Show simple item record

dc.contributor.authorMaiti, Anindya
dc.contributor.authorArmbruster, Oscar
dc.contributor.authorJadliwala, Murtuza Shabbir
dc.contributor.authorHe, Jibo
dc.identifier.citationMaiti, Anindya; Armbruster, Oscar; Jadliwala, Murtuza Shabbir; He, Jibo. 2016. Smartwatch-based keystroke inference attacks and context-aware protection mechanisms. ASIA CCS '16 Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp 795-806en_US
dc.descriptionClick on the DOI link to access the article (may not be free).en_US
dc.description.abstractWearable devices, such as smartwatches, are furnished with state-of-the-art sensors that enable a range of context-aware applications. However, malicious applications can misuse these sensors, if access is left unaudited. In this paper, we demonstrate how applications that have access to motion or inertial sensor data on a modern smartwatch can recover text typed on an external QWERTY keyboard. Due to the distinct nature of the perceptible motion sensor data, earlier research efforts on emanation based keystroke inference attacks are not readily applicable in this scenario. The proposed novel attack framework characterizes wrist movements (captured by the inertial sensors of the smartwatch worn on the wrist) observed during typing, based on the relative physical position of keys and the direction of transition between pairs of keys. Eavesdropped keystroke characteristics are then matched to candidate words in a dictionary. Multiple evaluations show that our keystroke inference framework has an alarmingly high classification accuracy and word recovery rate. With the information recovered from the wrist movements perceptible by a smartwatch, we exemplify the risks associated with unaudited access to seemingly innocuous sensors (e.g., accelerometers and gyroscopes) of wearable devices. As part of our efforts towards preventing such side-channel attacks, we also develop and evaluate a novel context-aware protection framework which can be used to automatically disable (or downgrade) access to motion sensors, whenever typing activity is detected.en_US
dc.publisherAssociation for Computing Machineryen_US
dc.relation.ispartofseriesASIA CCS '16 Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security;
dc.titleSmartwatch-based keystroke inference attacks and context-aware protection mechanismsen_US
dc.typeConference paperen_US
dc.rights.holderCopyright © 2017 ACM, Inc.en_US

Files in this item


There are no files associated with this item.

This item appears in the following Collection(s)

Show simple item record