ABSTRACT
Acoustic emanations of computer keyboards represent a serious privacy issue. As demonstrated in prior work, physical properties of keystroke sounds might reveal what a user is typing. However, previous attacks assumed relatively strong adversary models that are not very practical in many real-world settings. Such strong models assume: (i) adversary's physical proximity to the victim, (ii) precise profiling of the victim's typing style and keyboard, and/or (iii) significant amount of victim's typed information (and its corresponding sounds) available to the adversary.
This paper presents and explores a new keyboard acoustic eavesdropping attack that involves Voice-over-IP (VoIP), called Skype & Type (S&T), while avoiding prior strong adversary assumptions. This work is motivated by the simple observation that people often engage in secondary activities (including typing) while participating in VoIP calls. As expected, VoIP software acquires and faithfully transmits all sounds, including emanations of pressed keystrokes, which can include passwords and other sensitive information. We show that one very popular VoIP software (Skype) conveys enough audio information to reconstruct the victim's input -- keystrokes typed on the remote keyboard. Our results demonstrate that, given some knowledge on the victim's typing style and keyboard model, the attacker attains top-5 accuracy of 91.7% in guessing a random key pressed by the victim.
Furthermore, we demonstrate that S&T is robust to various VoIP issues (e.g., Internet bandwidth fluctuations and presence of voice over keystrokes), thus confirming feasibility of this attack. Finally, it applies to other popular VoIP software, such as Google Hangouts.
- 2015: Skype's year in review. url: http://blogs.skype.com/2015/12/17/2015-skypes-year-in-review/ (visited on 06/29/2016).Google Scholar
- Kamran Ali et al. "Keystroke recognition using WiFi signals". In: ACM MobiCom. 2015, pp. 90--102. Google ScholarDigital Library
- Dmitri Asonov and Rakesh Agrawal. "Keyboard acoustic emanations". In: IEEE S&P. 2004, pp. 3--11.Google Scholar
- Davide Balzarotti, Marco Cova, and Giovanni Vigna. "Clearshot: Eavesdropping on keyboard input from video". In: IEEE S&P. 2008, pp. 170--183. Google ScholarDigital Library
- Yigael Berger, Avishai Wool, and Arie Yeredor. "Dictionary attacks using keyboard acoustic emanations". In: ACM CCS. 2006, pp. 245--254. Google ScholarDigital Library
- Stephen Boyd et al. "Accuracy at the top". In: NIPS. 2012, pp. 953--961. Google ScholarDigital Library
- Stuart Card, Thomas Moran, and Allen Newell. "The keystroke-level model for user performance time with interactive systems". In: CACM 7 (1980), pp. 396--410. Google ScholarDigital Library
- Anupam Das, Nikita Borisov, and Matthew Caesar. "Do you hear what I hear?: fingerprinting smart devices through embedded acoustic components". In: ACM CCS. 2014, pp. 441--452. Google ScholarDigital Library
- Jeffrey Friedman. "Tempest: A signal problem". In: NSA Cryptologic Spectrum (1972).Google Scholar
- Isabelle Guyon et al. "Gene selection for cancer classification using support vector machines". In: Machine Learning 1-3 (2002), pp. 389--422. Google ScholarDigital Library
- Tzipora Halevi and Nitesh Saxena. "A closer look at keyboard acoustic emanations: random passwords, typing styles and decoding techniques". In: ACM CCS. 2012, pp. 89--90. Google ScholarDigital Library
- Tzipora Halevi and Nitesh Saxena. "Keyboard acoustic side channel attacks: exploring realistic and security-sensitive scenarios". In: International Journal of Information Security 5 (2015), pp. 443--456. Google ScholarDigital Library
- Tadayoshi Kohno, Andre Broido, and Kimberly Claffy. "Remote physical device fingerprinting". In: IEEE TDSC 2 (2005), pp. 93--108. Google ScholarDigital Library
