From Electromyogram to Password: Exploring the Privacy Impact of Wearables in Augmented Reality

Authors:
Ruide Zhang

Virginia Polytechnic Institute and State University, Virginia, USA

Virginia Polytechnic Institute and State University, Virginia, USA

0000-0002-3639-6217
View Profile

,
Ning Zhang

Virginia Polytechnic Institute and State University, Virginia, USA

Virginia Polytechnic Institute and State University, Virginia, USA
View Profile

,
Changlai Du

Virginia Polytechnic Institute and State University, Virginia, USA

Virginia Polytechnic Institute and State University, Virginia, USA
View Profile

,
Wenjing Lou

Virginia Polytechnic Institute and State University, Virginia, USA

Virginia Polytechnic Institute and State University, Virginia, USA
View Profile

,
Y. Thomas Hou

Virginia Polytechnic Institute and State University, Virginia, USA

Virginia Polytechnic Institute and State University, Virginia, USA
View Profile

,
Yuichi Kawamoto

Tohoku University, Sendai, Japan

Tohoku University, Sendai, Japan
View Profile

ACM Transactions on Intelligent Systems and Technology Volume 9 Issue 1Article No.: 13pp 1–20https://doi.org/10.1145/3078844

Published:04 September 2017Publication History

ACM Transactions on Intelligent Systems and Technology

Abstract

With the increasing popularity of augmented reality (AR) services, providing seamless human-computer interactions in the AR setting has received notable attention in the industry. Gesture control devices have recently emerged to be the next great gadgets for AR due to their unique ability to enable computer interaction with day-to-day gestures. While these AR devices are bringing revolutions to our interaction with the cyber world, it is also important to consider potential privacy leakages from these always-on wearable devices. Specifically, the coarse access control on current AR systems could lead to possible abuse of sensor data.

Although the always-on gesture sensors are frequently quoted as a privacy concern, there has not been any study on information leakage of these devices. In this article, we present our study on side-channel information leakage of the most popular gesture control device, Myo. Using signals recorded from the electromyography (EMG) sensor and accelerometers on Myo, we can recover sensitive information such as passwords typed on a keyboard and PIN sequence entered through a touchscreen. EMG signal records subtle electric currents of muscle contractions. We design novel algorithms based on dynamic cumulative sum and wavelet transform to determine the exact time of finger movements. Furthermore, we adopt the Hudgins feature set in a support vector machine to classify recorded signal segments into individual fingers or numbers. We also apply coordinate transformation techniques to recover fine-grained spatial information with low-fidelity outputs from the sensor in keystroke recovery.

We evaluated the information leakage using data collected from a group of volunteers. Our results show that there is severe privacy leakage from these commodity wearable sensors. Our system recovers complex passwords constructed with lowercase letters, uppercase letters, numbers, and symbols with a mean success rate of 91%.

