mole motion leaks through smartwatch sensors
play

MoLe: Motion Leaks through Smartwatch Sensors Yi Mao, Ruoxi Li - PowerPoint PPT Presentation

Aug 07, 2023 •349 likes •687 views

MoLe: Motion Leaks through Smartwatch Sensors Yi Mao, Ruoxi Li Introduction Question: can we mine accelerometer and gyroscope data from smart watches to infer what words a user is typing? Introduction - Challenges Absence of data from the

  1. MoLe: Motion Leaks through Smartwatch Sensors Yi Mao, Ruoxi Li

  2. Introduction Question: can we mine accelerometer and gyroscope data from smart watches to infer what words a user is typing?

  3. Introduction - Challenges ● Absence of data from the right hand (which is not wearing the watch) ● Issue of inferring which finger executed the key-press ● For a given watch position, a shortlist of keys could have been pressed ● Different users’ habits and keyboard devices

  4. Introduction - Opportunities ● the watch motion is mostly confined to the 2D keyboard plane ● The orientation of the watch is relatively uniform across various users ● knowing spelling priors from English dictionary further helps in developing Bayesian decisions.

  5. Introduction - Work Motion Leaks (MoLe) ● Device: Samsung Gear Live smartwatch ● Input: ○ 2 authors (attacker) - each typed 500 words for training ○ 8 volunteers (attackee) - each typed 300 words for testing ● Output: K words (ranked in decreasing probability) short-list for each word

  6. Introduction - Contributions ● Identifying the possibility of leakage - required building blocks ○ key-press detection ○ hand-motion tracking ○ cross-user data matching ○ Bayesian inference ● Developing the system on Samsung Gear Live ○ experimenting with real users ○ reasonable accuracy ○ Sense of alarm

  7. A first look at smart watch data

  8. A first look at smart watch data

  9. A first look at smart watch data

  10. System Overview

  11. System Overview

  12. System Overview - Assumptions ● The evaluation is performed in a controlled environment where volunteers type one word at a time (as opposed to free-flowing sentences). ● We assume valid English words – passwords that contain interspersed digits, or non-English character-sequences, are not decodable as of now. ● We have used the same Samsung smart watch model for both the attacker and the user – in reality the attacker can generate the CPC for different watch models and use the appropriate one based on the user’s model. ● We assume the user is seasoned in typing in that he/she roughly uses the appropriate fingers – novice typists who do not abide by basic typing rules may not be subject to our proposed attacks.

  13. Keystroke Detector - Keypress timing ● Intuition - key presses is rooted in the hand’s motion in the vertical direction ○ Peak motion in Z axis of the watch ● False positive - peaks caused by hand movement during transition ● False negative - subtle motion for typing keys like “asdf”

  14. Keystroke Detector - Keypress timing ● Simple peak detection + bagged decision trees ○ low threshold for peak detection ○ features for distinguishing keystrokes among peaks: the width, height, prominence of the Z axis peak; the mean, variance, max, min, skewness, kurtosis for each of the 3-axis displacement, velocity, acceleration, gyroscope rotation; the magnitude of acceleration/gyroscope; the correlation of each pair between acceleration, gyroscope vectors

  15. Keystroke Detector - Keypress timing

  16. Keystroke Detector - Keypress Location Estimation ● Mole requires high accuracy, but native Android API is inadequate

  17. Keystroke Detector - Keypress Location Estimation ● Find gravity to define an absolute coordinate system. ○ gravity’s direction can be determined before typing ○ absolute horizontal plane is orthogonal to gravity ○ convert watch’s x-axis to absolute x-axis by projection, y-axis is then computed from cross product of x-axis and z-axis (gravity) ● Estimate and remove gravity. ○ Use gyroscope to estimate variation in gravity g(t) ○ arg(t) = a(t) - g(t) (in watch’s coordinate system)

  18. Keystroke Detector - Keypress Location Estimation ● Estimate C(t) and calculate projected acceleration. ○ integrate arg(t) directly doesn’t make sense, as watch rotates overtime ○ project arg(t) to absolute coordinate system, then double integrate ● Calibrate by mean removal (speed and displacement). ○ errors accumulate when double integration ○ when watch stops, v(T) = 0 and s(T) = 0 ● Kalman smoothing. ○ gravity estimation is not reliable, i.e. has an error g’ e (t) ○ think arg’(t) (measured) = g’ e (t) + noise (true arg(t)) ○ Compute g’ e (t) with Kalman smoothing ○ arg(t) = arg’(t) - g’ e (t)

  19. Keystroke Detector - Keypress Location Estimation

  20. Point Cloud Fitting ● relative motions (relative locations of the point clouds) between keys should bear similarity across all users. ● the fitting parameters for up and down hand displacements can be different, therefore, 2 convex hulls for positive and negative displacement respectively

