public statistical information of the process. Such a sampling is shown to be reliable even in the presence of multiple users, when the system is under a realistic workload. From the ESP content, a keystroke event can be identified if they trigger system calls. As a result, we can accurately determine inter-keystroke timings and launch a timing attack to infer the characters the victim entered. We developed techniques for automatically analyzing an application's binary executable to extract the ESP pattern that fingerprints a keystroke event. The occurrences of such a pattern are identified from an ESP trace the shadow program records from the application's runtime to calculate timings. These timings are further analyzed using a HiddenMarkovModel and other public information related to the victim on a multi-user system. Our experimental study demonstrates that our attack greatly facilitates password cracking and also works very well on recognizing English words.