WearSys 2018 Keystroke Inference Using Ambient Light Sensor on Wrist-Wearables: A Feasibility Study Mohd Sabra, Anindya Maiti Murtuza Jadliwala Wichita.

Slides:

Advertisements

Similar presentations

Smartphone-based Activity Recognition for Pervasive Healthcare - Utilizing Cloud Infrastructure for Data Modeling Bingchuan Yuan, John Herbert University.

Advertisements

Mining Time Series.

Multiple Criteria for Evaluating Land Cover Classification Algorithms Summary of a paper by R.S. DeFries and Jonathan Cheung-Wai Chan April, 2000 Remote.

Transportation mode detection using mobile phones and GIS information Leon Stenneth, Ouri Wolfson, Philip Yu, Bo Xu 1University of Illinois, Chicago.

The Science of Digital Media Microsoft Surface 7May Metropolia University of Applied Sciences Display Technologies Seminar.

Keystroke Biometric Studies Security Research at Pace Keystroke Biometric Drs. Charles Tappert and Allen Stix Seidenberg School of CSIS.

Automatic Detection of Excessive Glycemic Variability for Diabetes Management Matthew Wiley, Razvan Bunescu, Cindy Marling, Jay Shubrook and Frank Schwartz.

Support Vector Machines

Design Problems  Limited Market  Too Many Other Devices  No Standard Design Among Devices.

A Survey of Mobile Phone Sensing Michael Ruffing CS 495.

A.C. Chen ADL M Zubair Rafique Muhammad Khurram Khan Khaled Alghathbar Muddassar Farooq The 8th FTRA International Conference on Secure and.

Ambulation : a tool for monitoring mobility over time using mobile phones Computational Science and Engineering, CSE '09. International Conference.

Masquerade Detection Mark Stamp 1Masquerade Detection.

Slide Image Retrieval: A Preliminary Study Guo Min Liew and Min-Yen Kan National University of Singapore Web IR / NLP Group (WING)

Secure Localization Algorithms for Wireless Sensor Networks proposed by A. Boukerche, H. Oliveira, E. Nakamura, and A. Loureiro (2008) Maria Berenice Carrasco.

Automatically Identifying Localizable Queries Center for E-Business Technology Seoul National University Seoul, Korea Nam, Kwang-hyun Intelligent Database.

TEMPLATE DESIGN © Detecting User Activities Using the Accelerometer on Android Smartphones Sauvik Das, Supervisor: Adrian.

Template attacks Suresh Chari, Josyula R. Rao, Pankaj Rohatgi IBM Research.

TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion Liang Cai and Hao Chen UC Davis.

ADVANCED CLASSIFICATION TECHNIQUES David Kauchak CS 159 – Fall 2014.

Human Gesture Recognition Using Kinect Camera Presented by Carolina Vettorazzo and Diego Santo Orasa Patsadu, Chakarida Nukoolkit and Bunthit Watanapa.

TapPrints: Your Finger Taps Have Fingerprints Emiliano Miluzzo*, Alex Varshavsky*, Suhrid Balakrishnan*, Romit R. Choudhury + * at&t Labs – Research, USA.

Experimental Results ■ Observations:  Overall detection accuracy increases as the length of observation window increases.  An observation window of 100.

THE HUMAN BODY AS TOUCH SCREEN

Providing User Context for Mobile and Social Networking Applications A. C. Santos et al., Pervasive and Mobile Computing, vol. 6, no. 1, pp , 2010.

Sensors in android. App being more applicable Keeping track of your heart beat while jogging. Pointing the phone camera towards the night sky to know.

I can be You: Questioning the use of Keystroke Dynamics as Biometrics Tey Chee Meng, Payas Gupta, Debin Gao Ke Chen.

Identifying “Best Bet” Web Search Results by Mining Past User Behavior Author: Eugene Agichtein, Zijian Zheng (Microsoft Research) Source: KDD2006 Reporter:

Topic 2 Input devices. Topic 2 Input devices Are used to get raw data into the computer so that it can be processed Include common input devices such.

 Using Touchloggers To Build User Profiles Through Machine Learning Craig Dezangle.

CHAPTER 8 Sensors and Camera. Chapter objectives: Understand Motion Sensors, Environmental Sensors and Positional Sensors Learn how to acquire measurement.

Experience Report: System Log Analysis for Anomaly Detection

When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals Warren Yeu When CSI Meets Public Wifi.

When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals Adekemi Adedokun May 2, 2017.

My Smartphone knows what you print exploring smartphone-based side-channel attacks against 3d Printers Chen Song, feng lin, zongjie ba, kui ren, chi zhou,

Harini Kolamunna Yining Hu Diego Perino Kanchana Thilakarathna

My Tiny Ping-Pong Helper

Honeypot in Mobile Network Security

MIRA, SVM, k-NN Lirong Xia. MIRA, SVM, k-NN Lirong Xia.

