Smartwatch-based keystroke inference attacks and context-aware protection mechanisms

No Thumbnail Available
Authors
Maiti, Anindya
Armbruster, Oscar
Jadliwala, Murtuza Shabbir
He, Jibo
Issue Date
2016
Type
Conference paper
Language
en_US
Keywords
Smartwatch , Keystroke , Sensor , Wearable , Privacy
Research Projects
Organizational Units
Journal Issue
Alternative Title
Abstract

Wearable devices, such as smartwatches, are furnished with state-of-the-art sensors that enable a range of context-aware applications. However, malicious applications can misuse these sensors, if access is left unaudited. In this paper, we demonstrate how applications that have access to motion or inertial sensor data on a modern smartwatch can recover text typed on an external QWERTY keyboard. Due to the distinct nature of the perceptible motion sensor data, earlier research efforts on emanation based keystroke inference attacks are not readily applicable in this scenario. The proposed novel attack framework characterizes wrist movements (captured by the inertial sensors of the smartwatch worn on the wrist) observed during typing, based on the relative physical position of keys and the direction of transition between pairs of keys. Eavesdropped keystroke characteristics are then matched to candidate words in a dictionary. Multiple evaluations show that our keystroke inference framework has an alarmingly high classification accuracy and word recovery rate. With the information recovered from the wrist movements perceptible by a smartwatch, we exemplify the risks associated with unaudited access to seemingly innocuous sensors (e.g., accelerometers and gyroscopes) of wearable devices. As part of our efforts towards preventing such side-channel attacks, we also develop and evaluate a novel context-aware protection framework which can be used to automatically disable (or downgrade) access to motion sensors, whenever typing activity is detected.

Description
Click on the DOI link to access the article (may not be free).
Citation
Maiti, Anindya; Armbruster, Oscar; Jadliwala, Murtuza Shabbir; He, Jibo. 2016. Smartwatch-based keystroke inference attacks and context-aware protection mechanisms. ASIA CCS '16 Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp 795-806
Publisher
Association for Computing Machinery
License
Journal
Volume
Issue
PubMed ID
DOI
ISSN
EISSN