Presentation is loading. Please wait.

Presentation is loading. Please wait.

Compromising Electromagnetic Emanations of Wired and Wireless Keyboards Presented By: Justin Rilling Written By: Martin Vuagnoux and Sylvain Pasini.

Published byMadison Ashlee Hood Modified over 9 years ago

Similar presentations

Presentation on theme: "Compromising Electromagnetic Emanations of Wired and Wireless Keyboards Presented By: Justin Rilling Written By: Martin Vuagnoux and Sylvain Pasini."— Presentation transcript:

1 Compromising Electromagnetic Emanations of Wired and Wireless Keyboards Presented By: Justin Rilling Written By: Martin Vuagnoux and Sylvain Pasini

2 Outline - Introduction - Paper Contributions - Experimental Setup - Description of Attacks - Results - Countermeasures - Comments - Questions

3 Introduction - This paper evaluates four types of keyboards (PS/2, USB, laptop, and wireless) - Defines four types of attacks. All the keyboards tested where vulnerable to at least one type of attack (One attack recovered 95% of keystrokes 20m from the keyboard through walls) - Tests electromagnetic vulnerability in different environmental scenarios (Low noise, office, adjacent office, and building)

4 Contribution - Determined the practical feasibility of eavesdropping on keystrokes - Used the “Full Spectrum Acquisition Method” to detect electromagnetic radiation that may be missed by traditional methods

5 Experimental Setup

6 Falling Edge Transition Technique (FETT) 000 1 00 1 00 1 1 Start Bit Scan Code 0x24 = ‘E’ Odd Parity Bit Stop Bit

7 Falling Edge Transition Technique (FETT) - Were able to detect the falling edges of the PS/2 data line - On average, can reduce the keystroke to 2.42 possible keys

8 The Generalized Transition Technique (GTT) - A band-pass (105-165MHz) filter is used to improve the SNR which allows the authors to extract the rising and falling edges of the data line Threshold Line 0 0 0 1 0 0 1 0 0 1 1

9 The Modulation Technique (MT) - They were also able to find frequency and amplitude modulated harmonics at 124MHz that correspond to the data and clock signals - This attack is able to fully recover all keystrokes - These types of electromagnetic waves are interesting because they carry further than those discussed in the previous two attacks

10 The Matrix Scan Technique (MST) Driver Detector … … … w s x e d c q a z

11 The Matrix Scan Technique (MST) - This attack worked on almost every keyboard - On average, could reduce the keystroke to 5.14 possible keys

12 Accuracy GTT - Able to recover all keystrokes correctly MT - Able to recover all keystrokes correctly FETT - Can reduce the keystroke to 2.42 possible keys on average MST - Can reduce the keystroke to 5.14 possible keys on average

13 Effectiveness on Various Types of Keyboards

14 Range of Attack Low Noise ScenarioOffice Scenario

15 Countermeasures - Shield keyboard, cable, motherboard and room - Encrypt bi-directional (PS/2) serial cable - Obfuscate scan matrix loop routine

16 Comments - Very thorough testing - Could improve the explanation of the building test scenario - Would have been interesting if they tested the outlined countermeasures

17 Questions ???

Download ppt "Compromising Electromagnetic Emanations of Wired and Wireless Keyboards Presented By: Justin Rilling Written By: Martin Vuagnoux and Sylvain Pasini."

Similar presentations

ITEC 352 Lecture 34 Communications. Review USB –How did you like the material (1-10) from bad to good –What did you learn? Differences between bus types.

ITEC 352 Lecture 34 Communications. Review USB –How did you like the material (1-10) from bad to good –What did you learn? Differences between bus types.
VSMC MIMO: A Spectral Efficient Scheme for Cooperative Relay in Cognitive Radio Networks 1.

VSMC MIMO: A Spectral Efficient Scheme for Cooperative Relay in Cognitive Radio Networks 1.
GPS Signal Structure Sources: –GPS Satellite Surveying, Leick –Kristine Larson Lecture Notes 4519/asen4519.html.

GPS Signal Structure Sources: –GPS Satellite Surveying, Leick –Kristine Larson Lecture Notes 4519/asen4519.html.
Tempest Emanations Jacklyn Truong University of Tulsa April 16, 2013.

Tempest Emanations Jacklyn Truong University of Tulsa April 16, 2013.
1. INTRODUCTION In order to transmit digital information over * bandpass channels, we have to transfer the information to a carrier wave of.appropriate.

1. INTRODUCTION In order to transmit digital information over * bandpass channels, we have to transfer the information to a carrier wave of.appropriate.
Programmable Interval Timer

Programmable Interval Timer
ECE 6332, Spring, 2014 Wireless Communication Zhu Han Department of Electrical and Computer Engineering Class 13 Mar. 3 rd, 2014.

ECE 6332, Spring, 2014 Wireless Communication Zhu Han Department of Electrical and Computer Engineering Class 13 Mar. 3 rd, 2014.
Direct Attacks on Computational Devices

Direct Attacks on Computational Devices
ANGLE MODULATION AND DEMODULATION

ANGLE MODULATION AND DEMODULATION
EET 2351 Lecture 2 Professor: Dr. Miguel Alonso Jr.

EET 2351 Lecture 2 Professor: Dr. Miguel Alonso Jr.
CHRIS HOVDE, STEVE M. MASSICK and DAVID S. BOMSE

CHRIS HOVDE, STEVE M. MASSICK and DAVID S. BOMSE
Storey: Electrical & Electronic Systems © Pearson Education Limited 2004 OHT 5.1 Signals and Data Transmission  Introduction  Analogue Signals  Digital.

Storey: Electrical & Electronic Systems © Pearson Education Limited 2004 OHT 5.1 Signals and Data Transmission  Introduction  Analogue Signals  Digital.
© 2013 Atmel 1 SAM D21 Peripheral Touch Controller Noise Immunity.

© 2013 Atmel 1 SAM D21 Peripheral Touch Controller Noise Immunity.
1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06.

1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06.
2-14-2002 Page 1 Return Path Testing Seminar Presented by Sunrise Telecom Broadband … a step ahead.

Page 1 Return Path Testing Seminar Presented by Sunrise Telecom Broadband … a step ahead.
EE 316 Computer Engineering Junior Lab Word Mastermind.

EE 316 Computer Engineering Junior Lab Word Mastermind.
EE 316 Computer Engineering Junior Lab PS/2 Keyboard.

EE 316 Computer Engineering Junior Lab PS/2 Keyboard.
1 COMP541 Keyboard Interface Montek Singh April 9, 2007.

1 COMP541 Keyboard Interface Montek Singh April 9, 2007.
Performance Analysis of linear error correcting codes Group Members Shantharam Iyer Nitish Sinha Anjana Rao Premkumar Iyangar.

Performance Analysis of linear error correcting codes Group Members Shantharam Iyer Nitish Sinha Anjana Rao Premkumar Iyangar.
CMPE 150- Introduction to Computer Networks 1 CMPE 150 Fall 2005 Lecture 7 Introduction to Networks and the Internet.

CMPE 150- Introduction to Computer Networks 1 CMPE 150 Fall 2005 Lecture 7 Introduction to Networks and the Internet.

Similar presentations

Ads by Google