SoK: Keylogging S i d e C h a n n e l s John “Vinnie” Monaco / U.S. Army Research Laboratory
What’s in a keystroke? User Keyboard Host Network + Hand moton + Matrix scan + USB polling + Transmission + Key travel + Debouncing + Process + Routng + Encoding scheduling
Keylogging metrics • Detection •Establish the presence/absence of a keystroke •Precision/recall, ROC analysis • Identification •Determine which keyboard key was pressed •Information gain, classification accuracy
Early attacks 1943 1984 TEMPEST Project GUNMAN
Can you find all the side channels?
Attack taxonomy Spatal Temporal Channel type Acoustc Within-subject Electromagnetc Between-subject Target/ CPU Training None Modality Cache Atuack Proximity Typing speed Fast Close Slow Far
Spatial side channels First order Key locatoon Second order Key dintaocen
Temporal side channels User A User B Key-press latency Inter-key distance
The “side channel menagerie” A phenomenon reminiscent of the biometric menagerie Vulnerable Info gain (bits) Resilient
Homogeneity as an indicator for side channel attack severity Very similar Somewhat similar High risk Medium risk
Linking two fields Biometrics Side channels “Langlands program” Homogeneity Heterogeneity Identity/action information
Summary/prediction •75 years of keylogging side channels •Behavior heterogeneity vs homogeneity •Temporal attacks will improve Contact: www.vmonaco.com
Recommend
More recommend