Research On Side Channel Attack And Defense Technology For Keystrokes

Recent years,more and more information security researchers have been attracted by side channel attack,because of its undetectable characteristics.Among all the researches,side channel security for keystroke is one of the most popular one and a variety of side channel attack schemes for keystroke emerge quickly these years.However,most attacks only concentrate on the precision of content identification but ignore the actual application scenarios.For attackers,they are usually hard to install eavesdropping equipment on multi directions,know the locations of keyboards in advance or even get the keystroke data from users for model training.As a result these attacks are not as dangerous as expected.In order to explore side channel attacks which are dangerous in realistic scenarios,this thesis proposes a side channel attack scheme using audio emanation for content identification.It has wider application scenarios as it can be implemented by only one mobile phone,and it dose not need to collect prior knowledge of the user.Firstly,the attack locates the time point of key press and release,and then this thesis proposes a constraint generation method based on TDOA(Time Difference of Arrival)algorithm.Secondly this thesis further deals with the constraints through the correlation analysis of the audio and adds the constraint “NONE” to the constraint list,which is verified can significantly improve the stability of recognition results under different constraint combinations.Next this thesis uses the processed dictionary to recover the keystroke content.In the word list with an average number of 4000 words,we find a success rate of45.2% of the words in the top50 candidate identified by the attack,and 46.3% of words with length more than 10 in the top25 candidate.Finally,this thesis evaluates the experiment result in different words and summarizes three crucial factors in the success of this attack.In addition,as side channel attack schemes for keystroke are constantly updated,the security protection research also needs to keep up with the times.In order to effectively defend side channel attacks using audio emanation,this thesis analyzes the attack scenarios and summarizes the main ideas for side channel information protection.And then,we propose a side channel protect method based on noise injection from the perspective of influencing keystroke point location by playing the actual keystroke audio when using keyboard.It is experimentally verified that the method can effectively defend against audio-based side channel attacks.