Annual Computer Security Applications Conference (ACSAC) 2012

Full Program »

Practicality of Accelerometer Side-Channel on Smartphones

Paper
View File
pdf
1,002KB

Adam J. Aviv
University of Pennsylvania
United States

Benjamin Sapp
University of Pennsylvania
United States

Matt Blaze
University of Pennsylvania
United States

Jonathan M. Smith
University of Pennsylvania
United States

Abstract:
Modern smartphones are equipped with a plethora of sensors that
enable wide ranges of interactions, but some of these sensors can be
employed as a side channel to surreptitiously learn about user
input. In this paper, we show that the accelerometer sensor can
{\em also} be employed as a high-bandwidth side channel;
particularly, we demonstrate how to use the accelerometer sensor to
learn user tap- and gesture-based input as required to unlock
smartphones using a PIN/password or Android's graphical password
pattern. Using accelerometer data collected from a large and
diverse group of 24 users in controlled (while sitting) and
uncontrolled (while walking) settings, we develop novel machine
learning features for accelerometer readings that are sample rate
independent and based on signal processing and polynomial fitting
techniques; the first time such techniques are applied in this
domain. In our experiments, in controlled settings, our prediction
model can on average classify the PIN entered 43\% of the time and
pattern 73\% of the time within 5 attempts when selecting from a
test set of 50 PINs and 50 patterns. In uncontrolled settings, while
users are walking, our model can still classify 20\% of the PINs and
40\% of the patterns within 5 attempts. We additionally demonstrate
that there is consistency across users and devices, and it is
possible to construct a dictionary of accelerometer readings;
however, such dictionaries are greatly affected by movement-noise
and cross-user training. Further, we apply hidden Markov models to
predict variable length input, as might be necessary if an attacker
had insufficient samples to train from. Finally, we propose
architectural changes to the smartphone security models that can
mitigate these side-channels without significantly impacting
legitimate uses of on-board sensor.

 

Powered by OpenConf®
Copyright ©2002-2012 Zakon Group LLC