I've been involved in a few pieces of research in the theme of side-channel attacks in the past year.
- T. Andrade, M. Smith-Creasey and J. F. Roscoe, "Discerning User Activity in Extended Reality Through Side-Channel Accelerometer Observations", 18th International Conference on Intelligence and Security Informatics (ISI), IEEE, 2020 (Best Presentation Award)
- J. F. Roscoe and M. Smith-Creasey, "Unconventional Mechanisms for Biometric Data Acquisition via Side-Channels", SIN '20: 13th International Conference on Security of Information and Networks, ACM, 2020
- J. F. Roscoe and M. Smith-Creasey, "Acoustic Emanation of Haptics as a Side-Channel for Gesture-Typing Attacks", International Conference on Cyber Security and Protection of Digital Services (Cyber Security), IEEE, 2020
It's always interesting when you can see technology being applied in ways you don't expect. When it's a security risk, the mitigation can often be challenging.
In the case of acoustic cryptanalysis of haptic feedback when gesture typing, we have surmised there are just a few mitigation options, which have been filed as patent PCT/EP2021/054386.
Data entry on computing devices such as smartphone, tablet, laptop or other devices can include the entry of secret, confidential, private or other sensitive information, Such data is susceptible to interception by third parties such as malicious parties during a data input process. Accordingly, it is desirable to provide protections against data interception during a data input process.
According to a first aspect of the present invention, there is provided a computer implemented method to protect data input to a user input device from detection, the device including an artificial haptic feedback mechanism arranged to generate an occurrence of haptic feedback for sensing by a user of the device in response to each input gesture on the device by the user, characterised in that at least a subset of each occurrence of haptic feedback is adjusted with respect to a previous occurrence of haptic feedback by one or more of: a timing of the haptic feedback with respect to a time of occurrence of a corresponding input gesture; an adjustment to a duration of haptic feedback relative to a duration of the previous occurrence of haptic feedback; and a generation of one or more addition occurrences of haptic feedback.
With traditional haptics, security requires a tradeoff with usefulness, though there are no doubt alternative approaches that will be revealed over time.
Other approaches have involved the use of white noise or targetted noise cancelling hardware.