Recent work (i.e., Timing Analysis of Keystrokes and Timing Attacks on SSH, published by Song, Wagner and Tian of the University of California, Berkeley, hereinafter “The Berkeley Article”) has demonstrated the possibility to at least partially infer the content of encrypted keyboard keystroke data from inter-keystroke timing. Such inter-keystroke timing was found to be substantially constant between given key pairs. The Berkeley Article focused on the security of remote access over a wide area network (WAN) using secure shell (SSH) sessions. The Berkeley Article is concerned with security problems and solutions in WAN applications.
The UC Berkeley team demonstrated that they could reliably detect the length of passwords composed of randomly selected alpha-numeric characters. They also created an algorithm that ordered all possible character combinations for the given password length in probability order, with the correct password typically occurring in the top 1-2% of the list. The team found that inter-keystroke intervals typically varied between a high of 10s milliseconds and a low of hundreds of milliseconds (most being in the range 50-300 ms). Normal latency variations and polling intervals found in Universal Serial Bus (USB) keyboards, for example, will not sufficiently obscure inter-keystroke timing to provide a useful measure of security.
Referring to FIG. 1, a system 10 is shown illustrating a conventional wireless environment. The system 10 illustrates a keyboard 12 and a PC 14. The keyboard 12 has an emitter 16 that transmits signals that are received by a receiver 18. A typical wireless keyboard application in a personal computer (PC) environment is substantially more vulnerable to attack than the kind of WAN applications studied by the Berkeley team for one or more of the following reasons.
First, wireless keyboards typically encrypt the keystrokes that they send, but transmit particular new keystrokes immediately after they are detected. Wireless keyboards are not typically polled (i.e., periodically queried) because of power constraints.
Second, PC users do not typically use random passwords even for secure applications such as on-line banking. Rather, PC users typically use real words or combinations of real words. Searching the ranked probability list for key phrases (i.e., words, combinations of words, dates, etc.) would in many cases produce a manageably small list of candidate passwords.
Furthermore, even corporations do not typically require the use of random passwords by employees. Ease of memorization and a requirement to use both letters and numbers often results in passwords of the form “2easy2learn”. This type of password “word” syntax could potentially be added to a real word search engine, further increasing vulnerability.
Wireless communications are much easier to intercept than WAN communications. Although typical applications have normal operating distances of a few feet, sophisticated receiving equipment could receive the signals several hundred feet away (i.e., in a parking lot outside a building, or on the street outside a house). The danger of interception being detected is therefore also dramatically reduced.
Vulnerability is magnified enormously when combined with vulnerability to eavesdropping equipment such as Tempest equipment. For example, a light truck could contain such eavesdropping equipment that can recreate and display everything displayed on a computer screen within a building from a nearby parking lot or street. The ability of such attacks to obtain password data has been limited because passwords are typically blocked out, often with asterisks. However, adding wireless keyboard interception may allow an eavesdropping attack to also reveal passwords.
While the results from Berkeley teams were based on a single interception, interceptions of multiple logons would be straightforward when combined with an eavesdropping attack. Such a combination could dramatically improve the effectiveness of the inference algorithm. Furthermore, the results in The Berkeley Article did not rely on a training session (i.e., a period of time in which the keystrokes of a user could be observed). A hardware-assisted attack could allow an algorithm to undertake a protracted learning period, substantially improving the accuracy of hidden keystroke inference.
Even without a hardware assisted attack, various other attacks are possible. Often the first thing typed after a period of keyboard inactivity will be a password or user ID and password. Therefore, attempting to infer the content of the first few keystrokes after a long gap would represent a powerful attack, especially if the user ID of a particular password were known, which is often the case.
As demonstrated, existing wireless keyboards can be vulnerable to a timing attack, laying users open to numerous types of fraud, loss of privacy, etc. As discussed, an unauthorized interception of the wireless transmission can introduce security vulnerabilities.
It would be desirable to implement a method and/or architecture for minimizing security risks of devices that are implemented in potentially vulnerable environments. The system may artificially alter (e.g., outside of transmission parameters of a particular transmission protocol) the timing between keystrokes to minimize unauthorized deciphering of passwords passed on the timing between keystrokes.