us 17 Lain Skype & Type Keystroke Leakage Over VoIP

2020-03-01 57浏览

  • 1.Daniele Lain University of Padua Prof. Mauro Conti - Univ. of Padua Prof. Gene Tsudik - UC Irvine Dr. Alberto Compagno - Sapienza Univ. of Rome SKYPE & TYPE Keystroke Leakage over VoIP
  • 2.Meet our monkey.
  • 3.Meet our monkey. Our monkey is a scoundrel.
  • 4.Meet our monkey. Our monkey is a scoundrel. Monkey likes secrets, but is very bad at crypto. (just like me) ?
  • 5.But monkeys have very good hearing (unlike me) And keyboard keys have unique sounds So let’s listen!
  • 6.Keyboard Acoustic Eavesdropping correct horse battery staple Supervised Learning (Asonov, 2004; Halevi, 2012; 2014) - Less input assumptions Unsupervised Learning (Berger, 2006; Zhuang, 2009) - More general
  • 7.Keyboard Acoustic Eavesdropping correct horse battery staple Supervised Learning (Asonov, 2004; Halevi, 2012; 2014) - Less input assumptions Unsupervised Learning (Berger, 2006; Zhuang, 2009) - More general
  • 8.Spying Devices and How to Plant Them LET’S HACK
  • 9.Spying Devices and How to Plant Them
  • 10.Spying Devices and How to Plant Them
  • 11.Spying Devices and How to Plant Them
  • 12.Spying Devices and How to Plant Them
  • 13.Spying Devices and How to Plant Them
  • 14.Spying Devices and How to Plant Them
  • 15.Spying Devices and How to Plant Them
  • 16.Spying Devices and How to Plant Them
  • 17.
  • 18.TO LISTEN TO KEYBOARD CLACKING
  • 19.First Takeaway If I get physical access I will do worse than plant a bug to listen to your keyboard
  • 20.Let’s go remote! A day in life of my professors
  • 21.- Confcalls are (sometimes) long and boring - This motivates multi-tasking - Work still needs to be done - So we type stuff
  • 22.Will it work? - Not obvious - VoIP transforms & downgrades audio - MDCT, LPC → sound is almost reconstructed, rather than just encoded - Investigate whether key fingerprints remain
  • 23.Attack model Victim EXTRACT KEYPRESS & FEATURES types secret TRAIN MODELS PREDICT
  • 24.Practical HOWTO SEGMENTATION w/THRESHOLDS MACHINE LEARNING MEL FREQUENCY CEPSTRAL COEFFICIENTS DICTIONARY or BRUTEFORCE or GUESSES
  • 25.Does it work? Yes. 5 volunteers - 3 laptops - typing letters
  • 26.Does it really work? vs Forbes, 1984 & the BibleCredits:https://www.forbes.com/sites/thomasbrewster/2017/07/06/skype-and-type-attack-steals-passwords
  • 27.Grab The Code - Open Sourcetool:github.com/SPRITZ-Research-Group/Skype-Type - Different blocks for audio input, segmentation, learning, and output - Customizable and extensible
  • 28.DEMO! ...What could possibly go wrong?
  • 29.Black Hat Sound Bytes 1. New and surprising extension to the old side-channel, larger attack surface 2.VoIP:an effective and practical means of eavesdropping on keyboard input 3. Don’t Skype & Type :-)
  • 30.Thanks! Daniele Lain daniele.lain3@gmail.com SPRITZ Group University of Padua, IT Daniele Lain Prof. Mauro Conti Dr. Alberto Compagno SPROUT UC Irvine, USA Prof. Gene Tsudik