Keystrokes Inference Attack on Android: A Comparative Evaluation of Sensors and Their Fusion
DOI:
https://doi.org/10.5614/itbj.ict.res.appl.2013.7.2.2Abstract
Introducing motion sensors into smartphones contributed to a wide range of applications in human-phone interaction, gaming, and many others. However, built-in sensors that detect subtle motion changes (e.g. accelerometers), might also reveal information about taps on touch screens: the main user input mode. Few researchers have already demonstrated the idea of exploiting motion sensors as side-channels into inferring keystrokes. Taken at most as initial explorations, much research is still needed to analyze the practicality of the new threat and examine various aspects of its implementation. One important aspect affecting directly the attack effectiveness is the selection of the right combination of sensors, to supply inference data. Although other aspects also play crucial role (e.g. the features set), we start in this paper by focusing on the comparison of different available sensors, in terms of the inference accuracy. We consider individual sensors shipped on Android phones, and study few options of preprocessing their raw datasets as well as fusing several sensors' readings. Our results indicate an outstanding performance of the gyroscope, and the potential of sensors data fusion. However, it seems that sensors with magnetometer component or the accelerometer alone have less benefit in the context of the adverted attack.Downloads
References
International Jawsware, Interactive Overlay, available at: http://www.jawsware.mobi/code_OverlayView/ (20 November 2013).
Aviv, A.J., Gibson, K., Mossop, E., Blaze, M. & Smith, J.M., Smudge Attacks on Smartphone Touch Screens, in Proceedings of the 4th USENIX Conference on Offensive technologies, USENIX Association Washington, DC, USA, 9 August 2010, pp. 1-7, 2010.
Schlegel, R., Zhang, K., Zhou, X., Intwala, M., Kapadia, A. &Wang, X., Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones, in Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS), Internet Society, San Diego, California, 6-9 February 2011, pp. 17-33, 2011.
Maggi, F., Volpatto, A., Gasparini, S., Boracchi, G. & Zanero, S., A Fast Eavesdropping Attack Against Touchscreens, in Information Assurance and Security (IAS), 2011 7th International Conference on, Mir Labs, Malacca, Malaysia, 5-8 December 2011, pp. 320-325, 2011.
Lane, N.D., Miluzzo, E., Lu, H., Peebles, D., Choudhury, T. & Campbell, A.T., A Survey of Mobile Phone Sensing, Communications Magazine, IEEE, 48, pp. 140-150, 2010.
Cai, L., Machiraju, S. & Chen, H., Defending Against Sensor-Sniffing Attacks on Mobile Phones, in Proceedings of the 1st ACM workshop on Networking, systems, and applications for mobile handhelds, ACM, Barcelona, Spain, 16-21 August 2009, pp. 31-36, 2009.
Motion Sensors, available at: http://developer.android.com/guide/topics/ sensors/sensors_motion.html (20 November 2013).
Cai, L. & Chen, H., TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion, in Proceedings of the 6th USENIX Conference on Hot Topics in Security, pp. 9-9, 2011.
Owusu, E., Han, J., Das, S., Perrig, A. & Zhang, J., Accessory: Password Inference Using Accelerometers on Smartphones, in Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications, ACM, San Diego, CA, USA, 28-29 February 2012, p. 9, 2012.
Xu, Z., Bai, K. & Zhu, S., Taplogger: Inferring User Inputs on Smartphone Touchscreens Using On-Board Motion Sensors, in Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, ACM, Tucson, Arizona, USA, 16-18 April 2012, pp. 113-124, 2012.
Cai, L. & Chen, H., On the Practicality of Motion Based Keystroke Inference Attack, in Trust and Trustworthy Computing, ed: Springer, pp. 273-290, 2012.
Miluzzo, E., Varshavsky, A., Balakrishnan, S. & Choudhury, R.R., Tapprints: Your Finger Taps Have Fingerprints, in Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, ACM, Low Wood Bay, Lake District, United Kingdom, 25-19 June 2012, pp. 323-336, 2012.
Aviv, A.J., Sapp, B., Blaze, M. & Smith, J.M., Practicality of Accelerometer Side Channels on Smartphones, in Proceedings of the 28th Annual Computer Security Applications Conference, ACM, Orlando, FL, USA, 03-07 December 2012, pp. 41-50, 2012.
Al-Haiqi, A., Ismail, M. & Nordin, R., On the Best Sensor for Keystrokes Inference Attack on Android, Procedia Technology, 8, pp. 947-953, 2013.
Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P. & Witten, I.H., The WEKA Data Mining Software: An Update, ACM SIGKDD Explorations Newsletter, 11, pp. 10-18, 2009.
Breiman, L., Bagging Predictors, Machine Learning, 24, pp. 123-140, 1996.
Gama, J., Functional Trees, Machine Learning, 55, pp. 219-250, 2004.