AcuTherm: A Hybrid Attack on Password Entry Based on Both Acoustic and Thermal Side-Channels

Presented at Black Hat Asia 2019, March 29, 2019, 3:30 p.m. (30 minutes)

Despite predictions of their demise and calls for their deprecation, passwords remain the most popular form of user authentication. Traditional password vulnerabilities stem from their storage and/or low entropy. However, in light of increasing insider threats, attacks on password entry have become quite realistic. Although obvious attacks, such as shoulder-surfing, can be addressed, subtler side channel-based attacks are much harder to mitigate. A recent class of opportunistic password attacks (called Thermanator) is based on the thermal side-channel, targeting password entry on commodity plastic keyboards. A successful attack requires the victim to step away from the keyboard relatively soon after password entry, allowing the attacker to snap a photo of the keyboard using an inexpensive thermal camera. Results show that a full set of password key-presses can be recovered up to 30 seconds after entry, and a large subset thereof can be recovered up to a minute later. Nonetheless, Thermanator attacks do not yield ordering of key-presses or expose repeated keys. This limits attack practicality, due to potentially large password search space. (Un)fortunately, there are multiple side-channels during password entry. In particular, the acoustic side-channel (i.e., keyboard acoustic emanations) has been studied extensively and is fairly effective. However, it usually requires a lengthy victim-specific learning/training phase. In this talk, we introduce a new class of hybrid AcuTherm attacks that combine respective powers (and advantages) of thermal and acoustic side-channels. To the best of our knowledge, AcuTherm is the first hybrid side-channel attack to be systematically investigated. Our experiments included over 20 subjects using 3 common keyboards and many representative passwords. Results clearly show that AcuTherm substantially improves accuracy of combined side-channels in determining key ordering and duplicate pressed keys. This significantly reduces password search space *without* requiring acoustic models of the victim's typing.

Presenters:

• Pier Paolo Tricomi - Master's Student in Computer Science, University of Padua
  Pier Paolo is a Master's Student in Computer Science at the University of Padova, Italy. His research interests include Security and Privacy, and he recently was a visitor researcher at UC, Irvine.
• Tyler Kaczmarek - PhD Student in Computer Science, University of California Irvine
  Tyler is a fifth-year Ph.D student at the University of California, Irvine working in applied cryptography under Gene Tsudik. His current research deals with Usable Security, particularly the prevalence of user errors in the presence of adversarial noise across multiple sensory inputs. He is also developing a technique for passive deauthentication based on biometric data. In the long term, he is interested in the development and evaluation of usable security protocols for Internet of Things (IoT) devices. In the past he has worked on the development and deployment of an accessible, coercion resistant voting machine.
• Gene Tsudik - Chancellor's Professor of Computer Science, University of California Irvine
  Gene Tsudik is a Chancellor's Professor of Computer Science at the University of California, Irvine (UCI). He obtained his PhD in Computer Science from USC in 1991. Before coming to UCI in 2000, he was at IBM Zurich Research Laboratory (1991-1996) and USC/ISI (1996-2000). His research interests include many topics in security, privacy and applied cryptography. Gene Tsudik is a Fulbright Scholar, Fulbright Specialist (twice), a fellow of ACM, a fellow of IEEE, a fellow of AAAS, and a foreign member of Academia Europaea. From 2009 to 2015 he served as Editor-in-Chief of ACM Transactions on Information and Systems Security (TISSEC, renamed to TOPS in 2016). Gene was the recipient of 2017 ACM SIGSAC Outstanding Contribution Award. He is also the author of the first crypto-poem published as a refereed paper. He suffers from two incurable academic diseases: "Research ADHD" and "Munchausen-without-Proxy".
• Ercan Ozturk - PhD Student in Computer Science, University of California Irvine
  Ercan is a 3rd year PhD Student in Computer Science at University of California and his research interests include Applied Cryptography, Computer & Network Security and Privacy. He previously interned at Yahoo (2017), Comodo (2015) and NUI Galway (2014) and worked in Data Mining (2015) and Big Data (2016) labs at TOBB ETU and PEL (2014) at NUI Galway. He is currently interning at Google (2018).

Links:

• https://www.blackhat.com/asia-19/briefings/schedule/#acutherm-a-hybrid-attack-on-password-entry-based-on-both-acoustic-and-thermal-side-channels-13927

Similar Presentations:

• CackalackyCon 2 (2023) / Password Attacks 101: Exploiting Human Weaknesses
• Black Hat Europe 2014 / Session Identifier are for Now, Passwords are Forever - XSS-Based Abuse of Browser Password Managers
• Black Hat Europe 2018 / Thermanator and the Thermal Residue Attack