TU Darmstadt / ULB / TUbiblio

My(o) Armband Leaks Passwords: An EMG and IMU Based Keylogging Side-Channel Attack

Gazzari, Matthias ; Mattmann, Annemarie ; Maass, Max ; Hollick, Matthias (2022)
My(o) Armband Leaks Passwords: An EMG and IMU Based Keylogging Side-Channel Attack.
In: Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 2021, 5 (4)
doi: 10.26083/tuprints-00020660
Article, Secondary publication, Postprint

WarningThere is a more recent version of this item available.

Abstract

Wearables that constantly collect various sensor data of their users increase the chances for inferences of unintentional and sensitive information such as passwords typed on a physical keyboard. We take a thorough look at the potential of using electromyographic (EMG) data, a sensor modality which is new to the market but has lately gained attention in the context of wearables for augmented reality (AR), for a keylogging side-channel attack. Our approach is based on neural networks for a between-subject attack in a realistic scenario using the Myo Armband to collect the sensor data. In our approach, the EMG data has proven to be the most prominent source of information compared to the accelerometer and gyroscope, increasing the keystroke detection performance. For our end-to-end approach on raw data, we report a mean balanced accuracy of about 76 % for the keystroke detection and a mean top-3 key accuracy of about 32 % on 52 classes for the key identification on passwords of varying strengths. We have created an extensive dataset including more than 310 000 keystrokes recorded from 37 volunteers, which is available as open access along with the source code used to create the given results.

Item Type: Article
Erschienen: 2022
Creators: Gazzari, Matthias ; Mattmann, Annemarie ; Maass, Max ; Hollick, Matthias
Type of entry: Secondary publication
Title: My(o) Armband Leaks Passwords: An EMG and IMU Based Keylogging Side-Channel Attack
Language: English
Date: 2022
Year of primary publication: 2021
Publisher: ACM
Journal or Publication Title: Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies
Volume of the journal: 5
Issue Number: 4
Collation: 24 Seiten
DOI: 10.26083/tuprints-00020660
URL / URN: https://tuprints.ulb.tu-darmstadt.de/20660
Corresponding Links:
Origin: Secondary publication service
Abstract:

Wearables that constantly collect various sensor data of their users increase the chances for inferences of unintentional and sensitive information such as passwords typed on a physical keyboard. We take a thorough look at the potential of using electromyographic (EMG) data, a sensor modality which is new to the market but has lately gained attention in the context of wearables for augmented reality (AR), for a keylogging side-channel attack. Our approach is based on neural networks for a between-subject attack in a realistic scenario using the Myo Armband to collect the sensor data. In our approach, the EMG data has proven to be the most prominent source of information compared to the accelerometer and gyroscope, increasing the keystroke detection performance. For our end-to-end approach on raw data, we report a mean balanced accuracy of about 76 % for the keystroke detection and a mean top-3 key accuracy of about 32 % on 52 classes for the key identification on passwords of varying strengths. We have created an extensive dataset including more than 310 000 keystrokes recorded from 37 volunteers, which is available as open access along with the source code used to create the given results.

Status: Postprint
URN: urn:nbn:de:tuda-tuprints-206608
Additional Information:

Keywords: Keylogging, Keystroke Inference, Side-channel Attacks, Privacy, Electromyography, EMG, Wearables, Deep Learning, Time Series Classification

Classification DDC: 000 Generalities, computers, information > 004 Computer science
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Sichere Mobile Netze
DFG-Graduiertenkollegs
DFG-Graduiertenkollegs > Research Training Group 2050 Privacy and Trust for Mobile Users
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy
Zentrale Einrichtungen
Zentrale Einrichtungen > University IT-Service and Computing Centre (HRZ)
Zentrale Einrichtungen > University IT-Service and Computing Centre (HRZ) > Hochleistungsrechner
Date Deposited: 18 Feb 2022 13:06
Last Modified: 21 Feb 2022 11:21
PPN:
Export:
Suche nach Titel in: TUfind oder in Google

Available Versions of this Item

Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details