- Paul Lamere et al. "The CMU SPHINX-4 speech recognition system". In: IEEE ICASSP. 2003, pp. 2--5.Google Scholar
- Jian Liu et al. "Snooping keystrokes with mm-level audio ranging on a single phone". In: ACM MobiCom. 2015, pp. 142--154. Google ScholarDigital Library
- Beth Logan et al. "Mel Frequency Cepstral Coefficients for Music Modeling." In: ISMIR. 2000.Google Scholar
- Jan Lukas, Jessica Fridrich, and Miroslav Goljan. "Digital camera identification from sensor pattern noise". In: IEEE TIFS 2 (2006), pp. 205--214. Google ScholarDigital Library
- Philip Marquardt et al. "(sp) iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers". In: ACM CCS. 2011, pp. 551--562. Google ScholarDigital Library
- Zdenek Martinasek, Vlastimil Clupek, and Krisztina Trasy. "Acoustic attack on keyboard using spectrogram and neural network". In: TSP. 2015, pp. 637--641.Google Scholar
- Microsoft BUILD 2016 Keynote. url: https://channel9.msdn.com/Events/Build/2016/KEY01 (visited on 06/29/2016).Google Scholar
- Opus Codec Support. url: https://wiki.xiph.org/OpusSupport (visited on 07/19/2016).Google Scholar
- Over 1 billion Skype mobile downloads. url: http://blogs.skype.com/2016/04/28/over-1-billion-skype-mobile-downloads-thank-you/ (visited on 06/29/2016).Google Scholar
- Oxford Dictionary - Which letters in the alphabet are used most often. url: http://www.oxforddictionaries.com/words/which-letters-are-used-most (visited on 06/29/2016).Google Scholar
- EH Rothauser et al. "IEEE recommended practice for speech quality measurements". In: IEEE Transactions on Audio and Electroacoustics 3 (1969), pp. 225--246.Google Scholar
- Diksha Shukla et al. "Beware, your hands reveal your secrets!" In: ACM CCS. 2014, pp. 904--917. Google ScholarDigital Library
- Jean-Marc Valin, Koen Vos, and T Terriberry. "Definition of the Opus audio codec". In: IETF, September (2012).Google Scholar
- Martin Vuagnoux and Sylvain Pasini. "Compromising Electromagnetic Emanations of Wired and Wireless Keyboards." In: USENIX Security. 2009, pp. 1--16. Google ScholarDigital Library
- Junjue Wang et al. "Ubiquitous keyboard for small mobile devices: harnessing multipath fading for fine-grained keystroke localization". In: ACM MobiSys. 2014, pp. 14--27. Google ScholarDigital Library
- RL Wegel and CE Lane. "The auditory masking of one pure tone by another and its probable relation to the dynamics of the inner ear". In: Physical Review 2 (1924), p. 266.Google ScholarCross Ref
- Teng Wei et al. "Acoustic eavesdropping through wireless vibrometry". In: ACM MobiCom. 2015, pp. 130--141. Google ScholarDigital Library
- Tong Zhu et al. "Context-free attacks using keyboard acoustic emanations". In: ACM CCS. 2014, pp. 453--464. Google ScholarDigital Library
- Li Zhuang, Feng Zhou, and Doug Tygar. "Keyboard acoustic emanations revisited". In: ACM TISSEC 1 (2009), p. 3. Google ScholarDigital Library
Index Terms
- Don't Skype & Type!: Acoustic Eavesdropping in Voice-Over-IP
Recommendations
Skype & Type: Keyboard Eavesdropping in Voice-over-IP
Voice-over-IP (VoIP) software are among the most widely spread and pervasive software, counting millions of monthly users. However, we argue that people ignore the drawbacks of transmitting information along with their voice, such as keystroke sounds—as ...
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
AbstractSide-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...
Traffic analysis attacks on Skype VoIP calls
Skype is one of the most popular voice-over-IP (VoIP) service providers. One of the main reasons for the popularity of Skype VoIP services is its unique set of features to protect privacy of VoIP calls such as strong encryption, proprietary protocols, ...
Comments