• Home

  • Documents

  • Timing Attac ks on Obfuscated User Generated StreamsTiming Attac ks on Obfuscated User Generated...
1
Timing Attacks on Obfuscated User Generated Streams Charles Poole, Sidafa Conde Department of Mathematics, University of Massachusetts Dartmouth Abstract Keyboarding text can be thought of as a process of making transitions from one state (letter or keyboard symbol) to another. Associated with each transition is a real number the time taken to type the second symbol following the first symbol. Similarly, written text gives rise to a discrete time series of keyboard distances be- tween successive symbols (including spaces). We will discuss how correlating the above two time series as- sists us in building a model of what is being typed from the time intervals between successive symbol pairs. Such a model is very useful in security issues, such as to decipher text through recorded time between succes- sive key strokes, as in Secure Shell (SSH) data. Also of interest, and to be discussed, is whether different typ- ing styles lead to a proportionate decrease or increase in keyboarding times across all letter pairs, or whether there are essentially different keyboarding styles, and, if so, how those styles can be determined from time series data. We examine whether the state transition times for keyboarding form a Markov chain. Introduction Objectives K EYBOARDING can be thought of as a process of making transitions from one state to another. We explored these transitions with the following goals in mind: Collect and Analyze Inter-stroke Timing Data Explore Relationships Between Keypairs Attempt to Identify Keystrokes from Timing Data with High Degree of Confidence History Since humans began interacting with technology to send information there have been timing attacks on these streams. ”Fisting” was used to identify wireless telegraph op- erators in WWII Early versions of SSH allowed users to be identified by packet cadence Companies use shopping information to target ads to customers Keystroke Dynamics Keystroke Dynamics is the study of the manner and rhythm in which a person types. Several factors are typically unknown from a sample of writing. Was it typed rapidly or slowly? When capitalizing how did the person do it? Was the pace the person typed constant? How many mistakes were made before the pre- sented version was produced? Methods Distance Model Our first thought was to investigate the distance be- tween keypairs. This is the distance from the home key responsible for each key in mm. We hoped there would be a relationship between dis- tance and time. Keypairs This is a frequency table of each keypair in a ten thou- sand word dictionary. Time Series A Time series is a sequence of data points, mea- sured at times steps. We view each key pair as a time step, and time be- tween as the data. We can then use Auto-Regression in an attempt to find correlation Probability Model NIG is a form of generalized hyperbolic distributions We use it because there is a probability of far-field behavior Meaning, that we want fat tails on our probability model Research Keyboarding Biometrics Hot Spots So there should be the same hotspots in everyday typ- ing, right? Here are keypair maps produced from three typists. Not really, in spoken and typed english there is repeti- tion. Also, each person will have a unique map repre- senting their pair frequency. Keyboard Fingerprinting People generate a massive sample of their writing styles online Accessing this information is often trivial By adding this information we hope to increase our confidence level Here are three sample facebook status updates. The Rhythm Method Autocorrelation can be thought of as the evaluation of the correlation of a time series as a function of the time steps. Autocorrelation has importance in two ways for this research. We autocorrelate against a database of timing infor- mation to try and find matches up to a certain size. We try and find the subjects typing rhythm. The rhythm is used to adapt the data to try and in- crease the confidence level of our correlation Furthermore At this point we’re still researching keyboarding rhythms and how to auto-adapt our data to provide real results. Allow just timing data to be entered for testing Work on adaptive algorithms for fitting data Produce results from timing information.

Timing Attac ks on Obfuscated User Generated StreamsTiming Attac ks on Obfuscated User Generated Streams Charles P oole , Sidafa Conde Depar tment of Mathematics , Univ ersity of Massachusetts

  • Upload
    others

  • View
    6

  • Download
    0

Embed Size (px)

