S i d e C h a n n e l s John Vinnie Monaco / U.S. Army - - PowerPoint PPT Presentation

▶

May 27, 2023 202 likes •335 views

SoK: Keylogging S i d e C h a n n e l s John Vinnie Monaco / U.S. Army Research Laboratory Whats in a keystroke? User Keyboard Host Network + Hand moton + Matrix scan + USB polling + Transmission + Key travel + Debouncing +

SLIDE 1

SoK: Keylogging

John “Vinnie” Monaco / U.S. Army Research Laboratory

S i d e C h a n n e l s

SLIDE 2

What’s in a keystroke?

+ Hand moton + Key travel User Keyboard Host Network + Matrix scan + Debouncing + Encoding + USB polling + Process scheduling + Transmission + Routng

SLIDE 3

Keylogging metrics

Detection
Establish the presence/absence of a keystroke
Precision/recall, ROC analysis
Identification
Determine which keyboard key was pressed
Information gain, classification accuracy

SLIDE 4

Early attacks

1984 Project GUNMAN 1943 TEMPEST

SLIDE 5

Can you find all the side channels?

SLIDE 6

Attack taxonomy

Target/ Modality Proximity Typing speed Training Channel type

Close Far Acoustc Electromagnetc CPU Cache Spatal Temporal None Between-subject Within-subject Fast Slow

Atuack

SLIDE 7

Spatial side channels

First order

Key locatoon

Second order

Key dintaocen

SLIDE 8

Temporal side channels

Inter-key distance Key-press latency User A User B

SLIDE 9

The “side channel menagerie”

Resilient

Info gain (bits)

Vulnerable

A phenomenon reminiscent of the biometric menagerie

SLIDE 10

Homogeneity as an indicator for side channel attack severity

Very similar High risk Somewhat similar Medium risk

SLIDE 11

Linking two fields

Biometrics Side channels

Identity/action information

Heterogeneity

Homogeneity

“Langlands program”

SLIDE 12

Summary/prediction

75 years of keylogging side channels
Behavior heterogeneity vs homogeneity
Temporal attacks will improve

Contact: www.vmonaco.com