期刊
IEEE TRANSACTIONS ON MOBILE COMPUTING
卷 20, 期 2, 页码 337-351出版社
IEEE COMPUTER SOC
DOI: 10.1109/TMC.2019.2947468
关键词
Keystroke inference; indirect eavesdropping attack; acoustic signals
资金
- NSFC [61772338]
This paper demonstrates the feasibility and practicality of a side-channel attack using a smartphone to infer keystrokes on a touch screen. It shows the accuracy and potential privacy leakage of keystrokes inference through an indirect eavesdropping attack leveraging audio devices on a smartphone.
This paper demonstrates the feasibility of a side-channel attack to infer keystrokes on touch screen leveraging an off-the-shelf smartphone. Although there exist some studies on keystroke eavesdropping attacks on touch screen, they are mainly direct eavesdropping attacks, i.e., require the device of victims compromised to provide side-channel information for the adversary, which are hardly launched in practical scenarios. In this work, we show the practicability of an indirect eavesdropping attack, KeyListener, which infers keystrokes on QWERTY keyboards of touch screen leveraging audio devices on a smartphone. We investigate the attenuation of acoustic signals, and find that a user's keystroke fingers can be localized through the attenuation of acoustic signals received by the microphones in the smartphone. We then utilize the attenuation of acoustic signals to localize each keystroke, and further analyze errors induced by ambient noises. To improve the accuracy of keystroke localization, KeyListener further tracks finger movements during inputs through phase change and Doppler effect to reduce errors of acoustic signal attenuation-based keystroke localization. In addition, a binary tree-based search approach is employed to infer keystrokes in a context-aware manner. The proposed keystroke eavesdropping attack is robust to various environments without the assistance of additional infrastructures. Extensive experiments demonstrate that the accuracy of keystroke inference in top-5 candidates can approach 90 percent with a top-5 error rate of around 6 percent, which is a strong indication of the possible user privacy leakage of inputs on QWERTY keyboard.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据