Friday, July 28, 2017

WiFi and Keystroke Recognition

Updated July 2018

With the 2017 WikiLeaks revelations about the CIA and its involvement in our computers and online activities, research by Kamran Ali, Alex Liu, Wei Wang and Muhammad Shahzad from Michigan State University in the United States and Nanjing University in China gives us cause to question what little remains of our privacy even further.  

As we are all aware, there is one factor in our lives that has become pervasive, the presence of WiFi signals.  These signals are present in our homes, our workplaces and in many public areas, offering us unprecedented and often "free" access to the internet.  Many of us who access WiFi, particularly in public areas, are at least somewhat concerned about the privacy of our communications, however, we rarely give thought to the idea that someone could actually be detecting every keystroke that we make.  The research by the aforementioned authors of the paper entitled "Keystroke Recognition Using WiFi Signals" have shown that this very issue should be of concern to all of us.

It's obvious that keystroke privacy is important.  Without keystroke privacy, outsiders will be able to access our most private information including passwords and other sensitive data.  In the past, research has studied the effectiveness of keystroke recognition using three main methods:

1.) acoustic-based emission approaches where each key on a keyboard produces a different sound. or the fact that acoustic emanations from different keys arrive at different surrounding smartphones at different times.

2.) electromagnetic emission-based approaches where the electromagnetic emanations from the electrical circuit underneath different keys in a keyboard are different.

3.) vision-based approaches where keystrokes are recognized using video technologies. 

For the first time, the authors of the study noted that WiFi signals can be used to recognize keystrokes, a single -based keystroke recognition system that they call "WiKey".

WiKey consists of two commercial, off-the-shelf WIFi devices, a sender (router) and a receiver (laptop).  The sender continuously emits signals and the receive continuously receives signals.  When a user types on the keyboard on the WiFi signal receiver end, his or her hands and fingers move in a unique formation and direction, generating a unique pattern in the time-series of Channel State Information (CSI) values for each key.  The keystrokes of each keyboard key introduce unique and subtle distortions in the WiFi signals which can be used to recognize exactly which key was pressed.  The authors developed a keystroke extraction algorithm that utilized CSI streams to identify which key was depressed by the user.  As background information, CSI values are already being used to detect larger scale human movements including falling, general household activities, the presence or absence of humans and estimating the number of people in a crowd.   In this research, the authors are looking at the micro-movements of human hands and fingers when they type on a keyboard, taking CSI research to a whole new level.   
Here is a quote from the paper showing how data was collected:

To evaluate the accuracy of WiKey, we collected training and testing dataset from 10 users. These 10 users were general university students who volunteered for the experiments and only 2 out of them had some know how of wire- less communication. Users 1–9 first provided 30 samples for each of the 37 keys (26 alphabets, 10 digits and 1 space and 1 space bar) by pressing that key multiple times. After this, these users typed the sentence; the quick brown fox jumped over the lazy dog two times, without spaces.

To evaluate how the number of training samples impact the accuracy, we collected 80 samples for each of the 37 keys from User 10. Afterwards, this user typed each of the following sentences 5 times, without spaces; the quick brown fox jumps over the lazy dog, nobody knew why the candles blew out, the autumn leaves look like golden snow, nothing is as profound as the imagination, my small pet mouse escaped from his cage.   We asked users to type naturally with multiple fingers but only press one key at a time while keeping the average keystroke inter-arrival time at 1 second. After recording the CSI time series for each of the above experiments, we first applied our keystroke extraction algorithm on those recorded CSI time series to extract the CSI waveforms for individual keys and then extracted the DWT based shape features from each of the extracted keystroke waveforms.

The authors evaluated the accuracy of their keystroke extraction algorithm in terms of the detection ratio, the ratio of the total number of correctly detected keystrokes in a CSI time series divided by the total number of actually keystrokes.  The authors discovered that WiKey was able to detect that a keystroke had taken place 97.5 percentile of the time with at range of between 91.8 percent and 100 percent for the ten users and that there was a 96.4 percent accuracy rate in classifying single keystrokes.  The keystrokes that were most often missed were those where there is little movement of the user's fingers, for example, when typing the keys "a", "d", "f", "i", "j" and "x", the user's hands and fingers move very little, resulting in undetected variations in CSI values.

Here are two graphs showing the accuracy of WiKey for the 26 alphabetical keys and for 37 keys (26 alphabetical, one space bar and 10 digits) on a standard keyboard:

WiKey is capable of recognizing an overall keystroke accuracy of 83.46 percent in the case of 26 alphabetical keys and 82.87 percent in the case of 37 keys including numerical keys and the space bar.  In real-world experiments, WiKey can recognize keystrokes in a continuously typed sentence with an accuracy of 93.5 percent.  

There are some limitations to WiKey.  It is currently designed for and tested with only two persons in a room (the tester and the user) and would have to be altered (trained) to deal with addition motion (i.e. having multiple people walking around in a library setting).  The authors believe that WIKey can be developed to subtract the waveforms of non-keyboard related motion.   As well, the authors tested WiKey using the same keyboard for all users with transceivers being located at the same distance and in the same direction with respect to the keyboard.  The authors also instructed the users not to move their heads or other body parts significantly when typing, however, they were allowed to make small neutral motions including arm and shoulder movements.

While there are obviously limits to the ability to detect keystrokes using WiFi at this point in time because the technology is still in its infancy, the technique developed by the authors of this paper shows that micro-gestures can be used to detect a user's keystrokes using commercially available equipment and WiKey.  In the future, the authors plan to adapt their system to deal with the real world environment where users' behaviours are less predictable and there is more background "noise".  From what these four gentlemen have proven thus far and with the ubiquitous nature of WiFi in today's world, it is only a matter of time before this technology is widely used by the world's intelligence networks, prying even further into what little remains of our privacy.

No comments:

Post a Comment