Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anindya Maiti, Murtuza Jadliwala, Jibo He Igor Bilogrevic

Published byCaren Arnold Modified over 5 years ago

Similar presentations

Presentation on theme: "Anindya Maiti, Murtuza Jadliwala, Jibo He Igor Bilogrevic"— Presentation transcript:

1 Anindya Maiti, Murtuza Jadliwala, Jibo He Igor Bilogrevic
(Smart)Watch Your Taps: Side-Channel Keystroke Inference Attacks using Smartwatches Anindya Maiti, Murtuza Jadliwala, Jibo He Igor Bilogrevic December 27, 2018

2 Problem Statement Is it Possible to Infer What is Being Typed on the Phone Based on Wrist Movements Observable by the Smartwatch? December 27, 2018

3 Motivations Side-Channel Attacks
We can’t turn off access to accelerometer and gyroscope sensors. All applications have access to these two critical sensors by default. Permissions allows control of access to data directly sensed by the sensors, but not to information that can be indirectly inferred from the sensors! sca Side-Channel Attacks December 27, 2018

4 The Idea Smartphone Smartwatch
Capture motion by sampling the accelerometer (collect linear accelerometer samples). December 27, 2018

5 Further Investigation
1 9 Averages of 30 keystrokes each More activity on Y and Z axis, than X axis. Tap on each number on the keypad produces a characteristically unique motion on the wrist! We used this observation in our attack. December 27, 2018

6 Attack Setup An attacker installs a malicious application on the victim’s smartwatch through social engineering (e.g. Trojan horse, pretexting, baiting, phishing, etc.) or by gaining physical access to the smartwatch. Installed malicious application is used to remotely gather motion activity from the sensors of the victim’s smartwatch. Actual attack is executed “offline”. Attacker packages the malicious application as a useful application, such as lets say a fitness tracker application. Also keep in mind that operation system makers of the watch can become potential attackers. December 27, 2018

7 The Attack Detect keystrokes. Extract Features.
Train classification models using appropriate supervised- learning algorithms and labeled training data. Simple Linear Regression (SLR) Random Forests (RF) k-Nearest Neighbor (k-NN) Use the trained classification models to infer the target’s key taps. December 27, 2018

8 Experiments 1/2 12 participants aged between 19-32 years age.
A total of 300 keystrokes (30 per numeric key) per participant were collected. 67% used for training, 33% for testing. For comparison with similar previous works using smartphone motion sensors [1][2], we carried out attack using linear accelerometer data from both the smartwatch and smartphone. Owusu, Emmanuel, et al. "Accessory: Password Inference Using Accelerometers on Smartphones." Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications. ACM, 2012. Miluzzo, Emiliano, et al. "TapPrints: Your Finger Taps Have Fingerprints." Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services. ACM, 2012. December 27, 2018

9 Experiments 2/2 Samsung Gear Live smartwatch
Motorola XT1028 smartphone Linear accelerometer of both the watch and phone sampled at 50 Hz. December 27, 2018

10 Evaluation One vs. One: Training and test data from same participant.
B One vs. One: Training and test data from same participant. One vs. Rest: Test data from one participant, training data from remaining 11 participants. All vs. All: Training and test data combined from all 12 participant. December 27, 2018

11 However, in typing scenario B attack on both devices were comparable.
Results In non holding hand typing smartwatch performed better than smartphone. However, in holding hand typing both were comparable. A B Also, classification accuracy drops with reduction in sampling frequency. In typing scenario A, attack on smartwatch performed better than smartphone. However, in typing scenario B attack on both devices were comparable. December 27, 2018

12 Conclusion Experimental results validate that smartwatch motion sensors can be employed as effective side-channels to infer private information, such as numeric key taps. The threat of wrist motion based keystroke inference can be amplified due to smartwatches. December 27, 2018

13 Future Work We further analyze the effect of combining motion data from both smartwatch and smartphone. We are designing an attack framework for another popular typing scenario, where keystrokes events can’t be detected based on motion spikes. Thank You! Questions? December 27, 2018

Download ppt "Anindya Maiti, Murtuza Jadliwala, Jibo He Igor Bilogrevic"

