I Know What You Type: Leaking User Privacy via Novel Frequency-Based Side-Channel Attacks

Rui Song, Yubo Song, Shang Gao, Bin Xiao, Aiqun Hu

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

1 Citation (Scopus)

Abstract

Smartphone sensors have been applied to record the movement of users for healthy use. However, the motion sensor readings recorded by malicious applications can be utilized as a side-channel to leak user privacy by keystroke inference. Most existing approaches use time-domain statistical characteristics for keystroke inference. Their systems are poor to show the subtle changes in short time period, since the time- domain statistical features can only reflect the characteristics in a long-time interval. In this paper, we propose a novel framework to perform keystroke inference on smartphones. This framework introduces an improved MFCC algorithm to extract frequency- domain features for more comprehensive use of raw data. Since the frequency-domain energy distribution of motion signals is concentrated, and the specificity of signals is strong, MFCC can improve the inference accuracies under complex scenarios. Based on this framework, we present a prototype called FreqKey, which is an inference system to leak user privacy such as PINs and passwords. FreqKey collects motion sensor readings during keystroke events and constructs classification models with machine learning algorithms. Experimental results show that FreqKey improves the performance in a variety of complex scenarios. Especially, even in web platform whose sampling rate is lower than 80Hz, FreqKey can achieve relatively high accuracy of 74.6%. To mitigate the frequency-based side-channel attack and protect user privacy, we propose a defense solution which contains sensor- activity monitoring, malicious program identification and interference signal injection.

Original languageEnglish
Title of host publication2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781538647271
DOIs
Publication statusPublished - Dec 2018
Event2018 IEEE Global Communications Conference, GLOBECOM 2018 - Abu Dhabi, United Arab Emirates
Duration: 9 Dec 201813 Dec 2018

Publication series

Name2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings

Conference

Conference2018 IEEE Global Communications Conference, GLOBECOM 2018
CountryUnited Arab Emirates
CityAbu Dhabi
Period9/12/1813/12/18

ASJC Scopus subject areas

  • Information Systems and Management
  • Renewable Energy, Sustainability and the Environment
  • Safety, Risk, Reliability and Quality
  • Signal Processing
  • Modelling and Simulation
  • Instrumentation
  • Computer Networks and Communications

Cite this