Anindya Maiti, Murtuza Jadliwala, Jibo He Igor Bilogrevic

Slides:

Advertisements

Similar presentations

Presented by: Tom Staley. About Paper by Emiliano Miluzzo Alexander Varshavsky Suhrid Balakrishnan Romit Roy Choudhury Originally presented at MobiSys2012,

Advertisements

Fabio Massimo Zanzotto and Danilo Croce University of Rome “Tor Vergata” Roma, Italy Reading what Machines ‘Think’

Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks Qi Alfred Chen, Zhiyun Qian†, Z. Morley Mao University of.

Single-stroke Language-Agnostic Keylogging using Stereo-Microphones and Domain Specific Machine Learning Sashank Narain Amirali Sanatinia Guevara.

Accelerometer-based Transportation Mode Detection on Smartphones

1 Application of Metamorphic Testing to Supervised Classifiers Xiaoyuan Xie, Tsong Yueh Chen Swinburne University of Technology Christian Murphy, Gail.

TRADING OFF PREDICTION ACCURACY AND POWER CONSUMPTION FOR CONTEXT- AWARE WEARABLE COMPUTING Presented By: Jeff Khoshgozaran.

Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Ambulation : a tool for monitoring mobility over time using mobile phones Computational Science and Engineering, CSE '09. International Conference.

TEMPLATE DESIGN © Detecting User Activities Using the Accelerometer on Android Smartphones Sauvik Das, Supervisor: Adrian.

TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion Liang Cai and Hao Chen UC Davis.

Keystroke Recognition using WiFi Signals

TapPrints: Your Finger Taps Have Fingerprints Emiliano Miluzzo*, Alex Varshavsky*, Suhrid Balakrishnan*, Romit R. Choudhury + * at&t Labs – Research, USA.

Department of Computer and Electrical Engineering A Study of Time-based Features and Regularity of Manipulation to Improve the Detection of Eating Activity.

Spam Detection Ethan Grefe December 13, 2013.

I can be You: Questioning the use of Keystroke Dynamics as Biometrics —Paper by Tey Chee Meng, Payas Gupta, Debin Gao Presented by: Kai Li Department of.

Network Community Behavior to Infer Human Activities.

Counting How Many Words You Read

Automated Fingertip Detection

Turning a Mobile Device into a Mouse in the Air

I can be You: Questioning the use of Keystroke Dynamics as Biometrics Tey Chee Meng, Payas Gupta, Debin Gao Ke Chen.

Learning Photographic Global Tonal Adjustment with a Database of Input / Output Image Pairs.

A Framework for Detection and Measurement of Phishing Attacks Reporter: Li, Fong Ruei National Taiwan University of Science and Technology 2/25/2016 Slide.

Tom Lovett and Eamonn O’Neill Department of Computer Science University of Bath Bath BA2 7AY UK +44 (0) Social sensing:

 Using Touchloggers To Build User Profiles Through Machine Learning Craig Dezangle.

Unveiling Zeus Automated Classification of Malware Samples Abedelaziz Mohaisen Omar Alrawi Verisign Inc, VA, USA Verisign Labs, VA, USA

Does one size really fit all? Evaluating classifiers in a Bag-of-Visual-Words classification Christian Hentschel, Harald Sack Hasso Plattner Institute.

PRESENTATION CSE 341 MICROPROCESSOR Presented By Nabid Kaisar

Privacy Vulnerability of Published Anonymous Mobility Traces Chris Y. T. Ma, David K. Y. Yau, Nung Kwan Yip (Purdue University) Nageswara S. V. Rao (Oak.

COMPSCI 720 Security for Smart-devices Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses [1] Harry Jackson hjac660 [1] Das, Anupam,

When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals Warren Yeu When CSI Meets Public Wifi.

When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals Adekemi Adedokun May 2, 2017.

Mobile Activity Recognition

Intelligent Learning Systems Design for Self-Defense Education

Emerging Mobile Threats and Our Defense

Keystroke Biometric Studies with Short Numeric Input on Smartphones

My Tiny Ping-Pong Helper

Using Touchloggers To Build User Profiles Through Machine Learning

Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses

Comparison of Sensor Analysis for Swimming in Different Positions

How to Phone Home with Someone Else’s Phone

When to engage in interaction – and how

Walking Speed Detection from 5G Prototype System

Vijay Srinivasan Thomas Phan

Mobile Sensor-Based Biometrics Using Common Daily Activities

Chao Xu, Parth H. Pathak, et al. HotMobile’15

Keystroke Biometric Studies with Short Numeric Input on Smartphones

Keystroke Biometric Studies with Short Numeric Input on Smartphones

DAISY Friend or Foe? Your Wearable Devices Reveal Your Personal PIN

Nisha Vinayaga-Sureshkanth† Anindya Maiti†‡ Murtuza Jadliwala†

WearSys 2018 Keystroke Inference Using Ambient Light Sensor on Wrist-Wearables: A Feasibility Study Mohd Sabra, Anindya Maiti Murtuza Jadliwala Wichita.

