TY - JOUR
T1 - From electromyogram to password
T2 - Exploring the privacy impact of wearables in augmented reality
AU - Zhang, Ruide
AU - Zhang, Ning
AU - Du, Changlai
AU - Lou, Wenjing
AU - Hou, Y. Thomas
AU - Kawamoto, Yuichi
N1 - Funding Information:
This work was supported in part by the National Science Foundation under Grants CNS-1217889, CNS-1405747, CNS-1446478, CNS-1443889. Authors’ addresses: R. Zhang, N. Zhang, and C. Du, Room 314, 7054 Haycock Road, Falls Church, VA 22043, USA; emails: {rdzhang, ningzh, leondu}@vt.edu; W. Lou, Room 304, 7054 Haycock Road, Falls Church, VA 22043, USA; email: wjlou@vt.edu; Y. Thomas Hou, 302 Whittemore Hall, Blacksburg, VA 24061, USA; email: thou@vt.edu; Y. Kawamoto, To-hoku University, Sendai 980-8577, Japan; email: youpsan@it.ecei.tohoku.ac.jp. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies show this notice on the first page or initial screen of a display along with the full citation. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, to redistribute to lists, or to use any component of this work in other works requires prior specific permission and/or a fee. Permissions may be requested from Publications Dept., ACM, Inc., 2 Penn Plaza, Suite 701, New York, NY 10121-0701 USA, fax + 1 (212) 869-0481, or permissions@acm.org. © 2017 ACM 2157-6904/2017/09-ART13 $15.00 https://doi.org/10.1145/3078844
Publisher Copyright:
© 2017 ACM.
PY - 2017/9
Y1 - 2017/9
N2 - With the increasing popularity of augmented reality (AR) services, providing seamless human-computer interactions in the AR setting has received notable attention in the industry. Gesture control devices have recently emerged to be the next great gadgets for AR due to their unique ability to enable computer interaction with day-to-day gestures. While these AR devices are bringing revolutions to our interaction with the cyber world, it is also important to consider potential privacy leakages from these always-on wearable devices. Specifically, the coarse access control on current AR systems could lead to possible abuse of sensor data. Although the always-on gesture sensors are frequently quoted as a privacy concern, there has not been any study on information leakage of these devices. In this article, we present our study on side-channel information leakage of the most popular gesture control device, Myo. Using signals recorded from the electromyo-graphy (EMG) sensor and accelerometers on Myo, we can recover sensitive information such as passwords typed on a keyboard and PIN sequence entered through a touchscreen. EMG signal records subtle electric currents of muscle contractions. We design novel algorithms based on dynamic cumulative sum and wavelet transform to determine the exact time of finger movements. Furthermore, we adopt the Hudgins feature set in a support vector machine to classify recorded signal segments into individual fingers or numbers. We also apply coordinate transformation techniques to recover fine-grained spatial information with low-fidelity outputs from the sensor in keystroke recovery. We evaluated the information leakage using data collected from a group of volunteers. Our results show that there is severe privacy leakage from these commodity wearable sensors. Our system recovers complex passwords constructed with lowercase letters, uppercase letters, numbers, and symbols with a mean success rate of 91%.
AB - With the increasing popularity of augmented reality (AR) services, providing seamless human-computer interactions in the AR setting has received notable attention in the industry. Gesture control devices have recently emerged to be the next great gadgets for AR due to their unique ability to enable computer interaction with day-to-day gestures. While these AR devices are bringing revolutions to our interaction with the cyber world, it is also important to consider potential privacy leakages from these always-on wearable devices. Specifically, the coarse access control on current AR systems could lead to possible abuse of sensor data. Although the always-on gesture sensors are frequently quoted as a privacy concern, there has not been any study on information leakage of these devices. In this article, we present our study on side-channel information leakage of the most popular gesture control device, Myo. Using signals recorded from the electromyo-graphy (EMG) sensor and accelerometers on Myo, we can recover sensitive information such as passwords typed on a keyboard and PIN sequence entered through a touchscreen. EMG signal records subtle electric currents of muscle contractions. We design novel algorithms based on dynamic cumulative sum and wavelet transform to determine the exact time of finger movements. Furthermore, we adopt the Hudgins feature set in a support vector machine to classify recorded signal segments into individual fingers or numbers. We also apply coordinate transformation techniques to recover fine-grained spatial information with low-fidelity outputs from the sensor in keystroke recovery. We evaluated the information leakage using data collected from a group of volunteers. Our results show that there is severe privacy leakage from these commodity wearable sensors. Our system recovers complex passwords constructed with lowercase letters, uppercase letters, numbers, and symbols with a mean success rate of 91%.
KW - Augmented reality
KW - EMG side-channel
KW - Information leakage
KW - Keystroke detection
KW - PIN sequence inference
UR - http://www.scopus.com/inward/record.url?scp=85030172268&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85030172268&partnerID=8YFLogxK
U2 - 10.1145/3078844
DO - 10.1145/3078844
M3 - Article
AN - SCOPUS:85030172268
SN - 2157-6904
VL - 9
JO - ACM Transactions on Intelligent Systems and Technology
JF - ACM Transactions on Intelligent Systems and Technology
IS - 1
M1 - 13
ER -