0x1a great papers in computer security
DESCRIPTION
CS 380S. 0x1A Great Papers in Computer Security. Vitaly Shmatikov. http://www.cs.utexas.edu/~shmat/courses/cs380s/. L. Zhuang, F. Zhou, D. Tygar Keyboard Acoustic Emanations Revisited (CCS 2005). Acoustic Information in Typing . Different keystrokes make different sounds - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: 0x1A Great Papers in Computer Security](https://reader035.vdocument.in/reader035/viewer/2022062501/56815df3550346895dcc2761/html5/thumbnails/1.jpg)
0x1A Great Papers inComputer Security
Vitaly Shmatikov
CS 380S
http://www.cs.utexas.edu/~shmat/courses/cs380s/
![Page 2: 0x1A Great Papers in Computer Security](https://reader035.vdocument.in/reader035/viewer/2022062501/56815df3550346895dcc2761/html5/thumbnails/2.jpg)
L. Zhuang, F. Zhou, D. Tygar
Keyboard Acoustic Emanations Revisited
(CCS 2005)
![Page 3: 0x1A Great Papers in Computer Security](https://reader035.vdocument.in/reader035/viewer/2022062501/56815df3550346895dcc2761/html5/thumbnails/3.jpg)
Acoustic Information in Typing Different keystrokes make different sounds
• Different locations on the supporting plate• Each key is slightly different
Frequency information in the sound of the typed key can be used to learn which key it is• Observed by Asonov and Agrawal (2004)
slide 3
![Page 4: 0x1A Great Papers in Computer Security](https://reader035.vdocument.in/reader035/viewer/2022062501/56815df3550346895dcc2761/html5/thumbnails/4.jpg)
“Key” Observation Build acoustic model for keyboard and typist Exploit the fact that typed text is non-
random (for example, English)• Limited number of words• Limited letter sequences (spelling)• Limited word sequences (grammar)
This requires a language model• Statistical learning theory• Natural language processing
slide 4
![Page 5: 0x1A Great Papers in Computer Security](https://reader035.vdocument.in/reader035/viewer/2022062501/56815df3550346895dcc2761/html5/thumbnails/5.jpg)
Sound of a Keystroke
Each keystroke is represented as a vector of Cepstrum features• Fourier transform of the decibel spectrum• Standard technique from speech processing
slide 5
[Zhuang, Zhou, Tygar]
![Page 6: 0x1A Great Papers in Computer Security](https://reader035.vdocument.in/reader035/viewer/2022062501/56815df3550346895dcc2761/html5/thumbnails/6.jpg)
Bi-Grams of Characters Group keystrokes into N clusters Find the best mapping from cluster labels to
characters Unsupervised learning: exploit the fact that some
2-character combinations are more common• Example: “th” vs. “tj”• Hidden Markov Models (HMMs)
slide 6
5 11 2
“t”
“h”
“e”
[Zhuang, Zhou, Tygar]
![Page 7: 0x1A Great Papers in Computer Security](https://reader035.vdocument.in/reader035/viewer/2022062501/56815df3550346895dcc2761/html5/thumbnails/7.jpg)
Add Spelling and Grammar Spelling correction Simple statistical model of English
grammar• Tri-grams of words
Use HMMs again to model
slide 7
[Zhuang, Zhou, Tygar]
![Page 8: 0x1A Great Papers in Computer Security](https://reader035.vdocument.in/reader035/viewer/2022062501/56815df3550346895dcc2761/html5/thumbnails/8.jpg)
Recovered Text
_____ = errors in recovery
= errors corrected by grammar
slide 8
Before spelling and
grammar correction
After spelling and
grammar correction
[Zhuang, Zhou, Tygar]
![Page 9: 0x1A Great Papers in Computer Security](https://reader035.vdocument.in/reader035/viewer/2022062501/56815df3550346895dcc2761/html5/thumbnails/9.jpg)
Feedback-based Training Recovered characters + language correction
provide feedback for more rounds of training
Output: keystroke classifier• Language-independent• Can be used to recognize random sequence of
keys– For example, passwords
• Representation of keystroke classifier– Neural networks, linear classification, Gaussian
mixtures
slide 9
[Zhuang, Zhou, Tygar]
![Page 10: 0x1A Great Papers in Computer Security](https://reader035.vdocument.in/reader035/viewer/2022062501/56815df3550346895dcc2761/html5/thumbnails/10.jpg)
OverviewInitial training
Unsupervised Learning
Language Model Correction
Sample Collector
Classifier Builder
keystroke classifierrecovered keystrokes
Feature Extraction
wave signal(recorded sound)
Subsequent
recognition
Feature Extraction
wave signal
Keystroke Classifier
Language Model Correction(optional)
recovered keystrokes
[Zhuang, Zhou, Tygar]
slide 10
![Page 11: 0x1A Great Papers in Computer Security](https://reader035.vdocument.in/reader035/viewer/2022062501/56815df3550346895dcc2761/html5/thumbnails/11.jpg)
Experiment: Single Keyboard Logitech Elite Duo wireless keyboard 4 data sets recorded in two settings: quiet and noisy
• Consecutive keystrokes are clearly separable
Automatically extract keystroke positions in the signal with some manual error correction
[Zhuang, Zhou, Tygar]
slide 11
![Page 12: 0x1A Great Papers in Computer Security](https://reader035.vdocument.in/reader035/viewer/2022062501/56815df3550346895dcc2761/html5/thumbnails/12.jpg)
Results for a Single Keyboard
slide 12
Recording length Number of words Number of keys
Set 1 ~12 min ~400 ~2500
Set 2 ~27 min ~1000 ~5500
Set 3 ~22 min ~800 ~4200
Set 4 ~24 min ~700 ~4300
Set 1 (%) Set 2 (%) Set 3 (%) Set 4 (%)
Word Char Word Char Word Char Word Char
Initial 35 76 39 80 32 73 23 68
Final 90 96 89 96 83 95 80 92
[Zhuang, Zhou, Tygar]
Datasets
Initial and final recognition rate
![Page 13: 0x1A Great Papers in Computer Security](https://reader035.vdocument.in/reader035/viewer/2022062501/56815df3550346895dcc2761/html5/thumbnails/13.jpg)
Experiment: Multiple Keyboards Keyboard 1: Dell QuietKey PS/2
• In use for about 6 months
Keyboard 2: Dell QuietKey PS/2• In use for more than 5 years
Keyboard 3: Dell Wireless Keyboard• New
slide 13
[Zhuang, Zhou, Tygar]
![Page 14: 0x1A Great Papers in Computer Security](https://reader035.vdocument.in/reader035/viewer/2022062501/56815df3550346895dcc2761/html5/thumbnails/14.jpg)
Results for Multiple Keyboards 12-minute recording with app. 2300
charactersKeyboard 1 (%) Keyboard 2 (%) Keyboard 3 (%)
Word Char Word Char Word Char
Initial 31 72 20 62 23 64
Final 82 93 82 94 75 90
[Zhuang, Zhou, Tygar]
slide 14
![Page 15: 0x1A Great Papers in Computer Security](https://reader035.vdocument.in/reader035/viewer/2022062501/56815df3550346895dcc2761/html5/thumbnails/15.jpg)
Defenses Physical security Two-factor authentication Masking noise Keyboards with uniform sound (?)
slide 15