Keyboard Acoustic Emanations Attack : An Empirical study

Sammanfattning: The sounds produced from the keystrokes when a user types on the keyboard are called keyboard acoustic emanations. These sounds can be recorded with a microphone and stored as a file on the computer. Different techniques can be used to retrieve each keystroke. In this way sensitive information, such as passwords used to unlock the system or enter various protected cyber spaces can be collected and misused. This study investigates the seriousness of the keyboard acoustic emanations attack and possible threats from this type of eavesdropping. The aim of the research is to show this type of attack can be performed using simple equipment and easy to use signal processing techniques and to suggest protective measures against the threat from the attack. We use empirical methodology and perform experiments under different scenarios. Unlike the previous research, the experiments are performed in a moderately noisy environment. Our attack includes two phases, training and recognition phase. The structure of the attack is created considering views of previous research and having in mind the aim of the study. Six scenarios are created based on how the characteristics of the waveforms are presented and what types of techniques are used at the recognition phase. A separate procedure for identifying which scenario produces the highest recognition rate is designed. The results show that the waveform of the acoustic signal in presence of noise has similar shape as in silent environment and that an attacker can easily perform our experiment with keyboard acoustic emanations attack. We achieved 60% recognition rate that can be considered as satisfactory. The experiment is compared with similar ones from the previous research. Easy computation, analysis and simplicity are the advantages of our approach. At the end of the thesis we suggest preventive measures for mitigating the attack.