  21. Bayesian Inference ● W is a candidate word from the dictionary and O is the observation motion data ● P ( W | O ) is the posterior probability of the word given the observed motion data ● P ( O | W ) is the likelihood function that estimates the probability of the word W based on the observed motion data ● P ( W ) is the prior probability which captures the word’s occurrence frequency ● P ( O ) is the probability of the observation

  22. Bayesian Inference - Number of Keystrokes ● N is the number of keystroke ● (α1,...,α N ) represents one possible N -element subset of {1, 2, ..., L } (L is the word length) ● P (( c α1 ,..., c α N ) | W ) is the probability that N keystrokes are generated by c α1 , ..., c α N .

  23. Bayesian Inference - Watch Displacement p ( di | c α i ) is probability density of di given character c α i .

  24. Bayesian Inference - Character Transitions

  25. Bayesian Inference - Keystroke Interval t h a n k s (characters Stroke by left hand)

  26. Performance - How good is MoLe ? The median rank of a word is 24 While for 30 percentile, the rank is 5.

  27. Performance - How good is MoLe ? With perfect keystroke detection data, rank drops sharply

  28. Performance - What affects the rank

  29. Performance - Impact of each Bayesian opportunity

  30. Performance - Impact of sampling rate

  31. Conclusion - Contribution / Impact ● Identifying the possibility of leakage - required building blocks ○ key-press detection ○ hand-motion tracking ○ cross-user data matching ○ Bayesian inference ● Developing the system on Samsung Gear Live ○ experimenting with real users ○ reasonable accuracy ○ Sense of alarm

  32. Conclusion - Limitation / future work ● Keyboard variant ● Confined to separate words ● inability to infer nonvalid English words, e.g. passwords ● Applying NLP/ human observation ● Typing activity classifier

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

TwistIn: Tangible Authentication of Smart Devices via Motion Co-analysis with a Smartwatch Ho Ho

TwistIn: Tangible Authentication of Smart Devices via Motion Co-analysis with a Smartwatch Ho Ho

TwistIn: Tangible Authentication of Smart Devices via Motion Co-analysis with a Smartwatch Ho Ho Man Col Colman Leu Leung, Chi Wing Fu, Pheng Ann Heng The Chinese University of Hong Kong, Hong Kong Shenzhen Key Laboratory of Virtual Reality

910 views • 15 slides
a POSITION AND MOTION SENSORS I Linear Position: Linear Variable Differential Transformers (LVDT)

a POSITION AND MOTION SENSORS I Linear Position: Linear Variable Differential Transformers (LVDT)

PRACTICAL DESIGN TECHNIQUES FOR SENSOR SIGNAL CONDITIONING 1 Introduction 2 Bridge Circuits 3 Amplifiers for Signal Conditioning 4 Strain, Force, Pressure, and Flow Measurements 5 High Impedance Sensors I 6 Position and Motion Sensors 7

362 views • 24 slides
The Mole, and Percent Composition by Mass 1. A mole is a certain

The Mole, and Percent Composition by Mass 1. A mole is a certain

The Mole, and Percent Composition by Mass 1. A mole is a certain ______________________________________________ You could have a mole of ________________________________________________________ 2. A mole is ________________ of something. Which

529 views • 13 slides
IC OFF THE RECORD: Direct access to leaked information related to the surveillance activities of

IC OFF THE RECORD: Direct access to leaked information related to the surveillance activities of

NSA PRISM Slides - IC OFF THE RECORD 11.06.18 14:18 2013 LEAKS 2014 LEAKS 2015 LEAKS 2016 LEAKS 2017 LEAKS 2018 LEAKS IC OFF THE RECORD: Direct access to leaked information related to the

480 views • 18 slides
a HIGH IMPEDANCE SENSORS I Photodiode Preamplifiers I Piezoelectric Sensors N Accelerometers N

a HIGH IMPEDANCE SENSORS I Photodiode Preamplifiers I Piezoelectric Sensors N Accelerometers N

PRACTICAL DESIGN TECHNIQUES FOR SENSOR SIGNAL CONDITIONING 1 Introduction 2 Bridge Circuits 3 Amplifiers for Signal Conditioning 4 Strain, Force, Pressure, and Flow Measurements I 5 High Impedance Sensors 6 Position and Motion Sensors 7

773 views • 43 slides
Pebble INTRODUCTION AND HANDS-ON Introduction to the Pebble smartwatch. Installation of the SDK

Pebble INTRODUCTION AND HANDS-ON Introduction to the Pebble smartwatch. Installation of the SDK

