Soundarya Ramesh and Rui Xiao, National University of Singapore; Anindya Maiti, University of Oklahoma; Jong Taek Lee, Harini Ramprasad, and Ananda Kumar, National University of Singapore; Murtuza Jadliwala, University of Texas at San Antonio; Jun Han, National University of Singapore
Lock picking and key bumping are the most common attacks on traditional pin tumbler door locks. However, these approaches require physical access to the lock throughout the attack, increasing suspicion and chances of the attacker getting caught. To overcome this challenge, we propose Keynergy, a stealthy offline attack that infers key bittings (or secret) by substantially extending and improving prior work that only utilizes a still image of the key. Keynergy effectively utilizes the inherent audible “clicks” due to a victim's key insertion, together with video footage of the victim holding the key, in order to infer the victim's key's bittings. We evaluate Keynergy via a proof-of-concept implementation and real-world experiments comprising of participants that perform multiple key insertions across a total of 75 keys with the related audio recorded using different microphone types placed at varying distances. We demonstrate that Keynergy achieves an average reduction rate of around 75% with an acoustics-based approach alone. When we combine both acoustics and video together, Keynergy obtains a reduced keyspace below ten keys for 8% of the keys (i.e., six keys out of 75 keys tested).
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Soundarya Ramesh and Rui Xiao and Anindya Maiti and Jong Taek Lee and Harini Ramprasad and Ananda Kumar and Murtuza Jadliwala and Jun Han},
title = {Acoustics to the Rescue: Physical Key Inference Attack Revisited},
booktitle = {30th USENIX Security Symposium (USENIX Security 21)},
year = {2021},
isbn = {978-1-939133-24-3},
pages = {3255--3272},
url = {https://www.usenix.org/conference/usenixsecurity21/presentation/ramesh},
publisher = {USENIX Association},
month = aug
}