UAB - The University of Alabama at Birmingham

Keystroke Emanations & Side Channel Attacks

Keystroke emanations have been found to leak information through side channels. This information can be exploited via side channel attacks for nefarious purpose. Such attacks fall in the category of side channel attacks that tend to exploit the physical implementation of the deployed security mechanism rather than using brute force or algorithmic weakness inherent in the mechanism.

We have set out to investigate acoustic side channel attacks using keystroke emanations in the context of passwords and other sensitive information (e.g. credit card data, SSN, ATM PIN). We study these attacks in different scenarios that closely resemble real world situations. We also explore remote eavesdropping scenarios where VoIP applications can be exploited to overhear the keystroke emanations that can later be used to extract confidential information.

Figure1: Acoustic eavesdropping attack model for keystroke emanations.

Figure1: Acoustic eavesdropping attack model for keystroke emanations.

We also focus on designing a competent defense system that can help contain the privacy breach due to side channel attacks. For acoustic side channel attack, we are researching signal-masking techniques that can cloak the keystroke emanations making it hard for an attack to exploit the audio leakage due to the emanations. The masking signal is played as a background noise at an appropriate volume for decreasing the signal to noise ratio, making it harder to isolate the keystroke emanations. Such defense measures are also tested for their effectiveness under multiple scenarios and for their usability, as the users should not be distracted from their work while the masking signal is being played.

Figure 2: Defense model involving the use of masking signal to cloak keystroke emanations.

Figure 2: Defense model involving the use of masking signal to cloak keystroke emanations.

People

Faculty

Student

Publication

Media Coverage