Pebble INTRODUCTION AND HANDS-ON Introduction to the Pebble smartwatch. Installation of the SDK and base operations with Python. Im the Pebble A smartwatch http://getpebble.com Project funded on Kickstarter, initially on May,

443 views • 18 slides
CS371m - Mobile Computing Sensing and Sensors Sensors "I should have paid more attention

CS371m - Mobile Computing Sensing and Sensors Sensors "I should have paid more attention

CS371m - Mobile Computing Sensing and Sensors Sensors "I should have paid more attention in Physics 41" Most devices have built in sensors to measure and monitor motion orientation (aka position of device)

821 views • 65 slides
CS378 - Mobile Computing Sensing and Sensors Sensors "I should have paid more attention

CS378 - Mobile Computing Sensing and Sensors Sensors "I should have paid more attention

CS378 - Mobile Computing Sensing and Sensors Sensors "I should have paid more attention in Physics 51" Most devices have built in sensors to measure and monitor motion orientation (aka position) environmental

605 views • 26 slides
Slide 1 / 29 Slide 2 / 29 The Mole Unit 3 - Presentation A Recall that 1 mole is defined as

Slide 1 / 29 Slide 2 / 29 The Mole Unit 3 - Presentation A Recall that 1 mole is defined as

Slide 1 / 29 Slide 2 / 29 The Mole Unit 3 - Presentation A Recall that 1 mole is defined as 6.022 x 10 23 units of a given substance. The Mole, Empirical, and Molecular Formulas 1 mol of electrons = 6.022 x 10 23 electrons 1 mol of H 2 O

307 views • 7 slides
a RESISTANCE OF POPULAR SENSORS 120 , 350 , 3500 I Strain Gages 350

a RESISTANCE OF POPULAR SENSORS 120 , 350 , 3500 I Strain Gages 350

PRACTICAL DESIGN TECHNIQUES FOR SENSOR SIGNAL CONDITIONING 1 Introduction I 2 Bridge Circuits 3 Amplifiers for Signal Conditioning 4 Strain, Force, Pressure, and Flow Measurements 5 High Impedance Sensors 6 Position and Motion Sensors 7

221 views • 21 slides
a APPLICATIONS OF TEMPERATURE SENSORS I Monitoring N Portable Equipment N CPU Temperature N

a APPLICATIONS OF TEMPERATURE SENSORS I Monitoring N Portable Equipment N CPU Temperature N

PRACTICAL DESIGN TECHNIQUES FOR SENSOR SIGNAL CONDITIONING 1 Introduction 2 Bridge Circuits 3 Amplifiers for Signal Conditioning 4 Strain, Force, Pressure, and Flow Measurements 5 High Impedance Sensors 6 Position and Motion Sensors I 7

674 views • 43 slides
Hydatidiform Mole Hydatidiform Mole An abnormal placenta with Charles Zaloudek, MD variable

Hydatidiform Mole Hydatidiform Mole An abnormal placenta with Charles Zaloudek, MD variable

5/22/2014 Contemporary Diagnosis of Hydatidiform Mole Hydatidiform Mole An abnormal placenta with Charles Zaloudek, MD variable degrees of trophoblastic Nancy Joseph, MD, PhD hyperplasia and villous hydrops. Department of Pathology WHO,

298 views • 19 slides
a SENSOR OVERVIEW I Sensors: Convert a Signal or Stimulus (Representing a Physical Property)

a SENSOR OVERVIEW I Sensors: Convert a Signal or Stimulus (Representing a Physical Property)

PRACTICAL DESIGN TECHNIQUES FOR SENSOR SIGNAL CONDITIONING I 1 Introduction 2 Bridge Circuits 3 Amplifiers for Signal Conditioning 4 Strain, Force, Pressure, and Flow Measurements 5 High Impedance Sensors 6 Position and Motion Sensors 7

356 views • 7 slides
Our Product Range Color Sensors Luminescence Sensors Contrast Sensors Opacity

Our Product Range Color Sensors Luminescence Sensors Contrast Sensors Opacity

EMX Industries Inc . Application Driven Sensors Our Product Range Color Sensors Luminescence Sensors Contrast Sensors Opacity Sensors Brightness Sensors Special Sensors Bluetooth Switch The Facts Fastest Speed

309 views • 10 slides
Et Tu Alexa? When Commodity WiFi Devices Turn into Adversarial Motion Sensors Yanzi Zhu * ,

Et Tu Alexa? When Commodity WiFi Devices Turn into Adversarial Motion Sensors Yanzi Zhu * ,

Et Tu Alexa? When Commodity WiFi Devices Turn into Adversarial Motion Sensors Yanzi Zhu * , Zhujun Xiao , Yuxin Chen, Zhijing Li * , Max Liu, Ben Y. Zhao, Heather Zheng University of Chicago, *UC Santa Barbara 1 Smart Devices are Everywhere