References

Apple. 2017. Apple Watch Series 2—Technical Specifications. (2017). https://support.apple.com/kb/SP746?locale=en_US.Google Scholar
Yousef Al-Assaf. 2006. Surface myoelectric signal analysis: Dynamic approaches for change detection and classification. IEEE Transactions on Biomedical Engineering 53, 11 (2006), 2248--2256. Google ScholarCross Ref
Kamran Ali, Alex X. Liu, Wei Wang, and Muhammad Shahzad. 2015. Keystroke recognition using WiFi signals. In Proceedings of the 21st Annual International Conference on Mobile Computing and Networking. ACM, 90--102. Google ScholarDigital Library
Dmitri Asonov and Rakesh Agrawal. 2004. Keyboard acoustic emanations. In Proceedings of the IEEE Symposium on Security and Privacy, Vol. 2004. 3--11. Google ScholarCross Ref
Ronald Azuma, Yohan Baillot, Reinhold Behringer, Steven Feiner, Simon Julier, and Blair MacIntyre. 2001. Recent advances in augmented reality. IEEE Computer Graphics and Applications 21, 6 (2001), 34--47. Google ScholarDigital Library
Myo Blog. 2015. Jake Sims is a straight-up wizard. Retrieved from http://developerblog.myo.com/featured-dev-jake-sims/.Google Scholar
Bloomburg. 2016. Goldman Sachs has four charts showing the huge potential in virtual and augmented reality. Retrieved from http://www.bloomberg.com/news/articles/2016-01-13/goldman-sachs-has-four-charts-showing-the-huge-potential-in-virtual-and-augmented-reality.Google Scholar
Davide Balzarotti, Marco Cova, and Giovanni Vigna. 2008. Clearshot: Eavesdropping on keyboard input from video. In Proceedings of the 2008 IEEE Symposium on Security and Privacy (sp 2008). IEEE, 170--183.Google ScholarDigital Library
Mourad Barkat. 2005. Signal Detection and Estimation. Artech House.Google Scholar
John V. Basmajian and C. J. De Luca. 1985. Muscles alive. Muscles Alive: Their Functions Revealed by Electromyography 278 (1985), 126.Google Scholar
Yigael Berger, Avishai Wool, and Arie Yeredor. 2006. Dictionary attacks using keyboard acoustic emanations. In Proceedings of the 13th ACM Conference on Computer and Communications Security. ACM, 245--254. Google ScholarDigital Library
CNET. 2016. Microsoft’s HoloLens is super limited—and hella magical. Retrieved from https://www.cnet.com/products/microsoft-hololens-hands-on/.Google Scholar
Liang Cai and Hao Chen. 2011. TouchLogger: Inferring keystrokes on touch screen from smartphone motion. HotSec 11 (2011), 9--9.Google ScholarDigital Library
Thomas P. Caudell and David W. Mizell. 1992. Augmented reality: An application of heads-up display technology to manual manufacturing processes. In Proceedings of the 25th Hawaii International Conference on System Sciences, 1992, Vol. 2. IEEE, 659--669. Google ScholarCross Ref
Francis H. Y. Chan, Yong-Sheng Yang, F. K. Lam, Yuan-Ting Zhang, and Philip A. Parker. 2000. Fuzzy EMG classification for prosthesis control. IEEE Transactions on Rehabilitation Engineering 8, 3 (2000), 305--311. Google ScholarCross Ref
Charles K. Chui. 2014. An Introduction to Wavelets. Vol. 1. Academic Press.Google Scholar
Enrico Costanza, Andreas Kunz, and Morten Fjeld. 2009. Mixed reality: A survey. In Human Machine Interaction. Springer, 47--68. Google ScholarDigital Library
Carlo J. De Luca, Alexander Adam, Robert Wotiz, L. Donald Gilmore, and S. Hamid Nawab. 2006. Decomposition of surface EMG signals. Journal of Neurophysiology 96, 3 (2006), 1646--1657. Google ScholarCross Ref
Cynthia Dwork. 2006. Differential privacy. In Proceedings of the 33rd International Colloquium on Automata, Languages and Programming, Part II (ICALP’06). Google ScholarDigital Library
Wassim El Falou, Mohamad Khalil, and Jacques Duchene. 2000. AR-based method for change detection using dynamic cumulative sum. In Proceedings of the 7th IEEE Internattional Conference on Electronics, Circuits and Systems (ICECS), Vol. 1. 157--160. Google ScholarCross Ref
Kevin Englehart, Bernard Hudgins, Philip A. Parker, and Maryhelen Stevenson. 1999. Classification of the myoelectric signal using time-frequency based representations. Medical Engineering 8 Physics 21, 6 (1999), 431--438.Google Scholar
Fitbit. 2017. Fitbit Specs. Retrieved from https://www.fitbit.com/surge#specs.Google Scholar
Craig L. Fancourt and Jose C. Principe. 2000. On the use of neural networks in the generalized likelihood ratio test for detecting abrupt changes in signals. In IJCNN (2). 243--252. Google ScholarCross Ref
Kristin A. Farry, Ian D. Walker, and Richard G. Baraniuk. 1996. Myoelectric teleoperation of a complex robotic hand. IEEE Transactions on Robotics and Automation 12, 5 (1996), 775--788. Google ScholarCross Ref
Steven Feiner, Blair MacIntyre, Tobias Höllerer, and Anthony Webster. 1997. A touring machine: Prototyping 3D mobile augmented reality systems for exploring the urban environment. Personal Technologies 1, 4 (1997), 208--217. Google ScholarCross Ref
Earlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro Conti, and Atul Prakash. 2016. Flowfence: Practical data protection for emerging IoT application frameworks. In Proceedings of the USENIX Security Symposium.Google ScholarDigital Library
Olivia A. Grigg, V. T. Farewell, and D. J. Spiegelhalter. 2003. Use of risk-adjusted CUSUM and RSPRTcharts for monitoring in medical contexts. Statistical Methods in Medical Research 12, 2 (2003), 147--170. Google ScholarCross Ref
Bernard Hudgins, Philip Parker, and Robert N. Scott. 1993. A new strategy for multifunction myoelectric control. IEEE Transactions on Biomedical Engineering 40, 1 (1993), 82--94. Google ScholarCross Ref
Chuck Jorgensen, Diana D. Lee, and Shane Agabont. 2003. Sub auditory speech recognition based on EMG signals. In Proceedings of the International Joint Conference on Neural Networks, 2003, Vol. 4. IEEE, 3128--3133. Google ScholarCross Ref
S. Sathiya Keerthi, Shirish Krishnaj Shevade, Chiranjib Bhattacharyya, and Karuturi Radha Krishna Murthy. 2001. Improvements to Platt’s SMO algorithm for SVM classifier design. Neural Computation 13, 3 (2001), 637--649. Google ScholarDigital Library
Mohamad Khalil and Jacques Duchêne. 1999. Dynamic cumulative sum approach for change detection. IEEE Transactions on Signal Processing 47, 4 (1999), 1205.Google Scholar
