How AI is used to increase the frequency of Acoustic Side Channel Attacks.

Relevance

  • GS Paper 3 Science & Technology.
  • Tags: #upsc #gspaper3 #AI #deeplearningtechnologies #acousitcsidechannelattacks.

Why in the news?

Artificial Intelligence (AI) can be used to decode passwords by analyzing the sound produced by keystrokes. The study highlighted the accuracy of Acoustic Side Channel Attacks (ASCA) when state-of-the-art deep learning models were used to classify laptop keystrokes and their mitigation.

Defining ASCA

  • To understand Acoustic Side Channel Attacks, one should know Side Channel Attacks (SCAs).
  • SCAs are a method of hacking a cryptographic algorithm based on the analysis of auxiliary systems used in the encryption method.
  • These can be performed using a collection of signals emitted by devices, including electromagnetic waves, power consumption, mobile sensors as well as sound from keyboards and printers to target devices.
  • Once collected, these signals are used to interpret signals that can be then used to compromise the security of a device.
  • In an ASCA, the sound of clicks generated by a keyboard is used to analyze keystrokes and interpret what is being typed to leak sensitive information.
  • These attacks are particularly dangerous as the acoustic sounds from a keyboard are not only readily available but also because their misuse is underestimated by users.
  • While most users hide their screens when typing sensitive information, no precautionary steps are taken to hide the sound of the keystrokes.
  • And though over time, the sound of keyboard clicks has become less profound with devices making use of non-mechanical keyboards, the technology with which the acoustics can be accessed and processed has also improved drastically.
  • Additionally, the use of laptops has increased the scope of ASCAs as laptop models have the same keyboard making it easier for AI-enabled deep learning models to pick up and interpret the acoustics.

The accuracy

  • The study found that when trained on keystrokes by a nearby phone, the classifier achieved an accuracy of 95%, the highest accuracy seen without the use of a language model.
  • When a deep learning model was trained on the data with default values, the model was able to acquire a meaningful interpretation of the data.
  • Additionally, when the AI model was made to recognize keystrokes using audio captured through a smartphone microphone, it was able to achieve 95% accuracy.

ASCA attacks

  • ASCA attacks are not new and have been around since 1950 when acoustic emanations of encryption devices were used to crack their security.
  • Over the past decades, researchers have published papers talking about the threats from ASCA attacks with the advent of modern technology that brought more microphones in close proximity to keyboards, making it easier to collect and interpret acoustic data.
  • However, with the increasing use of AI and the accuracy with which deep learning models can recognize and analyze keystrokes, the threat from ASCA has resurfaced.

Protection against ASCA

  • While there is no explicit means of defense against ASCAs, simple changes to typing could reduce the chances of attacks.
  • Using touch-based typing can also reduce the chances of successful keystroke recognition from 64% to 40%, making it more difficult for threat actors to leak sensitive information.
  • Additionally, changes in typing style and creating stronger passwords that use a combination of upper- and lower-case alphabets can make it more difficult for criminals to launch successful ASCA attacks.

Way forward

Users should also avoid the use of easily recognizable phrases which can make it easier for AI models to predict the text. Also, to reduce the threats AI encrypted models and programmes must be used to predict the security issues and generate tools to tackle the perplexed cyber issues.

Source: The Hindu

Mains Question

What do you mean by Acoustic Side Channel Attacks (ASCA). How it will be helpful in strengthening Cyber security.