Bag-of-Visual-Words Based Feature Extraction

Transport mode detection in the city of Lyon using mobile phone sensors Jorge Chong Internship for MLDM M1 Jean Monnet University

Perceptrons Lirong Xia.

Reading: Pedro Domingos: A Few Useful Things to Know about Machine Learning source: /cacm12.pdf reading.

Long-range capacitive sensors for indoor person location

Vijay Srinivasan Thomas Phan

A Framework for Automatic Resource and Accuracy Management in A Cloud Environment Smita Vijayakumar.

Inside Job: Applying Traffic Analysis to Measure Tor from Within

Transportation Mode Recognition using Smartphone Sensor Data

Predicting Miscellaneous Electrical Loads (MELs) in Commercial Buildings: A Time Series Analysis Presented by: Behzad Esmaeili, Ph.D. April 26th, 2018.

Students: Meiling He Advisor: Prof. Brain Armstrong

Chao Xu, Parth H. Pathak, et al. HotMobile’15

Efficient Image Classification on Vertically Decomposed Data

A New Phishing Detection Approach

Computer Literacy Chapter 2.

DAISY Friend or Foe? Your Wearable Devices Reveal Your Personal PIN

Nisha Vinayaga-Sureshkanth† Anindya Maiti†‡ Murtuza Jadliwala†

Anindya Maiti, Murtuza Jadliwala, Jibo He Igor Bilogrevic

Project Schematics Circuit Working Principle and Equations

AsiaCCS 2016 Smartwatch-Based Keystroke Inference Attacks and Context-Aware Protection Mechanisms Anindya Maiti, Oscar Armbruster, Murtuza Jadliwala, Jibo.

Keystroke Recognition using Wi-Fi Signals

Tareq Khan, Ph.D. Assistant Professor,

Machine Learning with Clinical Data

David Berend, Dr. Shivam Bhasin, Dr. Bernhard Jungk

MIRA, SVM, k-NN Lirong Xia. MIRA, SVM, k-NN Lirong Xia.

Raveen Wijewickrama Anindya Maiti Murtuza Jadliwala

Perceptrons Lirong Xia.

ML Approach to Approximating Ambient Light Exposure

Mole: Motion Leaks through Smartwatch Sensors

Presentation transcript:

WearSys 2018 Keystroke Inference Using Ambient Light Sensor on Wrist-Wearables: A Feasibility Study Mohd Sabra, Anindya Maiti Murtuza Jadliwala Wichita State University, Wichita, KS, USA University of Texas San Antonio, San Antonio, TX, USA Hello everyone, I am very excited to be able to present TITLE at WearSys 2018. I am Mohd Sabra just graduated as an undergraduate at Wichita State Univeristy and will be a Phd student next fall at UTSA. N Sunday 10th June, 2018. Munich, Germany

Premise Inferred Keystrokes Environmental ambient lights Ambient Light Sensor on watch Typing sensitive data Smartwatches are recently becoming a popular trend, infact according to Consumer Technology Association, the sales of smartwatchs have been doubling every year snice. 4 years. currently selling 141 million units. The reason why some many people use smartwatches is due how versitial and useful a smart watch is. For example Some of the many usasages a smartwatch provides are fitness monitoring, health monitoring, and personal assistance . These smartwatches have sensors inside of them to improve the user expernice. One of the sensor is an ambient light sensor. The main role of the ambient light sensor is to detect if it is day or night , to increase/decrease screen brightness and some apps implement features such as night reading. In our paper we had a question we wanted to answer. “Can an adversary uses this sensor in an unorxdiaxte way to infer the keystrokes?”. If an adversary was able to control and place envirmoental lights , could the adversary infer the keystrokes while a user is typing with the smartwatch – on lets say ATM keypad? Smartwatch people wear everywhere Have an ambient light sensor for day and light, battery saving mode In the wrong enovirment could be used to infer the data Inferred Keystrokes

Related Work: Keystroke Inference Attacks Acoustic Emanations Asonov Et Al. [1] & Berger Et Al. [3] Surface Vibration Emanations Barisani Et Al. [2] & Marquardt Et Al. [14] Motion Emanations Wang Et Al. [20] & Liu Et Al. [10] Using sound to detect different keystroke in keyboard Using keyboard vibration that is caught by the phone to detect keystrokes Using motion sensors to detect motions of hand

Related Work: Ambient Light Sensor as a Side-Channel Spreitzer et al. [18]: Smartphone ambient light sensor to detect smartphone keystroke. Holmes et al. [7]: Light emanation from computer screen to determine screen distance from smartwatch. Using smartphone Sensor to get smartphone keystroke study of light to get distance from screen to smartwatch

Our Contributions Use of external light sources around the ATM. Optimization using timing analysis. Complete attack framework for inferring ATM PIN codes.

Attack Summary 1) Have the target user Install a malicious app on the smartwatch. 2) Set up a special light environment around the target (desired ATM). 3) Train a supervised learning-based classifier to infer keystrokes from ambient light data. 4) Collect ambient light data from the target user by means of the malicious app and employ the classifier to infer keystrokes.

