当前位置:
X-MOL 学术
›
IEEE Trans. Mob. Comput.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Revealing Your Mobile Password via WiFi Signals: Attacks and Countermeasures
IEEE Transactions on Mobile Computing ( IF 7.7 ) Pub Date : 2020-02-01 , DOI: 10.1109/tmc.2019.2893338 Yan Meng , Jinlei Li , Haojin Zhu , Xiaohui Liang , Yao Liu , Na Ruan
IEEE Transactions on Mobile Computing ( IF 7.7 ) Pub Date : 2020-02-01 , DOI: 10.1109/tmc.2019.2893338 Yan Meng , Jinlei Li , Haojin Zhu , Xiaohui Liang , Yao Liu , Na Ruan
In this study, we present WindTalker, a novel and practical keystroke inference framework that can be used to infer the sensitive keystrokes on a mobile device through WiFi-based side-channel information. WindTalker is motivated from an observation that keystrokes on mobile devices will lead to different hand coverage and the finger motions, which will introduce a unique interference to the multi-path signals and can be reflected by the channel state information (CSI). An attacker can exploit the strong correlation between the CSI fluctuation and the keystrokes to infer the user's password input. Compared with the previous keystroke inference approaches, WindTalker neither deploys external equipment physically close to the target device nor compromises the target device. Instead, it employs a more practical setting by deploying a free public WiFi hotspot and collects the CSI data from the target device as long as the device is connected to the hotspot. In addition, to improve inference accuracy and efficiency, it analyzes the WiFi traffic to selectively collect CSI only for the sensitive period where password entering occurs. WindTalker can be implemented without the requirement of visually seeing the target device, or installing any malware on the device. We tested Windtalker on several mobile phones and performed a detailed case study to evaluate the practicality of the password inference towards Alipay, the largest mobile payment platform in the world. Furthermore, we proposed a novel CSI obfuscation countermeasure to thwart the inference attack. The evaluation results show that the performance of WindTalker can be dramatically reduced by adopting the proposed countermeasures.
中文翻译:
通过 WiFi 信号泄露您的手机密码:攻击和对策
在这项研究中,我们提出了 WindTalker,这是一种新颖实用的击键推理框架,可用于通过基于 WiFi 的侧信道信息推断移动设备上的敏感击键。WindTalker 的动机是观察到移动设备上的击键会导致不同的手覆盖范围和手指运动,这将对多径信号引入独特的干扰,并且可以通过信道状态信息 (CSI) 反映出来。攻击者可以利用 CSI 波动与击键之间的强相关性来推断用户的密码输入。与之前的按键推断方法相比,WindTalker 既不会在物理上靠近目标设备的位置部署外部设备,也不会危及目标设备。反而,它采用更实用的设置,通过部署免费的公共 WiFi 热点,只要设备连接到热点,就从目标设备收集 CSI 数据。此外,为了提高推理的准确性和效率,它会分析 WiFi 流量,仅在发生密码输入的敏感时期有选择地收集 CSI。WindTalker 的实施无需目测目标设备或在设备上安装任何恶意软件。我们在多部手机上测试了 Windtalker 并进行了详细的案例研究,以评估密码推断对全球最大的移动支付平台支付宝的实用性。此外,我们提出了一种新颖的 CSI 混淆对策来阻止推理攻击。
更新日期:2020-02-01
中文翻译:
通过 WiFi 信号泄露您的手机密码:攻击和对策
在这项研究中,我们提出了 WindTalker,这是一种新颖实用的击键推理框架,可用于通过基于 WiFi 的侧信道信息推断移动设备上的敏感击键。WindTalker 的动机是观察到移动设备上的击键会导致不同的手覆盖范围和手指运动,这将对多径信号引入独特的干扰,并且可以通过信道状态信息 (CSI) 反映出来。攻击者可以利用 CSI 波动与击键之间的强相关性来推断用户的密码输入。与之前的按键推断方法相比,WindTalker 既不会在物理上靠近目标设备的位置部署外部设备,也不会危及目标设备。反而,它采用更实用的设置,通过部署免费的公共 WiFi 热点,只要设备连接到热点,就从目标设备收集 CSI 数据。此外,为了提高推理的准确性和效率,它会分析 WiFi 流量,仅在发生密码输入的敏感时期有选择地收集 CSI。WindTalker 的实施无需目测目标设备或在设备上安装任何恶意软件。我们在多部手机上测试了 Windtalker 并进行了详细的案例研究,以评估密码推断对全球最大的移动支付平台支付宝的实用性。此外,我们提出了一种新颖的 CSI 混淆对策来阻止推理攻击。
京公网安备 11010802027423号