Smart devices are increasingly used in our daily lives. Many of these devices contain a variety of sensors that measure quantities such as body movements, muscle activity, heart activity, body temperature and much more. On the one hand, these technologies create exciting opportunities like improving the users’ health and daily life by self-tracking or by using novel human-computer interfaces. On the other hand, they create potential attack vectors to infer unwanted and intimate details about a person and their actions.
Subarea C.1 aims to understand the implications of such sensor-based side-channel inferences in order to (1) inform about potential privacy risks and (2) derive specific counter-measures to (3) empower everyone in their daily life with sensors.
Current PhD project of subarea C.1:
Information (In-)security of Human-Centric Sensor Data
In our world of increasingly complex computing systems it becomes more and more difficult to stay in control of the information gathered by sensors of everyday devices. An increasing number of more accurate sensors create opportunities but also possibilities to violate the privacy of users in ways they are often unaware of. Wearables with typical human-centric sensors like accelerometers or gyroscopes, but also with emerging sensors like electromyographic sensors, can be exploited to infer human actions like typing on a keyboard.
The effectiveness of such human-targeted keylogging side-channel attacks varies with different sensor modalities and different sensor locations, but also under varying typing settings. Similarly, the success of such an attack also depends on the victims themselves (e.g. on their typing style, physiological differences, etc.), as well as on the actual input to be retrieved. On the one hand, continuous text is usually typed faster than unstructured text, possibly increasing the difficulty to discern individual keystrokes. On the other hand, they are constrained by the structure of the language used, easing a potential attack.
In my thesis, I will focus on developing a framework to study the effectiveness of keylogging side-channel attacks when using different sensor modalities in varying settings on different persons. With this framework, I am pursuing the goal of making the privacy risks of using human-centric sensors more tangible, deriving defenses and showing capabilities of such side-channel attacks under varying conditions.