Don’t Interrupt Me While I Type: Inferring Text Entered Through Gesture Typing on Android Keyboards

Simon, Laurent; Xu, Wenduan; Anderson, Ross

doi:10.1515/popets-2016-0020

Cited by 28 publications

(16 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Researchers in [23] evaluate the use of screen interrupts (context-switches) that occur within the Android OS during gesture typing. They find that pauses in typing gestures can be identified via the interrupt frequency.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A novel word-independent gesture-typing continuous authentication scheme for mobile devices

Smith-Creasey

Rajarajan

2019

Computers & Security

View full text Add to dashboard Cite

In this study we produce a new continuous authentication scheme for gesture-typing on mobile devices. Our scheme is the first scheme that authenticates gesture-typing interactions in a word-agnostic format. The scheme relies on groupings of features extracted from the word gesture after it has been reduced to parts common to all gestures. We show that movement sensors are also important in differentiating between users. We describe the feature extraction processes and analyse our proposed feature set. The unique process of our authentication scheme is presented and described. We collect our own gesture typing dataset including data collected during sitting, standing and walking activities for realism. We test our features against state-of-the-art touch-screen interaction features and compare feature extraction times on real mobile devices. Our scheme authenticates users with an equal error rate of 3.58% for a single word-gesture. The equal error rate is reduced to 0.81% when 3 word-gestures are used to authenticate.

show abstract

Section: Related Workmentioning

confidence: 99%

“…: by requiring the scheme to be trained on a word before it can be authenticated [5]. In [23] the authors investigate gesture-typing but focus on word identification rather than providing an authentication scheme.…”

Section: Introductionmentioning

confidence: 99%

A novel word-independent gesture-typing continuous authentication scheme for mobile devices

Smith-Creasey

Rajarajan

2019

Computers & Security

View full text Add to dashboard Cite

show abstract

“…Likewise, with the rapid advancements in mobile technology, researchers have been able to demonstrate even more sophisticated SCAs compromising smartphones (Spreitzer et al, 2016;Song et al, 2016;Sarwar et al, 2013;Owusu et al, 2012;Lange et al, 2011). For instance, new attacks (Simon et al, 2016;Aviv et al, 2012;Xu et al, 2012;Cai and Chen, 2011) enable adversaries to deduce keyboard input on touchscreens through "sensor readings from native apps" (Spreitzer et al, 2016;Kambourakis et al, 2016;Aviv et al, 2012). Because typing on various places on the screen creates different vibrations, data from Motion (Cai and Chen, 2011), a SCA on touch screen smartphones with soft keyboards data, can be employed by an attacker to deduce the keys being typed.…”

Section: Background and Related Workmentioning

confidence: 99%

Countermeasures for timing-based side-channel attacks against shared, modern computing hardware

Montasari

Hill

Hosseinian-Far

et al. 2019

IJESDF

View full text Add to dashboard Cite

There are several vulnerabilities in computing systems hardware that can be exploited by attackers to carry out devastating Microarchitectural Timing-Based Side-Channel Attacks against these systems and as a result compromise the security of the users of such systems. By exploiting Microarchitectural resources, adversaries can potentially launch different variants of Timing Attacks, for instance, to leak sensitive information through timing. In view of these security threats against computing hardware, in a recent study, titled "Are Timing-Based Side-Channel Attacks Feasible in Shared, Modern Computing Hardware?", currently undergoing the review process, we presented and analysed several such attacks. This extended study proceeds to build upon our recent study in question. To this end, we analyse the existing countermeasures against Timing Attacks and propose new strategies in dealing with such attacks.

show abstract

“…These timings show characteristic patterns of the user, which depend on several factors such as keystroke sequences on the level of single letters, bigrams, syllables or words as well as keyboard layout and typing experience [37]. Existing attacks train probabilistic classifiers like hidden Markov models or neural networks to infer known words or to reduce the password-guessing complexity [42,43,53].…”

Section: Keystroke Timing Attacksmentioning

confidence: 99%

KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks

Schwarz¹,

Lipp²,

Gruss³

et al. 2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Besides cryptographic secrets, side-channel attacks also leak sensitive user input. The most accurate attacks exploit cache timings or interrupt information to monitor keystroke timings and subsequently infer typed words and sentences. Previously proposed countermeasures fail to prevent keystroke timing attacks as they do not protect keystroke processing among the entire software stack.We close this gap with KeyDrown, a new defense mechanism against keystroke timing attacks. KeyDrown injects a large number of fake keystrokes in the kernel to prevent interrupt-based attacks and Prime+Probe attacks on the kernel. All keystrokes, including fake keystrokes, are carefully propagated through the shared library in order to hide any cache activity and thus to prevent Flush+Reload attacks. Finally, we provide additional protection against Prime+ Probe for password input in user space programs. We show that attackers cannot distinguish fake keystrokes from real keystrokes anymore and we evaluate KeyDrown on a commodity notebook as well as on two Android smartphones. We show that KeyDrown eliminates any advantage an attacker can gain from using interrupt or cache side-channel information. CCS CONCEPTS• Security and privacy → Side-channel analysis and countermeasures; Systems security; Operating systems security; ACM Reference format: pages. https://doi.org/XX.XXX/XXX_X INTRODUCTIONModern computer systems leak sensitive user information through side channels. Among software-based side channels, information can leak, for example, from the system or from microarchitectural components such as the CPU cache [12] or the DRAM [36]. Historically, side-channel attacks have exploited these information leaks to infer cryptographic secrets [4,25,34,51], whereas more recent attacks even target keystroke timings and sensitive user input directly [15,33,36]. -print, arXiv, 2017 M. Schwarz et al. Pre

show abstract

Don’t Interrupt Me While I Type: Inferring Text Entered Through Gesture Typing on Android Keyboards

Cited by 28 publications

References 31 publications

A novel word-independent gesture-typing continuous authentication scheme for mobile devices

A novel word-independent gesture-typing continuous authentication scheme for mobile devices

Countermeasures for timing-based side-channel attacks against shared, modern computing hardware

KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks

Contact Info

Product

Resources

About