Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Keyboard acoustic side channel attacks: exploring realistic and security-sensitive scenarios
Halevi T., Saxena N. International Journal of Information Security14 (5):443-456,2015.Type:Article
Date Reviewed: Feb 17 2016

Side channel attacks are commonly associated with the observation of physical parameters of electronic systems to obtain useful information to breach system security. Typical parameters that can yield interesting results include timing information, power consumption, and electromagnetic leaks.

Sound emitted by computers and machines can also serve as a useful source of information: intelligence services know this well, as they were able to reconstruct printed text from the acoustic recordings of foreign government teletypewriters 50 years ago [1].

Halevi and Saxena discuss a different kind of eavesdropping, the exploitation of acoustic side channels in computer keyboards, to reconstruct what a human is typing. The feasibility and exploitation of this type of technique have clear security relevance when the text that is being typed is the access password to a computer system.

The study focuses on the eavesdropping of random passwords using raw recorded audio files and the application of a mix of techniques such as signal processing, a novel time-frequency decoding technique, as well as the analysis of the typing style, which was largely ignored by earlier publications.

The threat model is carefully described, detailing assumptions and prerequisites, as is the technical setup, together with various detection techniques. Performance considerations are drawn as a function of different typing styles and of the type of target keyboard, where the acoustic behavior of a standard keyboard is different from a laptop keyboard. Results indicate that success rates of to 64 percent per typed character can be achieved, making acoustic side channel attacks a step closer to a full-fledged vulnerability.

This is an interesting read for security professionals who want to broaden their perspective of unconventional threat scenarios, as well as for researchers and experimenters who will appreciate the theoretical and practical aspects of the challenge.

Security practitioners will be specifically reminded of the fact that the devil is in the detail. There is no point in designing an excellent cryptographic algorithm or secure computer system if the secret that is used to protect access to the information can be acquired with relative ease by attackers just listening to apparently innocuous information.
Reviewer:  Alessandro Berni Review #: CR144172 (1605-0328)
1) Marchetti, V.; Marks, J. The CIA and the cult of intelligence. Knopf, New York, NY, 1974.
Bookmark and Share
  Featured Reviewer  
 
Security, Integrity, And Protection (H.2.0 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Security, Integrity, And Protection": Date
Views for multilevel database security
Denning D., Akl S., Heckman M., Lunt T., Morgenstern M., Neumann P., Schell R. IEEE Transactions on Software Engineering SE-13(2): 129-140, 1987. Type: Article		 Feb 1 1988
Computer security: a comprehensive controls checklist
Wood C., Banks W., Guarro S., Garcia A., Hampel V., Sartorio H., Wiley-Interscience, New York, NY, 1987. Type: Book (9789780471847953)		 Feb 1 1988
Incorporating access control in forms systems
Yeo G. Computers and Security 4(2): 109-122, 1985. Type: Article		 Feb 1 1986
more...
E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use | Privacy Policy