Mohamad Khalil and Jacques Duchêne. 2000. Uterine EMG analysis: A dynamic approach for change detection and classification. IEEE Transactions on Biomedical Engineering 47, 6 (2000), 748--756.Google ScholarCross Ref
Robert Lewand. 2000. Cryptological Mathematics. MAA.Google Scholar
Mengyuan Li, Yan Meng, Junyi Liu, Haojin Zhu, Xiaohui Liang, Yao Liu, and Na Ruan. 2016. When CSI meets public WiFi: Inferring your mobile phone password via wifi signals. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1068--1079. Google ScholarDigital Library
Xiangyu Liu, Zhe Zhou, Wenrui Diao, Zhou Li, and Kehuan Zhang. 2015. When good becomes evil: Keystroke inference with smartwatch. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 1273--1285. Google ScholarDigital Library
Myo. 2016. Homepage. Retrieved from https://www.myo.com/.Google Scholar
Federico Maggi, Simone Gasparini, and Giacomo Boracchi. 2011. A fast eavesdropping attack against touchscreens. In Proceedings of the 2011 7th International Conference on Information Assurance and Security (IAS). IEEE, 320--325. Google ScholarCross Ref
Anindya Maiti, Oscar Armbruster, Murtuza Jadliwala, and Jibo He. 2016. Smartwatch-based keystroke inference attacks and context-aware protection mechanisms. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. ACM, 795--806. Google ScholarDigital Library
Steve Mann. 1997. Wearable computing: A first step toward personal imaging. Computer 30, 2 (1997), 25--32. Google ScholarDigital Library
Elaine Nicpon Marieb and Katja Hoehn. 2007. Human Anatomy 8 Physiology. Pearson Education.Google Scholar
Philip Marquardt, Arunabh Verma, Henry Carter, and Patrick Traynor. 2011. (sp) iPhone: Decoding vibrations from nearby keyboards using mobile phone accelerometers. In Proceedings of the 18th ACM Conference on Computer and Communications Security. ACM, 551--562. Google ScholarDigital Library
Emiliano Miluzzo, Alexander Varshavsky, Suhrid Balakrishnan, and Romit Roy Choudhury. 2012. Tapprints: Your finger taps have fingerprints. In Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services. ACM, 323--336. Google ScholarDigital Library
Oussama Mustapha, Dimitri Lefebvre, Ghaleb Hoblos, Houcine Chafouk, and Mohamad Khalil. 2008a. Fault Detection Algorithm Based on Filters Bank Derived from Wavelet Packets. INTECH Open Access Publisher. Google ScholarCross Ref
Oussama Mustapha, Dimitri Lefebvre, Mohamad Khalil, Ghaleb Hoblos, and Houcine Chafouk. 2008b. Filters bank derived from the wavelet transform for real time change detection in signal. In Proceedings of the 3rd International Conference on Information and Communication Technologies: From Theory to Applications (ICTTA’08). IEEE, 1--6. Google ScholarCross Ref
George Papagiannakis, Gurminder Singh, and Nadia Magnenat-Thalmann. 2008. A survey of mobile and wireless technologies for augmented reality systems. Computer Animation and Virtual Worlds 19, 1 (2008), 3--22. Google ScholarDigital Library
Ratatype. 2016. Learn how to touch type. Retrieved from http://www.ratatype.com/learn.Google Scholar
DC Rainmaker. 2017. Hands-on: Garmins New Fenix 5 Multisport GPS Series with mapping! Retruecved from https://www.dcrainmaker.com/2017/01/hands-on-garmins-new-fenix-5-multisport-gps-serieswith-mapping.html.Google Scholar
Rahul Raguram, Andrew M. White, Dibyendusekhar Goswami, Fabian Monrose, and Jan-Michael Frahm. 2011. iSpy: Automatic reconstruction of typed input from compromising reflections. In Proceedings of the 18th ACM Conference on Computer and Communications Security. ACM, 527--536. Google ScholarDigital Library
Samsung. 2016. [In-Depth Look] The Parts and Pieces that Make the Gear S3 Tick. Retrieved from https://news.samsung.com/global/in-depth-look-the-parts-and-pieces-that-make-the-gear-s3-tick.Google Scholar
Diksha Shukla, Rajesh Kumar, Abdul Serwadda, and Vir V. Phoha. 2014. Beware, your hands reveal your secrets!. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 904--917. Google ScholarDigital Library
Ivan E. Sutherland. 1968. A head-mounted three dimensional display. In Proceedings of the December 9--11, 1968, Fall Joint Computer Conference, Part I. ACM, 757--764. Google ScholarDigital Library
G. Tsenov, A. H. Zeghbib, F. Palis, N. Shoylev, and V. Mladenov. 2006. Neural networks for online classification of hand and finger movements using surface EMG signals. In Proceedings of the 2006 8th Seminar on Neural Network Applications in Electrical Engineering. IEEE, 167--171. Google ScholarCross Ref
D. W. F. Van Krevelen and R. Poelman. 2010. A survey of augmented reality technologies, applications and limitations. International Journal of Virtual Reality 9, 2 (2010), 1.Google ScholarCross Ref
Martin Vuagnoux and Sylvain Pasini. 2009. Compromising electromagnetic emanations of wired and wireless keyboards. In Proceedings of the USENIX Security Symposium. 1--16.Google Scholar
Chen Wang, Xiaonan Guo, Yan Wang, Yingying Chen, and Bo Liu. 2016. Friend or foe?: Your wearable devices reveal your personal PIN. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. ACM, 189--200. Google ScholarDigital Library
He Wang, Ted Tsung-Te Lai, and Romit Roy Choudhury. 2015. Mole: Motion leaks through smartwatch sensors. In Proceedings of the 21st Annual International Conference on Mobile Computing and Networking. ACM, 155--166. Google ScholarDigital Library
Zhi Xu, Kun Bai, and Sencun Zhu. 2012. Taplogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors. In Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks. ACM, 113--124. Google ScholarDigital Library
Feng Zhou, Henry Been-Lirn Duh, and Mark Billinghurst. 2008. Trends in augmented reality tracking, interaction and display: A review of ten years of ISMAR. In Proceedings of the 7th IEEE/ACM International Symposium on Mixed and Augmented Reality. IEEE Computer Society, 193--202.Google Scholar
Tong Zhu, Qiang Ma, Shanfeng Zhang, and Yunhao Liu. 2014. Context-free attacks using keyboard acoustic emanations. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 453--464. Google ScholarDigital Library
Li Zhuang, Feng Zhou, and J. Doug Tygar. 2009. Keyboard acoustic emanations revisited. ACM Transactions on Information and System Security (TISSEC) 13, 1 (2009), 3.Google ScholarDigital Library

