Anindya Maiti

(Smart)watch your taps: side-channel keystroke inference attacks using smartwatches

In this paper, we investigate the feasibility of keystroke inference attacks on handheld numeric touchpads by using smartwatch motion sensors as a side-channel. The proposed attack approach employs supervised learning techniques to accurately map the uniqueness in the captured wrist movements to each individual keystroke. Experimental evaluation shows that keystroke inference using smartwatch motion sensors is not only fairly accurate, but also better than similar attacks previously demonstrated using smartphone motion sensors.

Smartwatch-Based Keystroke Inference Attacks and Context-Aware Protection Mechanisms

Wearable devices, such as smartwatches, are furnished with state-of-the-art sensors that enable a range of context-aware applications. However, malicious applications can misuse these sensors, if access is left unaudited. In this paper, we demonstrate how applications that have access to motion or inertial sensor data on a modern smartwatch can recover text typed on an external QWERTY keyboard. Due to the distinct nature of the perceptible motion sensor data, earlier research efforts on emanation based keystroke inference attacks are not readily applicable in this scenario. The proposed novel attack framework characterizes wrist movements (captured by the inertial sensors of the smartwatch worn on the wrist) observed during typing, based on the relative physical position of keys and the direction of transition between pairs of keys. Eavesdropped keystroke characteristics are then matched to candidate words in a dictionary. Multiple evaluations show that our keystroke inference framework has an alarmingly high classification accuracy and word recovery rate. With the information recovered from the wrist movements perceptible by a smartwatch, we exemplify the risks associated with unaudited access to seemingly innocuous sensors (e.g., accelerometers and gyroscopes) of wearable devices. As part of our efforts towards preventing such side-channel attacks, we also develop and evaluate a novel context-aware protection framework which can be used to automatically disable (or downgrade) access to motion sensors, whenever typing activity is detected.

Towards Inferring Mechanical Lock Combinations using Wrist-Wearables as a Side-Channel

Wrist-wearables such as smartwatches and fitness bands are equipped with a variety of high-precision sensors that support novel contextual and activity-based applications. The presence of a diverse set of on-board sensors, however, also expose an additional attack surface which, if not adequately protected, could be potentially exploited to leak private user information. In this paper, we investigate the feasibility of a new attack that takes advantage of a wrist-wearables motion sensors to infer input on mechanical devices typically used to secure physical access, for example, combination locks. We outline an inference framework that attempts to infer a locks unlock combination from the wrist motion captured by a smartwatchs gyroscope sensor, and uses a probabilistic model to produce a ranked list of likely unlock combinations. We conduct a thorough empirical evaluation of the proposed framework by employing unlocking-related motion data collected from human subject participants in a variety of controlled and realistic settings. Evaluation results from these experiments demonstrate that motion data from wrist-wearables can be effectively employed as a side-channel to significantly reduce the unlock combination search-space of commonly found combination locks, thus compromising the physical security provided by these locks.

Seer Grid: Privacy and Utility Implications of Two-Level Load Prediction in Smart Grids

We propose “Seer Grid”, a novel two-level energy consumption prediction framework for smart grids, aimed to decrease the trade-off between privacy requirements (of the customer) and data utility requirements (of the energy company (EC)). The first-level prediction at the household level is performed by each smart meter (SM), and the predicted energy consumption pattern (instead of the actual energy usage data) is reported to a cluster head (CH). Then, a second-level prediction at the neighborhood level is done by the CH which predicts the energy spikes in the neighborhood or cluster and shares it with the EC. Our two-level prediction mechanism is designed such that it preserves the correlation between the predicted and actual energy consumption patterns at the cluster level and removes this correlation in the predicted data communicated by each SM to the CH. This maintains the usefulness of the cluster-level energy consumption data communicated to the EC, while preserving the privacy of the household-level energy consumption data against the CH (and thus the EC). Our evaluation results show that Seer Grid is successful in hiding private consumption patterns at the household-level while still being able to accurately predict energy consumption at the neighborhood-level.

Keystroke inference using ambient light sensor on wrist-wearables: a feasibility study

Many modern wrist-wearables, such as smartwatches and fitness trackers, are equipped with ambient light sensors that are able to capture the surrounding light levels. While an ambient light sensor is intended to make applications environment-aware, malicious applications can potentially misuse it to infer private information pertaining the wearer. Moreover, such an attack vector is hard to mitigate because the ambient light sensor is a part of the zero-permission sensor suite on most wearable platforms, i.e., any on-device application can access these sensors without requiring explicit user-level permissions. In this paper, we study the feasibility of how a malicious smartwatch application can leverage on ambient light sensor data to infer sensitive information about the wearer, specifically keystrokes typed by the wearer on an ATM keypad. While there are multiple previous works that target motion sensor data on wrist-wearables to infer keystrokes, we study the feasibility of how a similar attack can be conducted using an ambient light sensor. The characteristic differences between motion and light data, and how they are impacted during the keystroke activity, implies that existing inference frameworks that rely on motion data cannot be directly employed in this case. As a result, we design a new ambient light based keystroke inference framework which models the varying intensities of light on and around an ATM keypad to infer keystrokes. Our evaluation results indicate that an inference attack on keystrokes is moderately feasible, even with a coarse-grained ambient light sensor found on many low-cost wrist-wearables.

CUDA-assisted energy-efficient primality test

It has been known that the primes are infinite in number but the exact sequence of primes is not predictable. Prime numbers and computers have been linked since the 1950s. Computer security authorities use extremely large prime numbers when they devise cryptographs, like RSA (short for Rivest, Shamir, and Adleman) algorithm, for protecting vital information that is transmitted between computers. There are many primality testing algorithms including mathematical models and computer programs. However, they are very time and energy consuming when the given number n is very large. In this paper, we propose a Compute Unified Device Architecture (CUDA)-accelerated deterministic algorithm to determine whether an input number is prime or composite much faster to save energy. We develop and implement the proposed algorithm using a system with an 8-core CPU and a 448-core GPU. Experimental results indicate that up to 45x speedup and 88% energy saving can be achieved for 20-digit decimal numbers.

Social Puzzles: Context-Based Access Control in Online Social Networks

The increasing popularity of online social networks (OSNs) is spawning new security and privacy concerns. Currently, a majority of OSNs offer very naive access control mechanisms that are primarily based on static access control lists (ACL) or policies. But as the number of social connections grow, static ACL based approaches become ineffective and unappealing to OSN users. There is an increased need in social-networking and data-sharing applications to control access to data based on the associated context (e.g., event, location, and users involved), rather than solely on data ownership and social connections. Surveillance is another critical concern for OSN users, as the service provider may further scrutinize data posted or shared by users for personal gains (e.g., targeted advertisements), for use by corporate partners or to comply with legal orders. In this paper, we introduce a novel paradigm of context-based access control in OSNs, where users are able to access the shared data only if they have knowledge of the context associated with it. We propose two constructions for context-based access control in OSNs: the first is based on a novel application of Shamirs secret sharing scheme, whereas the second makes use of an attribute-based encryption scheme. For both constructions, we analyze their security properties, implement proof-of-concept applications for Facebook and empirically evaluate their functionality and performance. Our empirical measurements show that the proposed constructions execute efficiently on standard computing hardware, as well as, on portable mobile devices.