[8438] in cryptography@c2.net mail archive
Re: audio keyboard snooping
daemon@ATHENA.MIT.EDU (John Denker)
Sat Jan 13 14:19:12 2001
Message-Id: <4.2.2.20010113123943.00c06220@127.0.0.1>
Date: Sat, 13 Jan 2001 13:16:29 -0500
To: cryptography@c2.net
From: John Denker <jsd@research.att.com>
In-Reply-To: <Pine.LNX.4.21.0101121332370.30585-100000@bolt.sonic.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
At 01:37 PM 1/12/01 -0800, Ray Dillinger mentioned:
>interferometry to get the exact locations
>on a keyboard of keystrokes from the sound of someone typing.
Whereupon Perry conjectured:
>A quick contemplation of the wavelength of the sounds in question
>would put an end to that speculation I suspect.
Also At 04:40 PM 1/12/01 -0800, Perry asked:
>Remember your basic science: you can't resolve something smaller than
>half a wavelength. (Well, you can, with certain techniques, but things
>get seriously hairy at that point, and in general the limit is half a
>wavelength.) Given this, it is unlikely that you're going to figure
>out whether the g or the h key was struck. If I'm wrong here, I'd like
>to hear a detailed counterargument or evidence.
So.....
1) Basic assumptions: What wavelengths should we consider? Just because a
radio-shack microphone is limited to 20kHz doesn't mean a determined
adversary can't get a microphone with vastly more bandwidth. The
microphone is not a limitation.
The most fundamental limitation is the risetime of the clicks emitted by
the keyboard. I'm sure this varies widely from keyboard to keyboard.
2) Basic science: A time-domain analysis (in terms of risetimes et cetera)
is probably more illuminating than a frequency-domain analysis.
The acoustic propagation time from one key to another is 50 microsec (17.2
mm key spacing, 345 m/s speed of sound) assuming the adversary has a
favorable geometry. Divide by 2 if you like as an estimate of GDoP
(geometric dilution of precision). Having a click with a 25 microsec
risetime is certainly not implausible.
Conclusion: A careful contemplation of the acoustics does not, in general,
rule out this form of eavesdropping. OTOH a careful spook could buy a
non-clicky keyboard.
3) MORE IMPORTANTLY, the analysis seems a bit pointless, rather like
picking the lock on the side door while the front door stands open. That
is, if I have a clicky keyboard, it is likely that certain keys emit
systematically different clicks. Certainly that is true for the keyboard I
am using at the moment. If we consider these clicks to be the codetext
alphabet, then only a rather simple substitution cipher, with perhaps some
lossy compression, stands between the adversary and my secrets (plaintexts
as well as keys).
