Keyboard Acoustic Side Channel Attacks on Android Phones in the AI Era of Digital Banking: An Elementary Review

Authors

  • Mamta B. Savadatti Dept. of ECE, New Horizon College of Engineering, Bengaluru, India
  • Nikita J. Kulkarni Associate Professor, K J College of Engineering and Management Research, Pune, Computer Engineering Department
  • Geetanjali Devendra Bansod Assistant Professor, KJ College of Engineering management and research, Pune, Computer Engineering Department
  • Paramita Sarkar Assistant Professor, Department of C.S.E, JIS UNIVERSITY
  • Praveen Kumar Professor & Head, Department of Mathematics and Computer Science, J V Jain College Saharanpur UP-247001(Bharat)
  • Kumar Sargam Department of Theatre & Music, Lovely Professional University, Phagwara India
  • Payal Gulati Assistant Professor, Department of Computer Engineering, J.C. Bose UST, YMCA, Haryana
  • Ajay Sudhir Bale Dept. of ECE, New Horizon College of Engineering, Bengaluru, India

Keywords:

side-channel attacks, security threats, cryptography, digital banking, online banking, cyber-security

Abstract

The banking and finance industry has seen immense transformation as a result of the growth of financial technology (FinTech) in areas including wireless Internet, big data, cloud computing, internet search engines, and blockchains, requiring conventional banks to modernize. The so-called "AI effect" describes how actions formerly deemed to need "intelligence" are often dropped with the perspective of AI as machines get greater abilities. It's established that keyboard acoustic side channel attacks may use the audible emission from keystrokes to roughly guess the passwords/PINs that were entered. By using numerous methods and vectors of attack, including triangulation, keypad geometry, and extraction of features and categorization, experts have kept trying to increase the effectiveness, but a lot of effort has been missing in creating a functional defence mechanism against this type of attacks, even though research is continuously being done to better improve acoustic side channel attacks. The article examines the safety risks and holes in online banking,  it also offers a thorough analysis of side-channel attacks (SCA) unique to digital banking in the era of AI, which hasn't been done before. Current research issues and possible future avenues are also covered in the paper.

Downloads

Download data is not yet available.

References

McCarthy, John; Minsky, Marvin; Rochester, Nathan; Shannon, Claude (1955). "A Proposal for the Dartmouth Summer Research Project on Artificial Intelligence". Archived from the original on 26 August 2007. Retrieved 30 August 2007.

Suchismita Gupta, Bikramjit Sarkar, Subhrajyoti Saha et al. A Novel Approach Toward the Prevention of the Side Channel Attacks for Enhancing the Network Security, 20 September 2022, PREPRINT (Version 1) available at Research Square [https://doi.org/10.21203/rs.3.rs-2074983/v1]

Randolph, M.; Diehl, W. Power Side-Channel Attack Analysis: A Review of 20 Years of Study for the Layman. Cryptography 2020, 4, 15.

Mehdiabadi, A.; Shahabi, V.; Shamsinejad, S.; Amiri, M.; Spulbar, C.; Birau, R. Investigating Industry 5.0 and Its Impact on the Banking Industry: Requirements, Approaches and Communications. Appl. Sci. 2022, 12, 5126. https://doi.org/10.3390/app12105126

David, L.; Kaulihowa, T. The Impact of E-Banking on Commercial Banks’ Performance in Namibia. Int. J. Econ. Financ. Res. 2018, 4, 313–3

Meher, B.K.; Hawaldar, I.T.; Mohapatra, L.; Spulbar, C.; Birau, R.; Rebegea, C. The impact of digital banking on the growth of Micro, Small and Medium Enterprises (MSMEs) in India: A case study. Bus. Theory Pract. 2021, 22, 18–28.

Panda, S.; Liu, Y.; Hancke, G.P.; Qureshi, U.M. Behavioral Acoustic Emanations: Attack and Verification of PIN Entry Using Keypress Sounds. Sensors 2020, 20, 3015. https://doi.org/10.3390/s20113015

Kuhn, M.G.; Anderson, R.J. Soft tempest: Hidden data transmission using electromagnetic emanations. In Proceedings of the International Workshop on Information Hiding, Portland, OR, USA, 14–17 April 1998; pp. 124–142.

Qiao, H.; Liu, Y.; Yang, A.; Hancke, G. Preventing overshadowing attacks in self-jamming audio channels. IEEE Trans. Dependable Secur. Comput. 2018.

Friedman, J. Tempest: A signal problem. NSA Cryptologic Spectr. 1972, 35, 76.

Loughry, J.; Umphress, D.A. Information leakage from optical emanations. ACM Trans. Inf. Syst. Secur. (TISSEC) 2002, 5, 262–289

Murdoch, S.J.; Drimer, S.; Anderson, R.; Bond, M. Chip and PIN is Broken. In Proceedings of the 2010 IEEE Symposium on Security and Privacy, Oakland, CA, USA, 16–19 May 2010; pp. 433–446.

Anderson, R.; Murdoch, S.J. EMV: Why payment systems fail. Commun. ACM 2014, 57, 24–28.

Bond, M.; Choudary, O.; Murdoch, S.J.; Skorobogatov, S.; Anderson, R. Chip and Skim: Cloning EMV cards with the pre-play attack. In Proceedings of the 2014 IEEE Symposium on Security and Privacy, San Jose, CA, USA, 18–21 May 2014; pp. 49–64.

Shumailov, I.; Simon, L.; Yan, J.; Anderson, R. Hearing your touch: A new acoustic side channel on smartphones. arXiv 2019, arXiv:1903.11137

Yu, J.; Lu, L.; Chen, Y.; Zhu, Y.; Kong, L. An indirect eavesdropping attack of keystrokes on touch screen through acoustic sensing. IEEE Trans. Mob. Comput. 2019.