Citation preview

  • Timing Attacks on Obfuscated User Generated StreamsCharles Poole, Sidafa Conde

    Department of Mathematics,University of Massachusetts Dartmouth

    Abstract

    Keyboarding text can be thought of as a process ofmaking transitions from one state (letter or keyboardsymbol) to another. Associated with each transition is areal number the time taken to type the second symbolfollowing the first symbol. Similarly, written text givesrise to a discrete time series of keyboard distances be-tween successive symbols (including spaces). We willdiscuss how correlating the above two time series as-sists us in building a model of what is being typed fromthe time intervals between successive symbol pairs.Such a model is very useful in security issues, such asto decipher text through recorded time between succes-sive key strokes, as in Secure Shell (SSH) data. Also ofinterest, and to be discussed, is whether different typ-ing styles lead to a proportionate decrease or increasein keyboarding times across all letter pairs, or whetherthere are essentially different keyboarding styles, and,if so, how those styles can be determined from timeseries data. We examine whether the state transitiontimes for keyboarding form a Markov chain.

    Introduction

    Objectives

    KEYBOARDING can be thought of as a process ofmaking transitions from one state to another. Weexplored these transitions with the following goals inmind:• Collect and Analyze Inter-stroke Timing Data• Explore Relationships Between Keypairs• Attempt to Identify Keystrokes from Timing Data with

    High Degree of Confidence

    HistorySince humans began interacting with technology tosend information there have been timing attacks onthese streams.• ”Fisting” was used to identify wireless telegraph op-

    erators in WWII• Early versions of SSH allowed users to be identified

    by packet cadence• Companies use shopping information to target ads

    to customers

    Keystroke DynamicsKeystroke Dynamics is the study of the manner andrhythm in which a person types. Several factors aretypically unknown from a sample of writing.• Was it typed rapidly or slowly?• When capitalizing how did the person do it?• Was the pace the person typed constant?• How many mistakes were made before the pre-

    sented version was produced?

    Methods

    Distance ModelOur first thought was to investigate the distance be-tween keypairs.

    This is the distance from the home key responsible foreach key in mm.We hoped there would be a relationship between dis-tance and time.

    KeypairsThis is a frequency table of each keypair in a ten thou-sand word dictionary.

    Time Series

    • A Time series is a sequence of data points, mea-sured at times steps.

    • We view each key pair as a time step, and time be-tween as the data.

    • We can then use Auto-Regression in an attempt tofind correlation

    Probability Model• NIG is a form of generalized hyperbolic distributions• We use it because there is a probability of far-field

    behavior• Meaning, that we want fat tails on our probability

    model

    Research

    Keyboarding Biometrics

    Hot Spots

    So there should be the same hotspots in everyday typ-ing, right? Here are keypair maps produced from threetypists.

    Not really, in spoken and typed english there is repeti-tion. Also, each person will have a unique map repre-senting their pair frequency.

    Keyboard Fingerprinting

    • People generate a massive sample of their writingstyles online

    • Accessing this information is often trivial

    • By adding this information we hope to increase ourconfidence level

    Here are three sample facebook status updates.

    The Rhythm MethodAutocorrelation can be thought of as the evaluation ofthe correlation of a time series as a function of the timesteps. Autocorrelation has importance in two ways forthis research.

    • We autocorrelate against a database of timing infor-mation to try and find matches up to a certain size.

    • We try and find the subjects typing rhythm.

    • The rhythm is used to adapt the data to try and in-crease the confidence level of our correlation

    FurthermoreAt this point we’re still researching keyboarding rhythmsand how to auto-adapt our data to provide real results.

    • Allow just timing data to be entered for testing

    • Work on adaptive algorithms for fitting data

    • Produce results from timing information.


Mitigating Attac ks on Open Functionality in SMS-Capab le … · Mitigating Attac ks on Open Functionality in SMS-Capab le Cellular Netw orks P atr ick Tra ynor , William Enc k, P

Mitigating Attac ks on Open Functionality in SMS-Capab le … · Mitigating Attac ks on Open Functionality in SMS-Capab le Cellular Netw orks P atr ick Tra ynor , William Enc k, P

Documents
Mitigating Attac ks on Open Functionality in SMS-Capab le Cellular … · Mitigating Attac ks on Open Functionality in SMS-Capab le Cellular Netw orks P atr ick Tra ynor , William

Mitigating Attac ks on Open Functionality in SMS-Capab le Cellular … · Mitigating Attac ks on Open Functionality in SMS-Capab le Cellular Netw orks P atr ick Tra ynor , William

Documents
Toward dynamic analysis of obfuscated android malware

Toward dynamic analysis of obfuscated android malware

Software
POURQUOI ATTAC ?

