CS 380S - Great Papers in Computer Security

CS 380S - Great Papers in Computer Security

CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ L. Zhuang, F. Zhou, D. Tygar Keyboard Acoustic Emanations Revisited (CCS 2005) Acoustic Information in Typing Different keystrokes make different sounds Different locations on the supporting plate Each key is slightly different Frequency information in the sound of the typed key can be used to learn which key it is Observed by Asonov and Agrawal (2004) slide 3

Key Observation Build acoustic model for keyboard and typist Exploit the fact that typed text is nonrandom (for example, English) Limited number of words Limited letter sequences (spelling) Limited word sequences (grammar) This requires a language model Statistical learning theory Natural language processing slide 4 Sound of a Keystroke [Zhuang, Zhou, Tygar] Each keystroke is represented as a vector of Cepstrum features Fourier transform of the decibel spectrum Standard technique from speech processing slide 5 Bi-Grams of Characters [Zhuang, Zhou, Tygar]

Group keystrokes into N clusters Find the best mapping from cluster labels to characters Unsupervised learning: exploit the fact that some 2-character combinations are more common Example: th vs. tj Hidden Markov Models (HMMs) t 5 h 11 e 2 slide 6 Add Spelling and Grammar [Zhuang, Zhou, Tygar]

Spelling correction Simple statistical model of English grammar Tri-grams of words Use HMMs again to model slide 7 Recovered Text [Zhuang, Zhou, Tygar] Before spelling and grammar correction After spelling and grammar correction _____ = errors in recovery

= errors corrected by grammar slide 8 Feedback-based Training [Zhuang, Zhou, Tygar] Recovered characters + language correction provide feedback for more rounds of training Output: keystroke classifier Language-independent Can be used to recognize random sequence of keys For example, passwords Representation of keystroke classifier Neural networks, linear classification, Gaussian mixtures slide 9 Overview Initial

trainin g wave signal (recorded sound) Subsequen t recognition [Zhuang, Zhou, Tygar] wave signal Feature Extraction Feature Extraction Unsupervised Learning Keystroke Classifier Language Model Correction

Language Model Correction (optional) Sample Collector Classifier Builder keystroke classifier recovered keystrokes slide 10 Experiment: Single Keyboard [Zhuang, Zhou, Tygar] Logitech Elite Duo wireless keyboard 4 data sets recorded in two settings: quiet and noisy Consecutive keystrokes are clearly separable Automatically extract keystroke

positions in the signal with some manual error correction slide 11 Results for a Single Keyboard [Zhuang, Zhou, Tygar] Datasets Recording length Number of words Number of keys Set 1 ~12 min ~400 ~2500 Set 2

~27 min ~1000 ~5500 Set 3 ~22 min ~800 ~4200 Set 4 ~24 min ~700 ~4300 Initial and final recognition rate Set 1 (%)

Set 2 (%) Set 3 (%) Set 4 (%) Word Char Word Char Word Char Word Char Initial

35 76 39 80 32 73 23 68 Final 90 96 89

96 83 95 80 92 slide 12 Experiment: Multiple Keyboards [Zhuang, Zhou, Tygar] Keyboard 1: Dell QuietKey PS/2 In use for about 6 months Keyboard 2: Dell QuietKey PS/2 In use for more than 5 years Keyboard 3: Dell Wireless Keyboard New

slide 13 Results for Multiple Keyboards [Zhuang, Zhou, Tygar] 12-minute recording with app. 2300 characters Keyboard 1 (%) Keyboard 2 (%) Keyboard 3 (%) Word Char Word Char Word Char

Initial 31 72 20 62 23 64 Final 82 93 82 94

75 90 slide 14 Defenses Physical security Two-factor authentication Masking noise Keyboards with uniform sound (?) slide 15

Recently Viewed Presentations

  • Principles of Marketing Global Edition Kotler and Armstrong

    Principles of Marketing Global Edition Kotler and Armstrong

    In this chapter, we examine two more IMC elements: personal selling and sales promotion. Personal selling is the interpersonal arm of marketing communications, in which the sales force interacts with customers and prospects to build relationships and make sales.
  • Unit 2: Cells

    Unit 2: Cells

    Their theory accepted the first two tenets of modern cell theory. In 1855, Rudolf Virchow concluded that all cells come from pre-existing cells. Since 1855 when Virchow introduced the ideas, the cell theory has been supported by thousands of experiments...
  • What are graphic scores?

    What are graphic scores?

    What are graphic scores? Graphic scores A graphic score is a way in which a composer can compose a piece without using common music notation.
  • Broadband-Hamnet formerly HSMM-Mesh - summitares.org

    Broadband-Hamnet formerly HSMM-Mesh - summitares.org

    Broadband Hamnet - What is it? Broadband-Hamnet™ is a high speed, self discovering, fault tolerant, self configuring ham network/wireless computer network that can run for days from a fully charged car battery, or indefinitely with the addition of a modest...
  • Unlocking Higher Cranberry Yields with Boron: A Key Element ...

    Unlocking Higher Cranberry Yields with Boron: A Key Element ...

    Indigenous to the Temperate Zone (native only to North America).. Acidic pH (4.0 to 5.5). Full sun (generally the more sun, the better). Optimum growth occurs from 60°F to 80°F.. Cool temperatures when fruit are maturing (as temperature goes down,...
  • ORF PowerPoint Design Template

    ORF PowerPoint Design Template

    FCI = total cost of existing repairs current replacement value Facility Condition Index (FCI) Is an industry standard parametric tool used to relatively compare building conditions. Facility Condition Index (FCI) Understanding and Using FCI 0% 2% 4% 6% 10% Excellent...
  • HTML and JavaScript - Juniata College

    HTML and JavaScript - Juniata College

    A higher number fills out more. Try a few different settings. Sometimes bigger is better. HTML Tags from HTML Goodies Ordered Alphabetically NN: indicates the earliest version of Netscape that supports the tag IE: indicates the earliest version of Internet...
  • On symmetric encryption and Point Obfuscation

    On symmetric encryption and Point Obfuscation

    Relation to Symmetric Encryption. Define: Enc. k (m) = Obf (f. k,m) Dec. k (c) = c(k) Is it a good symmetric encryption scheme? Good: ciphertext c only as useful as oracle f k,m (¢).Good even if k only has...