Presentation is loading. Please wait.

Presentation is loading. Please wait.

When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals Adekemi Adedokun May 2, 2017.

Published byEthelbert Foster Modified over 7 years ago

Similar presentations

Presentation on theme: "When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals Adekemi Adedokun May 2, 2017."— Presentation transcript:

1 When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals
Adekemi Adedokun May 2, 2017

2 Introduction Smartphones have become means of performing personal transaction Banking, social, health, automation and control and other personal transactions A lot of personal information are generated Increased the attack surface Open wireless communication Eavesdropping Vulnerable to unintended access

3 Eavesdropping Intercepting communications between two parties who are unaware that the attacker is present.  Example: Keylogging (keyboard eavesdropping) Keystroke inferencing Direct eavesdropping Directly observing the input on target device from screen and keyboard Indirect eavesdropping (side-channel attacks) Use of channel attacks to infer inputs on target’s device Acoustic signal, WiFi signal, EM signal, or through status of motion sensor External signal collector device or compromising the targeted device

4 WiFi-based Keystroke Inference Models
WiFi devices continuously monitor the variations of the communication channel to obtain Channel State Information (CSI) Out-of-band keystroke inference (OKI) model In-band keystroke inference (IKI) model Tx Rx Keystrokes are inferred from multipath distortions in the signals COTS WiFi device Target device COTS WiFi device (Attacker) Rx CSI-based key inference method is launched to recognise sensitive inputs Tx Tx COTS WiFi device (Attacker) Target device

5 Why CSI-based inference method?
CSI reflects interference (changes) of several multipath signal This is because of multiple antennas on commodity Wi-Fi devices There is an intuition that touching gestures generate a unique pattern in the time-series of CSI value while typing a certain key This unique patterns is referred to as CSI waveform CSI waveform can be used to determine when the sensitive input starts Touching gestures Oblique touch (When different keys are pressed) Vertical touch (continuously pressing same key)

6 WindTalker Framework Created a fake hot spot
Victim device connects to this hotspot The attacker eavesdrop the WiFi traffic to identify sensitive windows The CSI is selectively analysed in order to obtain keystroke information

7 Framework Modules Sensitive Window Recognition Module
Wireshark is used to capture all packets information Metadata of the traffic is used to recognise sensitive input window It builds on sensitive IP pool for interested applications or services ICMP Based CSI Acquirement module Acquiring CSI by enforcing ICMP Reply Uses ICMP to collect CSI It sends high frequency ICMP echo to the victim’s smartphone The smartphone replies at the same frequency Packets are sent at 800 packets per seconds Reducing Noise This is noise is caused by the interference of finger and body movement A unidirectional is used to decrease the effect of the interference

8 Framework Modules Data processing module Keystroke inference module
Low pass filtering This is used to reduce high frequency noise Butterworth low-pass filter Dimension reduction Principal Component Analysis (PCA) is used to reduce the dimension of the data It identifies the strongest representation components influenced by the victim’s hand and body movement It removes uncorrelated noisy components Keystroke inference module Keystroke extraction using burst detection algorithm to determine the start and end time Keystroke recognition Dynamic Time wrapping (DTW) Keystroke classification using Discrete Wavelet Transform (DWT) Classifier training – recognize keystroke based on their keystroke waveform shapes DTW is a method that calculates an optimal match between two given sequences (e.g. time series) with certain restrictions Calculates the distance between two time series of keystroke waveforms with different length. It compares waveform of different keystrokes DWT is used for signal processing and it captures both frequency and location information (location in time). It compress the length of the waveform by extracting approximate sequence

9 Result Ten users enters 10 randomly generated 6-digit passwords using 3 loops as training data set A loop sample refers CSI waveform for key number from 0- 9 The higher the number of keys the inference rate A total of 200 sets of password which includes 1200keys. 852 were recovered Password inference Result Phone 1-digit 2-digit 3-digit SamSung 63% 83% 89% XiaoMi 79% 88% 95% Recovery rate

10 Summary The aim is to measure the impact of hand and finger’s movement on WiFi signals leveraging correlation of CSI and the hand motion to recognize PIN. WindTalker uses In-band keystroke inference (IKI) model for obtaining CSI It is assumed that an attacker can only control a WiFi access point. They infer the PIN input on smartphones and also analyse network based on the CSI to determine when the sensitive input starts. This is done by removing high frequency noises, and Use of Principal Component Analysis (PCA) to reduce the dimension of the data Dependency on particular hardware cards.

11 Issues The framework is impracticable in reality
victim’s phone needs to be in a stable environment it works with only fixed /controlled gestures Requires very close distance to the victim It requires user-specific training Retrain dataset for the same victim with different distance Dependency on particular hardware cards

12 Possible improvements
Improving CSI collection Using powerful antennae and WiFi device

13 Thank you for your time and attention!

Download ppt "When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals Adekemi Adedokun May 2, 2017."