Attack Summary 1) Have the target user Install a malicious app on the smartwatch. 2) Set up a special light environment around the target (desired ATM). 3) Train a supervised learning-based classifier to infer keystrokes from ambient light data. 4) Collect ambient light data from the target user by means of the malicious app and employ the classifier to infer keystrokes.

Malicious App Objective: Collect light intensity (lux) values and timestamp data from smartwatch and covertly transport it to the adversary. Ways to get the app on the target: Direct Access Social Engineering Trojan application masqueraded as a legitimate application It all starts with having a malicious app in the target smartwatch. Once the app is there, Ambient light sensor is a zero-permission sensor!

Attack Summary 1) Have the target user Install a malicious app on the smartwatch. 2) Set up a special light environment around the target (desired ATM). 3) Train a supervised learning-based classifier to infer keystrokes from ambient light data. 4) Collect ambient light data from the target user by means of the malicious app and employ the classifier to infer keystrokes.

Background about Light Lux value: The amount of lumen per square meter. Distance : The further the light source from the ambient light, the lower lux read. Angle : The more perpendicular the sensor angle is to the light source, the higher lux value would be detected. Orientation : Light sources should be in an asymmetric fashion to ideally create unique lux values for different keys.

Light Settings:1 vs 2 light sources 1 dimensional : Hard to distinguish between change of sensor location or angle. Blind Spots : Not all angles covered 2 dimensional : Easier to distinguish between change of sensor location or angle. Blind Spots : Not all angles covered The lux reading is 1 dimenisal, for example it can be 100 lux or 200 lux. But it also depends on the distance. Because you only have 1 light source, it is hard to detect between a change of angle or change of distance. Also the light source will not cover all 180 degree reotation the user would do , thus the light source have blind spots, spots the sensor would not detect the setup enivorment 1 1 2

Light Settings:3+ light sources Blind Spots : No more blind spots. 3 Light Sources: 2 1 3 There is insignificant change (sometimes negatively) and more complex to model. 4+ Light Sources:

Attack Summary 1) Have the target user Install a malicious trojan app on the smartwatch. 2) Set up a special light environment around the target (desired ATM). 3) Train a supervised learning-based classifier to infer keystrokes from ambient light data. 4) Collect ambient light data from the target user by means of the malicious app and employ the classifier to infer keystrokes.

Training Machine Learning Classifiers Train classifier Data Collection Feature Extraction Lux before/after keystroke, average/median/min/max lux Training Machine Learning Classifiers SVM, Random Forest, K-NN, Decision Tree, Naïve Bayes

Attack Summary 1) Have the target user Install a malicious app on the smartwatch. 2) Set up a special light environment around the target (desired ATM). 3) Train a supervised learning-based classifier to infer keystrokes from ambient light data. 4) Collect ambient light data from the target user by means of the malicious app and employ the classifier to infer keystrokes. VVVV

Experimental setup Training data: Adversary collected 1200 random ATM digits keystroke Environment : Training and testing environment are the same Participants : 14 Smartwatch: Sony Smartwatch 3 ATM Keypad: Wincor Nixdorf EPPv5 (Digit replica using tablet) Test data: 40 random 4-digit PIN codes

Result Trends: Sequential Duplicate Digits:

Results for Sequential Duplicate Digits (1-1) (0-0) (3-3) (4-4) etc. No lux change (with right environment) 100% detection accuracy 27.1% of all 4-digit PIN have at least 1 sequential duplicate A single duplicate digit PIN such as 1-1-1-1 reduces search space to 10

Result Trends: Sequential Duplicate Digits Speed is ~constant during typing

Constant Speed Distance between buttons are never changing. Distance = Time * Speed Proportional Distance = ~ Proportional Time The target will always end at a “Enter” button. Backtracking can be used to reduce search space.

Time Analysis Get Euclidean distance between buttons Create table dividing every unique distance pairs Integrate test distance pairs Get time between consecutive keystrokes Divide every unique time pair Starting from Enter button, backtrack PIN Get possible distance pairs

Attack Summary Trained Classifiers Typing Sequential Duplicates Detection Timing Analysis Feature Extraction Module Apply Classification Techniques Mark and Remove Duplicates Raw lux values and Timestamps Reduce Search Space

1 Keystroke vs. 4-Digit PIN 1 Keystroke max accuracy = 65% 0.65^4 = 17.8% accuracy (best case) 4-digit PIN with reduced search space: 62% accuracy (significant improvement)

Limitations Smartwatch angle Interruption during typing Low ambient light sensor precision Coarse grained give lux in steps of 4.

Conclusion With suitable light environment, up to 65% accuracy in inferring individual keystrokes. After reducing search space using timing analysis, up to 62% accuracy in inferring 4-digit ATM PIN codes. Unregulated ambient light sensor on smartwatches can be exploited as an effective side-channel attack vector.