To date, there has been no systematic investigation of thermal profiles of keyboards, and thus no efforts have been made to secure them. This serves as our main motivation for constructing a means for password harvesting from keyboard thermal emanations. Specifically, we introduce Thermanator: a new post-factum insider attack based on heat transfer caused by a user typing a password on a typical external (plastic) keyboard. We conduct and describe a user study that collected thermal residues from 30 users entering 10 unique passwords (both weak and strong) on 4 popular commodity keyboards. Results show that entire sets of key-presses can be recovered by non-expert users as late as 30 seconds after initial password entry, while partial sets can be recovered as late as 1 minute after entry. However, the thermal residue side-channel lacks information about password length, duplicate key-presses, and key-press ordering. To overcome these limitations, we leverage keyboard acoustic emanations and combine the two to yield AcuTherm, the first hybrid side-channel attack on keyboards. AcuTherm significantly reduces password search without the need for any training on the victim's typing. We report results gathered for many representative passwords based on a user study involving 19 subjects. The takeaway of this work is three-fold: (1) using plastic keyboards to enter secrets (such as passwords and PINs) is even less secure than previously recognized, (2) post-factum thermal imaging attacks are realistic, and (3) hybrid (multiple side-channel) attacks are both realistic and effective.
翻译:迄今为止,尚未对键盘的热剖面进行系统的调查,因此没有努力保护键盘的热剖面,这是我们从键盘热解调中建立密码采集手段的主要动力。 具体而言,我们引入了Thermanator:基于用户在典型的外部(塑料)键盘上输入密码而导致的热传导的新的Factum内幕攻击。我们进行并描述一项用户研究,从30个用户收集热残渣,进入4个流行的商品键盘上的10个(软和强)独特的密码。结果显示,非专家用户可以在最初密码输入后30秒内从非专家用户那里收回整组关键压子,而部分设置可以在输入后1分钟内收回。然而,热残渣侧通道缺乏关于密码长度、重复键盘和键盘订购的信息。为了克服这些限制,我们利用键盘声传音功能,将2个用户连接成 AcuThermal,第一个混合侧盘攻击在键盘上是有效的。AcuThermal prilal strate suplan stracks suprial strack strack a keysteal stracts be suploess to kard.