Similar presentations

We Can Hear You with Wi-Fi !

We Can Hear You with Wi-Fi !
Data Communication lecture10

Data Communication lecture10
Whole-Home Gesture Recognition Using Wireless Signals —— MobiCom’13 Author: Qifan Pu et al. University of Washington Presenter: Yanyuan Qin & Zhitong Fei.

Whole-Home Gesture Recognition Using Wireless Signals —— MobiCom’13 Author: Qifan Pu et al. University of Washington Presenter: Yanyuan Qin & Zhitong Fei.
Chapter 5 p. 6 WWW.PALINFONET.COM. What Is Input? What is input? p. 230 and 232 Fig. 5-1 Next  Input device is any hardware component used to enter data.

Chapter 5 p. 6 What Is Input? What is input? p. 230 and 232 Fig. 5-1 Next  Input device is any hardware component used to enter data.
Introduction The aim the project is to analyse non real time EEG (Electroencephalogram) signal using different mathematical models in Matlab to predict.

Introduction The aim the project is to analyse non real time EEG (Electroencephalogram) signal using different mathematical models in Matlab to predict.
Applications of Wavelet Transform and Artificial Neural Network in Digital Signal Detection for Indoor Optical Wireless Communication Sujan Rajbhandari.

Applications of Wavelet Transform and Artificial Neural Network in Digital Signal Detection for Indoor Optical Wireless Communication Sujan Rajbhandari.
Multi-Scale Analysis for Network Traffic Prediction and Anomaly Detection Ling Huang Joint work with Anthony Joseph and Nina Taft January, 2005.

Multi-Scale Analysis for Network Traffic Prediction and Anomaly Detection Ling Huang Joint work with Anthony Joseph and Nina Taft January, 2005.
1 Security problems of your keyboard –Authentication based on key strokes –Compromising emanations consist of electrical, mechanical, or acoustical –Supply.

1 Security problems of your keyboard –Authentication based on key strokes –Compromising emanations consist of electrical, mechanical, or acoustical –Supply.
A PRESENTATION BY SHAMALEE DESHPANDE

A PRESENTATION BY SHAMALEE DESHPANDE
Physical-layer Identification of RFID Devices Authors: Boris Danev, Thomas S. Heyde-Benjamin, and Srdjan Capkun Presented by Zhitao Yang 1.

Physical-layer Identification of RFID Devices Authors: Boris Danev, Thomas S. Heyde-Benjamin, and Srdjan Capkun Presented by Zhitao Yang 1.
Progress Presentation Final Year Project Air-Mouse for Windows/Linux PC Colin Grogan 06656404.

Progress Presentation Final Year Project Air-Mouse for Windows/Linux PC Colin Grogan
   Input Devices Main Memory Backing Storage PROCESSOR

   Input Devices Main Memory Backing Storage PROCESSOR
Signal Propagation Propagation: How the Signal are spreading from the receiver to sender. Transmitted to the Receiver in the spherical shape. sender When.

Signal Propagation Propagation: How the Signal are spreading from the receiver to sender. Transmitted to the Receiver in the spherical shape. sender When.
TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion Liang Cai and Hao Chen UC Davis.

TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion Liang Cai and Hao Chen UC Davis.
Keystroke Recognition using WiFi Signals

Keystroke Recognition using WiFi Signals
Experimental Results ■ Observations:  Overall detection accuracy increases as the length of observation window increases.  An observation window of 100.

Experimental Results ■ Observations:  Overall detection accuracy increases as the length of observation window increases.  An observation window of 100.
LOCATION TRACKING USING MOBILE DEVICE POWER ANALYSIS

LOCATION TRACKING USING MOBILE DEVICE POWER ANALYSIS
Secure Unlocking of Mobile Touch Screen Devices by Simple Gestures – You can see it but you can not do it Muhammad Shahzad, Alex X. Liu Michigan State.

Secure Unlocking of Mobile Touch Screen Devices by Simple Gestures – You can see it but you can not do it Muhammad Shahzad, Alex X. Liu Michigan State.
Team Members Ming-Chun Chang Lungisa Matshoba Steven Preston Supervisors Dr James Gain Dr Patrick Marais.

Team Members Ming-Chun Chang Lungisa Matshoba Steven Preston Supervisors Dr James Gain Dr Patrick Marais.
INTRODUCTION TO BIOMATRICS ACCESS CONTROL SYSTEM Prepared by: Jagruti Shrimali Guided by : Prof. Chirag Patel.

INTRODUCTION TO BIOMATRICS ACCESS CONTROL SYSTEM Prepared by: Jagruti Shrimali Guided by : Prof. Chirag Patel.

Similar presentations

Ads by Google