Keyboard acoustic emanations revisited
Proceedings of the 12th ACM conference on Computer and communications security
Dictionary attacks using keyboard acoustic emanations
Proceedings of the 13th ACM conference on Computer and communications security
Keyboard acoustic emanations revisited
ACM Transactions on Information and System Security (TISSEC)
The true cost of unusable password policies: password use in the wild
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Encountering stronger password requirements: user attitudes and behaviors
Proceedings of the Sixth Symposium on Usable Privacy and Security
Hi-index | 0.00 |
We take a closer look at keyboard acoustic emanations specifically for the purpose of eavesdropping over random passwords. In this scenario, dictionary and HMM language models are not applicable; the attacker can only utilize the raw acoustic information which has been recorded. We investigate several existing signal processing techniques for our purpose, and introduce a novel technique -- time-frequency decoding -- that improves the detection accuracy compared to previous techniques. We also carefully examine the effect of typing style -- a crucial variable largely ignored by prior research -- on the detection accuracy. Our results show that using the same typing style (hunt and peck) for both training and decoding the data, the best case success rate for detecting correctly the typed key is 64% per character. The results also show that changing the typing style, to touch typing, during the decoding stage reduces the success rate, but using the time-frequency technique, we can still achieve a success rate of around 40% per character. Our work takes the keyboard acoustic attack one step further, bringing it closer to a full-fledged vulnerability under realistic scenarios (different typing styles and random passwords). Our results suggest that while the performance of these attacks degrades under such conditions, it is still possible, utilizing the time-frequency technique, to considerably reduce the exhaustive search complexity of retrieving a random password.