398 research outputs found
A Survey on Acoustic Side Channel Attacks on Keyboards
Most electronic devices utilize mechanical keyboards to receive inputs,
including sensitive information such as authentication credentials, personal
and private data, emails, plans, etc. However, these systems are susceptible to
acoustic side-channel attacks. Researchers have successfully developed methods
that can extract typed keystrokes from ambient noise. As the prevalence of
keyboard-based input systems continues to expand across various computing
platforms, and with the improvement of microphone technology, the potential
vulnerability to acoustic side-channel attacks also increases. This survey
paper thoroughly reviews existing research, explaining why such attacks are
feasible, the applicable threat models, and the methodologies employed to
launch and enhance these attacks.Comment: 22 pages, conferenc
SoK: Acoustic Side Channels
We provide a state-of-the-art analysis of acoustic side channels, cover all
the significant academic research in the area, discuss their security
implications and countermeasures, and identify areas for future research. We
also make an attempt to bridge side channels and inverse problems, two fields
that appear to be completely isolated from each other but have deep
connections.Comment: 16 page
Don’t Interrupt Me While I Type: Inferring Text Entered Through Gesture Typing on Android Keyboards
We present a new side-channel attack against soft keyboards that support gesture typing on Android smartphones. An application without any special permissions can observe the number and timing of the screen hardware interrupts and system-wide software interrupts generated during user input, and analyze this information to make inferences about the text being entered by the user. System-wide information is usually considered less sensitive than app-specific information, but we provide concrete evidence that this may be mistaken. Our attack applies to all Android versions, including Android M where the SELinux policy is tightened.
We present a novel application of a recurrent neural network as our classifier to infer text. We evaluate our attack against the “Google Keyboard” on Nexus 5 phones and use a real-world chat corpus in all our experiments. Our evaluation considers two scenarios. First, we demonstrate that we can correctly detect a set of pre-defined “sentences of interest” (with at least 6 words) with 70% recall and 60% precision. Second, we identify the authors of a set of anonymous messages posted on a messaging board. We find that even if the messages contain the same number of words, we correctly re-identify the author more than 97% of the time for a set of up to 35 sentences.
Our study demonstrates a new way in which system-wide resources can be a threat to user privacy. We investigate the effect of rate limiting as a countermeasure but find that determining a proper rate is error-prone and fails in subtle cases. We conclude that real-time interrupt information should be made inaccessible, perhaps via a tighter SELinux policy in the next Android version.This work was partially supported by the Samsung Electronics Research Institute (SERI), Thales, and the Carnegie Trust for the Universities of Scotland
Spoofing Against Spoofing: Towards Caller ID Verification In Heterogeneous Telecommunication Systems
Caller ID spoofing is a global industry problem and often acts as a critical
enabler for telephone fraud. To address this problem, the Federal
Communications Commission (FCC) has mandated telecom providers in the US to
implement STIR/SHAKEN, an industry-driven solution based on digital signatures.
STIR/SHAKEN relies on a public key infrastructure (PKI) to manage digital
certificates, but scaling up this PKI for the global telecom industry is
extremely difficult, if not impossible. Furthermore, it only works with
IP-based systems (e.g., SIP), leaving the traditional non-IP systems (e.g.,
SS7) unprotected. So far the alternatives to the STIR/SHAKEN have not been
sufficiently studied. In this paper, we propose a PKI-free solution, called
Caller ID Verification (CIV). CIV authenticates the caller ID based on a
challenge-response process instead of digital signatures, hence requiring no
PKI. It supports both IP and non-IP systems. Perhaps counter-intuitively, we
show that number spoofing can be leveraged, in conjunction with Dual-Tone
Multi-Frequency (DTMF), to efficiently implement the challenge-response
process, i.e., using spoofing to fight against spoofing. We implement CIV for
VoIP, cellular, and landline phones across heterogeneous networks (SS7/SIP) by
only updating the software on the user's phone. This is the first caller ID
authentication solution with working prototypes for all three types of
telephone systems in the current telecom architecture. Finally, we show how the
implementation of CIV can be optimized by integrating it into telecom clouds as
a service, which users may subscribe to.Comment: 25 pages, 12 figures, 2 table
Recent Advances in Wireless Communications and Networks
This book focuses on the current hottest issues from the lowest layers to the upper layers of wireless communication networks and provides "real-time" research progress on these issues. The authors have made every effort to systematically organize the information on these topics to make it easily accessible to readers of any level. This book also maintains the balance between current research results and their theoretical support. In this book, a variety of novel techniques in wireless communications and networks are investigated. The authors attempt to present these topics in detail. Insightful and reader-friendly descriptions are presented to nourish readers of any level, from practicing and knowledgeable communication engineers to beginning or professional researchers. All interested readers can easily find noteworthy materials in much greater detail than in previous publications and in the references cited in these chapters
On traffic analysis in anonymous communication networks
In this dissertation, we address issues related to traffic analysis attacks and the engineering
in anonymous communication networks.
