TY - GEN
T1 - I Know What You Type
T2 - 2018 IEEE Global Communications Conference, GLOBECOM 2018
AU - Song, Rui
AU - Song, Yubo
AU - Gao, Shang
AU - Xiao, Bin
AU - Hu, Aiqun
PY - 2018/12
Y1 - 2018/12
N2 - Smartphone sensors have been applied to record the movement of users for healthy use. However, the motion sensor readings recorded by malicious applications can be utilized as a side-channel to leak user privacy by keystroke inference. Most existing approaches use time-domain statistical characteristics for keystroke inference. Their systems are poor to show the subtle changes in short time period, since the time- domain statistical features can only reflect the characteristics in a long-time interval. In this paper, we propose a novel framework to perform keystroke inference on smartphones. This framework introduces an improved MFCC algorithm to extract frequency- domain features for more comprehensive use of raw data. Since the frequency-domain energy distribution of motion signals is concentrated, and the specificity of signals is strong, MFCC can improve the inference accuracies under complex scenarios. Based on this framework, we present a prototype called FreqKey, which is an inference system to leak user privacy such as PINs and passwords. FreqKey collects motion sensor readings during keystroke events and constructs classification models with machine learning algorithms. Experimental results show that FreqKey improves the performance in a variety of complex scenarios. Especially, even in web platform whose sampling rate is lower than 80Hz, FreqKey can achieve relatively high accuracy of 74.6%. To mitigate the frequency-based side-channel attack and protect user privacy, we propose a defense solution which contains sensor- activity monitoring, malicious program identification and interference signal injection.
AB - Smartphone sensors have been applied to record the movement of users for healthy use. However, the motion sensor readings recorded by malicious applications can be utilized as a side-channel to leak user privacy by keystroke inference. Most existing approaches use time-domain statistical characteristics for keystroke inference. Their systems are poor to show the subtle changes in short time period, since the time- domain statistical features can only reflect the characteristics in a long-time interval. In this paper, we propose a novel framework to perform keystroke inference on smartphones. This framework introduces an improved MFCC algorithm to extract frequency- domain features for more comprehensive use of raw data. Since the frequency-domain energy distribution of motion signals is concentrated, and the specificity of signals is strong, MFCC can improve the inference accuracies under complex scenarios. Based on this framework, we present a prototype called FreqKey, which is an inference system to leak user privacy such as PINs and passwords. FreqKey collects motion sensor readings during keystroke events and constructs classification models with machine learning algorithms. Experimental results show that FreqKey improves the performance in a variety of complex scenarios. Especially, even in web platform whose sampling rate is lower than 80Hz, FreqKey can achieve relatively high accuracy of 74.6%. To mitigate the frequency-based side-channel attack and protect user privacy, we propose a defense solution which contains sensor- activity monitoring, malicious program identification and interference signal injection.
UR - http://www.scopus.com/inward/record.url?scp=85063479459&partnerID=8YFLogxK
U2 - 10.1109/GLOCOM.2018.8647385
DO - 10.1109/GLOCOM.2018.8647385
M3 - Conference article published in proceeding or book
AN - SCOPUS:85063479459
T3 - 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings
BT - 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 9 December 2018 through 13 December 2018
ER -