Show simple item record

dc.contributor.authorSimon, Laurenten
dc.contributor.authorXu, Wenduanen
dc.contributor.authorAnderson, Rossen
dc.date.accessioned2016-03-10T09:33:50Z
dc.date.available2016-03-10T09:33:50Z
dc.identifier.citationSimon et al. Proceedings on Privacy Enhancing Technologies (2016)en
dc.identifier.issn2299-0984
dc.identifier.urihttps://www.repository.cam.ac.uk/handle/1810/254306
dc.description.abstractWe present a new side-channel attack against soft keyboards that support gesture typing on Android smartphones. An application without any special permissions can observe the number and timing of the screen hardware interrupts and system-wide software interrupts generated during user input, and analyze this information to make inferences about the text being entered by the user. System-wide information is usually considered less sensitive than app-specific information, but we provide concrete evidence that this may be mistaken. Our attack applies to all Android versions, including Android M where the SELinux policy is tightened. We present a novel application of a recurrent neural network as our classifier to infer text. We evaluate our attack against the “Google Keyboard” on Nexus 5 phones and use a real-world chat corpus in all our experiments. Our evaluation considers two scenarios. First, we demonstrate that we can correctly detect a set of pre-defined “sentences of interest” (with at least 6 words) with 70% recall and 60% precision. Second, we identify the authors of a set of anonymous messages posted on a messaging board. We find that even if the messages contain the same number of words, we correctly re-identify the author more than 97% of the time for a set of up to 35 sentences. Our study demonstrates a new way in which system-wide resources can be a threat to user privacy. We investigate the effect of rate limiting as a countermeasure but find that determining a proper rate is error-prone and fails in subtle cases. We conclude that real-time interrupt information should be made inaccessible, perhaps via a tighter SELinux policy in the next Android version.
dc.language.isoenen
dc.rightsAttribution-NonCommercial-NoDerivatives 4.0 International*
dc.rights.urihttps://creativecommons.org/licenses/by-nc-nd/4.0/*
dc.titleDon’t Interrupt Me While I Type: Inferring Text Entered Through Gesture Typing on Android Keyboardsen
dc.typeArticle
prism.issueIdentifier3en
prism.publicationNameProceedings on Privacy Enhancing Technologiesen
prism.volume2016en
dcterms.dateAccepted2016-03-01en
rioxxterms.versionofrecord10.1515/popets-2016-0020en
rioxxterms.licenseref.urihttp://www.rioxx.net/licenses/all-rights-reserveden
rioxxterms.licenseref.startdate2016-03-01en
dc.contributor.orcidAnderson, Ross [0000-0001-8697-5682]
dc.identifier.eissn2299-0984
rioxxterms.typeJournal Article/Reviewen
cam.issuedOnline2016-05-06en


Files in this item

Thumbnail
Thumbnail

This item appears in the following Collection(s)

Show simple item record

Attribution-NonCommercial-NoDerivatives 4.0 International
Except where otherwise noted, this item's licence is described as Attribution-NonCommercial-NoDerivatives 4.0 International