Data Interception Prevention

March 29, 2021, 3:17 pm

I've been involved in a few pieces of research in the theme of side-channel attacks in the past year.

It's always interesting when you can see technology being applied in ways you don't expect. When it's a security risk, the mitigation can often be challenging.

In the case of acoustic cryptanalysis of haptic feedback when gesture typing, we have surmised there are just a few mitigation options, which have been filed as patent PCT/EP2021/054386.

Data entry on computing devices such as smartphone, tablet, laptop or other devices can include the entry of secret, confidential, private or other sensitive information, Such data is susceptible to interception by third parties such as malicious parties during a data input process. Accordingly, it is desirable to provide protections against data interception during a data input process.

According to a first aspect of the present invention, there is provided a computer implemented method to protect data input to a user input device from detection, the device including an artificial haptic feedback mechanism arranged to generate an occurrence of haptic feedback for sensing by a user of the device in response to each input gesture on the device by the user, characterised in that at least a subset of each occurrence of haptic feedback is adjusted with respect to a previous occurrence of haptic feedback by one or more of: a timing of the haptic feedback with respect to a time of occurrence of a corresponding input gesture; an adjustment to a duration of haptic feedback relative to a duration of the previous occurrence of haptic feedback; and a generation of one or more addition occurrences of haptic feedback.

With traditional haptics, security requires a tradeoff with usefulness, though there are no doubt alternative approaches that will be revealed over time.

Other approaches have involved the use of white noise or targetted noise cancelling hardware.

Next Post Previous Post