ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Dictionary attacks using keyboard acoustic emanations
Full text PdfPdf (311 KB)
Source Conference on Computer and Communications Security archive
Proceedings of the 13th ACM conference on Computer and communications security table of contents
Alexandria, Virginia, USA
SESSION: Attacks and cryptanalysis table of contents
Pages: 245 - 254  
Year of Publication: 2006
ISBN:1-59593-518-5
Authors
Yigael Berger  Tel Aviv University, Ramat Aviv, Israel
Avishai Wool  Tel Aviv University, Ramat Aviv, Israel
Arie Yeredor  Tel Aviv University, Ramat Aviv, Israel
Sponsors
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 9,   Downloads (12 Months): 104,   Citation Count: 3
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1180405.1180436
What is a DOI?

ABSTRACT

We present a dictionary attack that is based on keyboard acoustic emanations. We combine signal processing and efficient data structures and algorithms, to successfully reconstruct single words of 7-13 characters from a recording of the clicks made when typing them on a keyboard. Our attack does not require any training, and works on an individual recording of the typed word (may be under 5 seconds of sound). The attack is very efficient, taking under 20 seconds per word on a standard PC. We demonstrate a 90% or better success rate of finding the correct word in the top 50 candidates identified by the attack, for words of 10 or more characters, and a success rate of 73% over all the words we tested. We show that the dominant factors affecting the attack's success are the word length, and more importantly, the number of repeated characters within the word. Our attack can be used as an effective acoustic-based password cracker. Our attack can also be used as part of an acoustic long-text reconstruction method, that is much more efficient and requires much less text than previous approaches.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
D. Asonov and R. Agrawal. Keyboard acoustic emanations. In IEEE Symposium on Security and Privacy, pages 3--11, Oakland, CA, 2004.
 
2
K. Atkinson. Scowl - spell checker oriented word lists, 2004. http://wordlist.sourceforge.net/.
 
3
R. Briol. Emanation: How to keep your data confidential. Symposium on Electromagnetic Security For Information Protection, 1991.
 
4
CornCob. The corncob list. http://www.mieliestronk.com/wordlist.html.
 
5
D. Klein. Foiling the cracker: A survey of, and improvements to, password security. In Proc. UNIX Security Workshop II, Aug. 1990.
 
6
M. G. Kuhn. Compromising emanations: Eavesdropping risks of computer displays. Technical Report UCAM-CL-TR-577, University of Cambridge, Computer Laboratory, Dec. 2003.
7
Joe Loughry , David A. Umphress, Information leakage from optical emanations, ACM Transactions on Information and System Security (TISSEC), v.5 n.3, p.262-289, August 2002  [doi>10.1145/545186.545189]
 
8
Yossi Rubner , Carlo Tomasi , Leonidas J. Guibas, The Earth Mover's Distance as a Metric for Image Retrieval, International Journal of Computer Vision, v.40 n.2, p.99-121, Nov. 2000  [doi>10.1023/A:1026543900054]
 
9
Time domain processing: Correlation. http://www.bores.com/courses/intro/time/2_ave.htm.
 
10
M. Slaney. Auditory toolbox, 1998. http://rvl4.ecn.purdue.edu/malcolm/interval/1998-010/.
 
11
Steven W. Smith, The scientist and engineer's guide to digital signal processing, California Technical Publishing, San Diego, CA, 1997
 
12
D. Song, D. Wagner, and X. Tian. Timing analysis of keystrokes and timing attacks on SSH. In 10th USENIX Security Symposium, 2001.
 
13
Tempest 101. http://www.tscm.com/TSCM101tempest.html.
14
Li Zhuang , Feng Zhou , J. D. Tygar, Keyboard acoustic emanations revisited, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA  [doi>10.1145/1102120.1102169]

CITED BY  3
Zhengyi Le , Yi Ouyang , Yurong Xu , Fillia Makedon, Mobile device protection from loss and capture, Proceedings of the 1st international conference on PErvasive Technologies Related to Assistive Environments, July 16-18, 2008, Athens, Greece
Manu Kumar , Tal Garfinkel , Dan Boneh , Terry Winograd, Reducing shoulder-surfing by using gaze-based password entry, Proceedings of the 3rd symposium on Usable privacy and security, July 18-20, 2007, Pittsburgh, Pennsylvania
Zhengyi Le , Matt Bishop , Fillia Makedon, Strong mobile device protection from loss and capture, Proceedings of the 2nd International Conference on PErvsive Technologies Related to Assistive Environments, p.1-7, June 09-13, 2009, Corfu, Greece

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Authentication

Additional Classification:
  H. Information Systems
  H.5 INFORMATION INTERFACES AND PRESENTATION (I.7)
      H.5.5 Sound and Music Computing
          Subjects: Signal analysis, synthesis, and processing


General Terms:
Algorithms, Security


Keywords:
dictionary attacks, keyboard acoustics, password cracking

Collaborative Colleagues:
Yigael Berger: colleagues
Avishai Wool: colleagues
Arie Yeredor: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player