POURQUOI ATTAC ?

Documents
Dynamic Binary Analysis and Obfuscated Codes...Dynamic Binary Analysis and Obfuscated Codes How to don’t kill yourself when you reverse obfuscated codes. Jonathan Salwan and Romain

Dynamic Binary Analysis and Obfuscated Codes...Dynamic Binary Analysis and Obfuscated Codes How to don’t kill yourself when you reverse obfuscated codes. Jonathan Salwan and Romain

Documents
Obfuscated Ciphertext Mixing - Free Haven

Obfuscated Ciphertext Mixing - Free Haven

Documents
Static Dis Assembly of Obfuscated Binaries

Static Dis Assembly of Obfuscated Binaries

Documents
ATTAC SKATTEPARADISFRIE SONER

ATTAC SKATTEPARADISFRIE SONER

Documents
An Innovative Obfuscated Code Analysis Algorithm

An Innovative Obfuscated Code Analysis Algorithm

Documents
Obfuscated Malicious Executable Scanner

Obfuscated Malicious Executable Scanner

Documents
Agua privada - Attac

Agua privada - Attac

Documents
Attac Sommerakademie Präsentation

Attac Sommerakademie Präsentation

News & Politics
Que és ATTAC?

Que és ATTAC?

Business
Dette publique : comment s'en sortir Attac Attac Rhône, décembre 2013

Dette publique : comment s'en sortir Attac Attac Rhône, décembre 2013

Documents
Steelcon 2015 Reverse-Engineering Obfuscated Android Applications

Steelcon 2015 Reverse-Engineering Obfuscated Android Applications

Software
On the Correlation Intractability of Obfuscated

On the Correlation Intractability of Obfuscated

Documents
Fighting Unicode-Obfuscated Spam - Sid Stamm

Fighting Unicode-Obfuscated Spam - Sid Stamm

Documents
attac S tuttgart Was ist ATTAC? Was will ATTAC?

attac S tuttgart Was ist ATTAC? Was will ATTAC?

Documents
Mitigating Attac ks on Open Functionality in SMS-Capab le

Mitigating Attac ks on Open Functionality in SMS-Capab le

Documents
Attac Jahresbericht 2009

Attac Jahresbericht 2009

Documents
FUORI DAL MERCATO - ATTAC Italia - ATTAC Italia · il mensile per un nuovo modello sociale di Attac Italia website: email: segreteria@attac.org 3 movimenti (Attac Napoli, Massa Critica),

FUORI DAL MERCATO - ATTAC Italia - ATTAC Italia · il mensile per un nuovo modello sociale di Attac Italia website: email: [email protected] 3 movimenti (Attac Napoli, Massa Critica),

Documents
Attac jahresbericht 2014

Attac jahresbericht 2014

Documents
libro ATTAC sobre pensiones

libro ATTAC sobre pensiones

Documents
Reversing Obfuscated Python Applications

Reversing Obfuscated Python Applications

Documents
20150412 chirashi (ATTAC Takatsuki)

20150412 chirashi (ATTAC Takatsuki)

Documents
CodeXt: Automatic Extraction of Obfuscated Attack Code ...xwangc/Publications/ISC2014-AttackCodeExtraction-final.pdf · CodeXt: Automatic Extraction of Obfuscated Attack Code from

CodeXt: Automatic Extraction of Obfuscated Attack Code ...xwangc/Publications/ISC2014-AttackCodeExtraction-final.pdf · CodeXt: Automatic Extraction of Obfuscated Attack Code from

Documents
Attac agua

Attac agua

Documents
Attac Utveier #1 / 2010

Attac Utveier #1 / 2010

Documents
Exposicion g20 ciadi attac

Exposicion g20 ciadi attac

Education
Attac Utveier #4 / 2009

Attac Utveier #4 / 2009

Documents