Mixes have been used in many anonymous communication systems and are supposed
to provide countermeasures that can defeat various traffic analysis attacks. In
this dissertation, we first focus on a particular class of traffic analysis attack, flow
correlation attacks, by which an adversary attempts to analyze the network traffic
and correlate the traffic of a flow over an input link at a mix with that over an output
link of the same mix. Two classes of correlation methods are considered, namely
time-domain methods and frequency-domain methods. We find that a mix with any
known batching strategy may fail against flow correlation attacks in the sense that,
for a given flow over an input link, the adversary can correctly determine which output
link is used by the same flow. We theoretically analyze the effectiveness of a mix
network under flow correlation attacks.
We extend flow correlation attack to perform flow separation: The flow separation
attack separates flow aggregates into either smaller aggregates or individual flows. We
apply blind source separation techniques from statistical signal processing to separate
the traffic in a mix network. Our experiments show that this attack is effective and
scalable. By combining flow separation and frequency spectrum matching method,
a passive attacker can get the traffic map of the mix network. We use a non-trivial network to show that the combined attack works.
The second part of the dissertation focuses on engineering anonymous communication
networks. Measures for anonymity in systems must be on one hand simple and
concise, and on the other hand reflect the realities of real systems. We propose a new
measure for the anonymity degree, which takes into account possible heterogeneity.
We model the effectiveness of single mixes or of mix networks in terms of information
leakage and measure it in terms of covert channel capacity. The relationship between
the anonymity degree and information leakage is described, and an example is shown
New authentication applications in the protection of caller ID and banknote
In the era of computers and the Internet, where almost everything is interconnected, authentication plays a crucial role in safeguarding online and offline data. As authentication systems face continuous testing from advanced attacking techniques and tools, the need for evolving authentication technology becomes imperative. In this thesis, we study attacks on authentication systems and propose countermeasures. Considering various nominated techniques, the thesis is divided into two parts.
The first part introduces caller ID verification (CIV) protocol to address caller ID spoofing in telecommunication systems. This kind of attack usually follows fraud, which not only inflicts financial losses on victims but also reduces public trust in the telephone system. We propose CIV to authenticate the caller ID based on a challenge-response process. We show that spoofing can be leveraged, in conjunction with dual tone multi-frequency (DTMF), to efficiently implement the challenge-response process, i.e., using spoofing to fight against spoofing. We conduct extensive experiments showing that our solution can work reliably across the legacy and new telephony systems, including landline, cellular and Internet protocol (IP) network, without the cooperation of telecom providers.
In the second part, we present polymer substrate fingerprinting (PSF) as a method to combat counterfeiting of banknotes in the financial area. Our technique is built on the observation that the opacity coating leaves uneven thickness in the polymer substrate, resulting in random translucent patterns when a polymer banknote is back-lit by a light source. With extensive experiments, we show that our method can reliably authenticate banknotes and is robust against rough daily handling of banknotes. Furthermore, we show that the extracted fingerprints are extremely scalable to identify every polymer note circulated globally. Our method ensures that even when counterfeiters have procured the same printing equipment and ink as used by a legitimate government, counterfeiting banknotes remains infeasible
- …