Abstract
Nowadays, attackers seek various covert channels to access the users’ privacy on the mobile devices. Recent research has demonstrated that the built-in motion sensors can be exploited to monitor the users’ screen taps and infer what they have typed. This paper presents several practical and convenient countermeasures against this attack in terms of the soft keyboard. We find that this attack is sensitive to the motion noise of the mobile device and the layout variation of the soft keyboard. We, thus, present two kinds of countermeasures against this attack by introducing vibration noise in sensor readings and dynamics in the keyboard layout, respectively. We implement these countermeasures on Android platform and recruit 20 volunteers to evaluate these countermeasures’ effectiveness and usability on both the smartphones and tablets. The results show that the proposed countermeasures can effectively reduce the attackers’ keystroke inference accuracy without significantly hurting the typing efficiency.
This work was supported in part by the Jiangsu Province Double Innovation Talent Program and in part by the National Natural Science Foundation of China under Grant NSFC-61300235, Grant NSFC-61321491, Grant NSFC-61402223, and Grant NSFC-61425024.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Al-Haiqi, A., Ismail, M., Nordin, R.: On the best sensor for keystrokes inference attack on android. Procedia Technol. 11, 989–995 (2013)
Aviv, A.J., Sapp, B., Blaze, M., Smith, J.M.: Practicality of accelerometer side channels on smartphones. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 41–50. ACM (2012)
Bugiel, S., Heuser, S., Sadeghi, A.R.: Flexible and fine-grained mandatory access control on android for diverse security and privacy policies. In: Presented as Part of the 22nd USENIX Security Symposium (USENIX Security 2013), pp. 131–146 (2013)
Cai, L., Chen, H.: Touchlogger: inferring keystrokes on touch screen from smartphone motion. HotSec 11, 9–9 (2011)
Cai, L., Chen, H.: On the practicality of motion based keystroke inference attack. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 273–290. Springer, Heidelberg (2012). doi:10.1007/978-3-642-30921-2_16
Cappos, J., Wang, L., Weiss, R., Yang, Y., Zhuang, Y.: Blursense: dynamic fine-grained access control for smartphone privacy. In: 2014 IEEE Sensors Applications Symposium (SAS), pp. 329–332. IEEE (2014)
Chakraborty, S., Shen, C., Raghavan, K.R., Shoukry, Y., Millar, M., Srivastava, M.: ipShield: a framework for enforcing context-aware privacy. In: 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2014), pp. 143–156 (2014)
Damopoulos, D., Kambourakis, G., Gritzalis, S.: From keyloggers to touchloggers: take the rough with the smooth. Comput. Secur. 32, 102–114 (2013)
Fiebig, T., Krissler, J., Hänsch, R.: Security impact of high resolution smartphone cameras. In: 8th USENIX Workshop on Offensive Technologies (WOOT 2014) (2014)
Kwon, T., Na, S., Park, S.H.: Drag-and-type: a new method for typing with virtual keyboards on small touchscreens. IEEE Trans. Consum. Electron. 60(1), 99–106 (2014)
Li, W., Ma, M., Han, J., Xia, Y., Zang, B., Chu, C.K., Li, T.: Building trusted path on untrusted device drivers for mobile devices. In: Proceedings of 5th Asia-Pacific Workshop on Systems, p. 8. ACM (2014)
Michalevsky, Y., Boneh, D., Nakibly, G.: Gyrophone: recognizing speech from gyroscope signals. In: 23rd USENIX Security Symposium (USENIX Security 2014), pp. 1053–1067 (2014)
Miettinen, M., Heuser, S., Kronz, W., Sadeghi, A.R., Asokan, N.: Conxsense: automated context classification for context-aware access control. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 293–304. ACM (2014)
Miluzzo, E., Varshavsky, A., Balakrishnan, S., Choudhury, R.R.: Tapprints: your finger taps have fingerprints. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, pp. 323–336. ACM (2012)
Na, S., Kwon, T.: Rik: a virtual keyboard resilient to spyware in smartphones. In: IEEE International Conference on Consumer Electronics (ICCE), pp. 10–13 (2014)
Narain, S., Sanatinia, A., Noubir, G.: Single-stroke language-agnostic keylogging using stereo-microphones and domain specific machine learning. In: Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless & Mobile Networks, pp. 201–212. ACM (2014)
Owusu, E., Han, J., Das, S., Perrig, A., Zhang, J.: Accessory: password inference using accelerometers on smartphones. In: Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications, p. 9. ACM (2012)
Raghavan, K.R., Chakraborty, S., Srivastava, M., Teague, H.: Override: a mobile privacy framework for context-driven perturbation and synthesis of sensor data streams. In: Proceedings of the Third International Workshop on Sensing Applications on Mobile Phones, p. 2. ACM (2012)
Schlegel, R., Zhang, K., Zhou, X.Y., Intwala, M., Kapadia, A., Wang, X.: Soundcomber: a stealthy and context-aware sound Trojan for smartphones. In: NDSS, vol. 11, pp. 17–33 (2011)
Song, Y., Kukreti, M., Rawat, R., Hengartner, U.: Two novel defenses against motion-based keystroke inference attacks. arXiv preprint arXiv:1410.7746 (2014)
Spreitzer, R.: Pin skimming: exploiting the ambient-light sensor in mobile devices. In: Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, pp. 51–62. ACM (2014)
Tong, T., Evans, D.: Guardroid: a trusted path for password entry. In: Proceedings of Mobile Security Technologies (MoST) (2013)
Xu, Z., Bai, K., Zhu, S.: Taplogger: inferring user inputs on smartphone touchscreens using on-board motion sensors. In: Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 113–124. ACM (2012)
Xu, Z., Zhu, S.: Semadroid: a privacy-aware sensor management framework for smartphones. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, pp. 61–72. ACM (2015)
Yan, Q., Han, J., Li, Y., Zhou, J., Deng, R.H.: Leakage-resilient password entry: challenges, design, and evaluation. Comput. Secur. 48, 196–211 (2015)
Yi, H., Piao, Y., Yi, J.H.: Touch logger resistant mobile authentication scheme using multimodal sensors. In: Jeong, H.Y., S. Obaidat, M., Yen, N.Y., Park, S.H. (eds.) CSA 2013. LNEE, vol. 279, pp. 19–26. Springer, Heidelberg (2014). doi:10.1007/978-3-642-41674-3_4
Yue, Q., Ling, Z., Liu, B., Fu, X., Zhao, W.: Blind recognition of touched keys: attack and countermeasures. arXiv preprint arXiv:1403.4829 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Du, S., Gao, Y., Hua, J., Zhong, S. (2017). Secure Keyboards Against Motion Based Keystroke Inference Attack. In: Deng, R., Weng, J., Ren, K., Yegneswaran, V. (eds) Security and Privacy in Communication Networks. SecureComm 2016. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 198. Springer, Cham. https://doi.org/10.1007/978-3-319-59608-2_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-59608-2_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-59607-5
Online ISBN: 978-3-319-59608-2
eBook Packages: Computer ScienceComputer Science (R0)