WISDM Activity Recognition & Biometrics Applications of Classification

Indoor Location Estimation Using Multiple Wireless Technologies

Activity Recognition Classification in Action

Android Topics Sensors Accelerometer and the Coordinate System

AsiaCCS 2016 Smartwatch-Based Keystroke Inference Attacks and Context-Aware Protection Mechanisms Anindya Maiti, Oscar Armbruster, Murtuza Jadliwala, Jibo.

Keystroke Recognition using Wi-Fi Signals

Binghui Wang, Le Zhang, Neil Zhenqiang Gong

Xin Qi, Matthew Keally, Gang Zhou, Yantao Li, Zhen Ren

GANG: Detecting Fraudulent Users in OSNs

Figure 2: Tasks and the corresponding features explored in the study.

Quantitative Research

We can track you if you take the metro

David Berend, Dr. Shivam Bhasin, Dr. Bernhard Jungk

Raveen Wijewickrama Anindya Maiti Murtuza Jadliwala

QoI: Assessing Participation in Threat Information Sharing

Mole: Motion Leaks through Smartwatch Sensors

Using Machine Learning to Analyze Serial Killer Patterns

Keystroke Biometric Studies with Short Numeric Input on Smartphones

Presentation transcript:

Anindya Maiti, Murtuza Jadliwala, Jibo He Igor Bilogrevic (Smart)Watch Your Taps: Side-Channel Keystroke Inference Attacks using Smartwatches Anindya Maiti, Murtuza Jadliwala, Jibo He Igor Bilogrevic December 27, 2018

Problem Statement Is it Possible to Infer What is Being Typed on the Phone Based on Wrist Movements Observable by the Smartwatch? December 27, 2018

Motivations Side-Channel Attacks We can’t turn off access to accelerometer and gyroscope sensors. All applications have access to these two critical sensors by default. Permissions allows control of access to data directly sensed by the sensors, but not to information that can be indirectly inferred from the sensors! sca Side-Channel Attacks December 27, 2018

The Idea Smartphone Smartwatch Capture motion by sampling the accelerometer (collect linear accelerometer samples). December 27, 2018

Further Investigation 1 9 Averages of 30 keystrokes each More activity on Y and Z axis, than X axis. Tap on each number on the keypad produces a characteristically unique motion on the wrist! We used this observation in our attack. December 27, 2018

Attack Setup An attacker installs a malicious application on the victim’s smartwatch through social engineering (e.g. Trojan horse, pretexting, baiting, phishing, etc.) or by gaining physical access to the smartwatch. Installed malicious application is used to remotely gather motion activity from the sensors of the victim’s smartwatch. Actual attack is executed “offline”. Attacker packages the malicious application as a useful application, such as lets say a fitness tracker application. Also keep in mind that operation system makers of the watch can become potential attackers. December 27, 2018

The Attack Detect keystrokes. Extract Features. Train classification models using appropriate supervised- learning algorithms and labeled training data. Simple Linear Regression (SLR) Random Forests (RF) k-Nearest Neighbor (k-NN) Use the trained classification models to infer the target’s key taps. December 27, 2018

Experiments 1/2 12 participants aged between 19-32 years age. A total of 300 keystrokes (30 per numeric key) per participant were collected. 67% used for training, 33% for testing. For comparison with similar previous works using smartphone motion sensors [1][2], we carried out attack using linear accelerometer data from both the smartwatch and smartphone. Owusu, Emmanuel, et al. "Accessory: Password Inference Using Accelerometers on Smartphones." Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications. ACM, 2012. Miluzzo, Emiliano, et al. "TapPrints: Your Finger Taps Have Fingerprints." Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services. ACM, 2012. December 27, 2018

Experiments 2/2 Samsung Gear Live smartwatch Motorola XT1028 smartphone Linear accelerometer of both the watch and phone sampled at 50 Hz. December 27, 2018

Evaluation One vs. One: Training and test data from same participant. B One vs. One: Training and test data from same participant. One vs. Rest: Test data from one participant, training data from remaining 11 participants. All vs. All: Training and test data combined from all 12 participant. December 27, 2018

However, in typing scenario B attack on both devices were comparable. Results In non holding hand typing smartwatch performed better than smartphone. However, in holding hand typing both were comparable. A B Also, classification accuracy drops with reduction in sampling frequency. In typing scenario A, attack on smartwatch performed better than smartphone. However, in typing scenario B attack on both devices were comparable. December 27, 2018

Conclusion Experimental results validate that smartwatch motion sensors can be employed as effective side-channels to infer private information, such as numeric key taps. The threat of wrist motion based keystroke inference can be amplified due to smartwatches. December 27, 2018

Future Work We further analyze the effect of combining motion data from both smartwatch and smartphone. We are designing an attack framework for another popular typing scenario, where keystrokes events can’t be detected based on motion spikes. Thank You! Questions? December 27, 2018