Zhou, M.; Wang, Q.; Yang, J.; Li, Q.; Jiang, P.; Chen, Y.; Wang, Z. Stealing Your Android Patterns via Acoustic Signals. IEEE Trans. Mob. Comput. 2019

Kocher, P.C. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Proceedings of the Annual International Cryptology Conference, Santa Barbara, CA, USA, 18–22 August 1996; pp. 104–113.

Kocher, P.; Jaffe, J.; Jun, B. Differential power analysis. In Proceedings of the Annual International Cryptology Conference, Santa Barbara, CA, USA, 15–19 August 1999; pp. 388–397.

Genkin, D.; Shamir, A.; Tromer, E. RSA key extraction via low-bandwidth acoustic cryptanalysis. In Proceedings of the Annual Cryptology Conference, Santa Barbara, CA, USA, 17–21 August 2014; pp. 444–461.

Chandrashekar, A.; Kumar, P.V.; Chandavarkar, B. Comparative Analysis of Modern Mobile Operating Systems. In Proceedings of the 2021 12th International Conference on Computing Communication and Networking Technologies (ICCCNT), Kharagpur, India, 6–8 July 2021; pp. 1–7.

Mahor, V.; Pachlasiya, K.; Garg, B.; Chouhan, M.; Telang, S.; Rawat, R. Mobile Operating System (Android) Vulnerability Analysis Using Machine Learning. In Proceedings of the International Conference on Network Security and Blockchain Technology, Huaihua City, China, 15–17 July 2022; Springer: Berlin/Heidelberg, Germany, 2022; pp. 159–169.

Senanayake, J.; Kalutarage, H.; Al-Kadri, M.O.; Petrovski, A.; Piras, L. Android source code vulnerability detection: A systematic literature review. ACM Comput. Surv. 2023, 55, 1–37.

Muhammad, Z.; Anwar, Z.; Javed, A.R.; Saleem, B.; Abbas, S.; Gadekallu, T.R. Smartphone Security and Privacy: A Survey on APTs, Sensor-Based Attacks, Side-Channel Attacks, Google Play Attacks, and Defenses. Technologies 2023, 11, 76. https://doi.org/10.3390/technologies11030076. [24a]. Park, J.; Yoo, J.; Yu, J.; Lee, J.; Song, J. A Survey on Air-Gap Attacks: Fundamentals, Transport Means, Attack Scenarios and Challenges. Sensors 2023, 23, 3215. https://doi.org/10.3390/s23063215

Bolton, R.J.; Hand, D.J. Unsupervised Profiling Methods for Fraud Detection. In Proceedings of the Credit Scoring and Credit Control VII, Edinburgh, UK, 5–7 September 2001.

Bolton, R.J.; Hand, D.J. Statistical fraud detection: A review. Stat. Sci. 2002, 17, 235–249.

Srivastava, A.; Kundu, A.; Sural, S.; Majumdar, A. Credit card fraud detection using hidden Markov model. IEEE Trans. Dependable Secur. Comput. 2008, 5, 37–48.

Zheng, L.; Liu, G.; Yan, C.; Jiang, C. Transaction Fraud Detection based on Total Order Relation and Behavior Diversity. IEEE Trans. Comput. Soc. Syst. 2018, 5, 796–806.

Ngai, E.W.; Hu, Y.; Wong, Y.H.; Chen, Y.; Sun, X. The application of data mining techniques in financial fraud detection: A classification framework and an academic review of literature. Decis. Support Syst. 2011, 50, 559–569.

Benjamin Jackson, Mark Johnson, Andrea Ricci, Piotr Wiśniewski, Laura Martínez. Ethical Considerations in Machine Learning Applications for Decision Science. Kuwait Journal of Machine Learning, 2(4). Retrieved from http://kuwaitjournals.com/index.php/kjml/article/view/221

Pasha, M. J. ., Sreenivasulu, K. ., Ramani, B. R. ., Sunitha, M. J. ., Swetha, K., & Samunnisa, K. . (2023). Solid Waste Supervision System based on Heuristic Algorithmic approach and Internet of Things . International Journal on Recent and Innovation Trends in Computing and Communication, 11(1s), 64–70. https://doi.org/10.17762/ijritcc.v11i1s.6000

Chaudhury, S., Dhabliya, D., Madan, S., Chakrabarti, S. Blockchain technology: A global provider of digital technology and services (2023) Building Secure Business Models Through Blockchain Technology: Tactics, Methods, Limitations, and Performance, pp. 168-193.

Downloads

Published

10.11.2023

How to Cite

Savadatti, M. B. ., Kulkarni, N. J. ., Bansod, G. D. ., Sarkar, P. ., Kumar, P. ., Sargam, K. ., Gulati, P. ., & Bale, A. S. . (2023). Keyboard Acoustic Side Channel Attacks on Android Phones in the AI Era of Digital Banking: An Elementary Review. International Journal of Intelligent Systems and Applications in Engineering, 12(4s), 292–300. Retrieved from https://ijisae.org/index.php/IJISAE/article/view/3792

Issue

Vol. 12 No. 4s (2024)

Section

Research Article

License

Copyright (c) 2023 Mamta B. Savadatti, Nikita J. Kulkarni, Geetanjali Devendra Bansod, Paramita Sarkar, Praveen Kumar, Kumar Sargam, Payal Gulati, Ajay Sudhir Bale

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.

IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.

Most read articles by the same author(s)