Index Terms

From Electromyogram to Password: Exploring the Privacy Impact of Wearables in Augmented Reality

Recommendations

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Intelligent Systems and Technology Volume 9, Issue 1
Regular Papers and Special Issue: Data-driven Intelligence for Wireless Networking
January 2018
258 pages
ISSN:2157-6904
EISSN:2157-6912
DOI:10.1145/3134224
Editor:
Yu Zheng
Microsoft Research, China
Issue’s Table of Contents
Copyright © 2017 ACM
© 2017 Association for Computing Machinery. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of the United States government. As such, the United States Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 4 September 2017
- Accepted: 1 April 2017
- Revised: 1 February 2017
- Received: 1 November 2016
Published in tist Volume 9, Issue 1

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
EMG side-channel
Information leakage
PIN sequence inference
augmented reality
keystroke detection
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 11
  Total Citations
  View Citations
- 581
  Total Downloads
- Downloads (Last 12 months)82
- Downloads (Last 6 weeks)10
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

From Electromyogram to Password: Exploring the Privacy Impact of Wearables in Augmented Reality

ACM Transactions on Intelligent Systems and Technology

Abstract

References

Cited By

Index Terms

Recommendations

Pocket Password Book (Password): A discreet internet password organizer

Password Book: Password Journal / Password Organizer / Password Keeper / Internet Usernames and Passwords / Internet Password Logbook A Passkey Log ... seamless pattern collection) (Volume 48)

Password Keeper: 5x8 Internet Password Organizer - 110 Pages 300 Password Records - Discreet Password Book - Vol.1 Password Keeper