380 views • 19 slides
Artificial motion data for navigation sensors of a submarine running in periscope depth below wave

Artificial motion data for navigation sensors of a submarine running in periscope depth below wave

Artificial motion data for navigation sensors of a submarine running in periscope depth below wave surface 2018.06.28. Hyeon Kyu Yoon, Young-Ho Park, Juwon Seo (CWNU) Youngbum Park, Chanju Park (ADD) Artificial motion data of submarine in wave

863 views • 21 slides
1 CH 4 + H 2 O 3H 2 + CO If you have 32 g CH 4 and 32 g H 2 O, which is limiting? Two types of

1 CH 4 + H 2 O 3H 2 + CO If you have 32 g CH 4 and 32 g H 2 O, which is limiting? Two types of

Unbalanced equation sample + Reactant A Reactant B Product C Balanced equation = A + B C 2 sample 3 x C Excess Are any reactants leftover ? 1 x B reactant How many molecules of product can be formed Which reactant

524 views • 3 slides
Chemistry 120 Fall 2016 Instructor: Dr. Upali Siriwardane e-mail: upali@latech.edu Office: CTH

Chemistry 120 Fall 2016 Instructor: Dr. Upali Siriwardane e-mail: upali@latech.edu Office: CTH

Chemistry 120 Fall 2016 Instructor: Dr. Upali Siriwardane e-mail: upali@latech.edu Office: CTH 311 Phone 257-4941 Office Hours: M,W,F 9:30-11:30 am T,R 8:00-10:00 am or by appointment; Test Dates : September 23 , 2016 (Test 1): Chapter

667 views • 37 slides
Fractional Replication of The 2 k Design Experiments with many factors involve a large number of

Fractional Replication of The 2 k Design Experiments with many factors involve a large number of

ST 435/535 Statistical Methods for Quality and Productivity Improvement / Statistical Process Control Fractional Replication of The 2 k Design Experiments with many factors involve a large number of possible treatments, even when all factors are

534 views • 17 slides
Studies of EMCal block densities & dimensions Anabel Hernandez, Caroline Riedl, Tim Rinn, Anne

Studies of EMCal block densities & dimensions Anabel Hernandez, Caroline Riedl, Tim Rinn, Anne

Studies of EMCal block densities & dimensions Anabel Hernandez, Caroline Riedl, Tim Rinn, Anne Sickles, Eric Thorsland, Xiaoning Wang, and Adam Wehe (UIUC) May 8, 2019 - August 2018 drop in density - Correlations? - Block

307 views • 10 slides
Physics 115 General Physics II Session 9 Molecular motion and temperature Phase equilibrium,

Physics 115 General Physics II Session 9 Molecular motion and temperature Phase equilibrium,

Physics 115 General Physics II Session 9 Molecular motion and temperature Phase equilibrium, evaporation R. J. Wilkes Email: phy115a@u.washington.edu Home page: http://courses.washington.edu/phy115a/ 4/14/14 Physics 115 1 Lecture

195 views • 15 slides
The presenters have no conflicts of interest to disclose Gestational Trophoblastic Disease

The presenters have no conflicts of interest to disclose Gestational Trophoblastic Disease

4/25/2014 Contemporary Diagnosis of Hydatidiform Mole Charles Zaloudek, MD Nancy Joseph, MD, PhD Department of Pathology University of California San Francisco The presenters have no conflicts of interest to disclose Gestational

497 views • 25 slides
Unit1Day5-VandenBout Tuesday, September 10, 2013 3:15 PM Vanden Bout/LaBrake/Crawford CH301

Unit1Day5-VandenBout Tuesday, September 10, 2013 3:15 PM Vanden Bout/LaBrake/Crawford CH301

Unit1Day5-VandenBout Tuesday, September 10, 2013 3:15 PM Vanden Bout/LaBrake/Crawford CH301 LIMITS OF THE LAW MIXTURES Day 5 CH301 Vanden Bout/LaBrake Fall 2013 Important Information LM 10 & 11 POSTED DUE Tue 9AM HW 3 POSTED

692 views • 16 slides
Chemical Thermodynamics Examples Consider a simple gas phase equilibrium N 2 O 4 2 NO 2

Chemical Thermodynamics Examples Consider a simple gas phase equilibrium N 2 O 4 2 NO 2

Chemical Thermodynamics Examples Consider a simple gas phase equilibrium N 2 O 4 2 NO 2 What is K p at equilibrium assuming that the gases are ideal and T = 298K? Chemical Thermodynamics CEM 484 2 Examples Consider a simple gas

263 views • 7 slides

More recommend