Similar presentations

Presented by: Tom Staley. About Paper by Emiliano Miluzzo Alexander Varshavsky Suhrid Balakrishnan Romit Roy Choudhury Originally presented at MobiSys2012,

Presented by: Tom Staley. About Paper by Emiliano Miluzzo Alexander Varshavsky Suhrid Balakrishnan Romit Roy Choudhury Originally presented at MobiSys2012,
Fabio Massimo Zanzotto and Danilo Croce University of Rome “Tor Vergata” Roma, Italy Reading what Machines ‘Think’

Fabio Massimo Zanzotto and Danilo Croce University of Rome “Tor Vergata” Roma, Italy Reading what Machines ‘Think’
Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks Qi Alfred Chen, Zhiyun Qian†, Z. Morley Mao University of.

Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks Qi Alfred Chen, Zhiyun Qian†, Z. Morley Mao University of.
Single-stroke Language-Agnostic Keylogging using Stereo-Microphones and Domain Specific Machine Learning Sashank Narain Amirali Sanatinia Guevara.

Single-stroke Language-Agnostic Keylogging using Stereo-Microphones and Domain Specific Machine Learning Sashank Narain Amirali Sanatinia Guevara.
Accelerometer-based Transportation Mode Detection on Smartphones

Accelerometer-based Transportation Mode Detection on Smartphones
1 Application of Metamorphic Testing to Supervised Classifiers Xiaoyuan Xie, Tsong Yueh Chen Swinburne University of Technology Christian Murphy, Gail.

1 Application of Metamorphic Testing to Supervised Classifiers Xiaoyuan Xie, Tsong Yueh Chen Swinburne University of Technology Christian Murphy, Gail.
TRADING OFF PREDICTION ACCURACY AND POWER CONSUMPTION FOR CONTEXT- AWARE WEARABLE COMPUTING Presented By: Jeff Khoshgozaran.

TRADING OFF PREDICTION ACCURACY AND POWER CONSUMPTION FOR CONTEXT- AWARE WEARABLE COMPUTING Presented By: Jeff Khoshgozaran.
Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.

Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Ambulation : a tool for monitoring mobility over time using mobile phones Computational Science and Engineering, 2009. CSE '09. International Conference.

Ambulation : a tool for monitoring mobility over time using mobile phones Computational Science and Engineering, CSE '09. International Conference.
TEMPLATE DESIGN © 2008 www.PosterPresentations.com Detecting User Activities Using the Accelerometer on Android Smartphones Sauvik Das, Supervisor: Adrian.

TEMPLATE DESIGN © Detecting User Activities Using the Accelerometer on Android Smartphones Sauvik Das, Supervisor: Adrian.
TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion Liang Cai and Hao Chen UC Davis.

TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion Liang Cai and Hao Chen UC Davis.
Keystroke Recognition using WiFi Signals

Keystroke Recognition using WiFi Signals
TapPrints: Your Finger Taps Have Fingerprints Emiliano Miluzzo*, Alex Varshavsky*, Suhrid Balakrishnan*, Romit R. Choudhury + * at&t Labs – Research, USA.

TapPrints: Your Finger Taps Have Fingerprints Emiliano Miluzzo*, Alex Varshavsky*, Suhrid Balakrishnan*, Romit R. Choudhury + * at&t Labs – Research, USA.
Department of Computer and Electrical Engineering A Study of Time-based Features and Regularity of Manipulation to Improve the Detection of Eating Activity.

Department of Computer and Electrical Engineering A Study of Time-based Features and Regularity of Manipulation to Improve the Detection of Eating Activity.
Spam Email Detection Ethan Grefe December 13, 2013.

Spam Detection Ethan Grefe December 13, 2013.
I can be You: Questioning the use of Keystroke Dynamics as Biometrics —Paper by Tey Chee Meng, Payas Gupta, Debin Gao Presented by: Kai Li Department of.

I can be You: Questioning the use of Keystroke Dynamics as Biometrics —Paper by Tey Chee Meng, Payas Gupta, Debin Gao Presented by: Kai Li Department of.
Network Community Behavior to Infer Human Activities.

Network Community Behavior to Infer Human Activities.
Counting How Many Words You Read

Counting How Many Words You Read
Automated Fingertip Detection

Automated Fingertip Detection

Similar presentations

Ads by Google