Issues

Government Authentication
Personal Identity
Federal Standards
Governance
R&D
Resources
Legislation and Policy
Liability
Power Grid
Procurement


Library

o Government Authentication Library
o Personal Identity Library
o Federal Standards Library
o Governance Library
o R&D Library
o Resources Library
o Legislation and Policy Library

CRE Interventions
  Agency Administrative Actions
  Rulemaking
  Litigation

 ICANNfocus Archives

 

The Sound of One Finger Typing
A recent study by a Professor of Computer Science at U.C. Berkeley demonstrated that the sound of the computer keyboard can give away what is being typed. Each keystroke on a computer has a slightly different sound. The Professor and his team were able to write a program exploiting this sonic difference to decode what was being typed. Accuracy was improved by applying a spelling and grammar checker as well as using the program on an iterative basis. Accuracy can be as high as 96% for characters and 88% for words. Shift, caps lock and a few other keys still give the program a few problems.

"It's a form of acoustical spying that should raise red flags among computer security and privacy experts. If we were able to figure this out, it's likely that people with less honorable intentions can, or have, as well," the Professor explained.

The lesson of the story is not to develop silent keyboards, although they may be appropriate in certain circumstances. Instead, the findings highlight the need for federal cybersecurity experts to be increasingly creative in order to detect and defeat hacking techniques.

Federal agencies have already established a variety of policies and programs to enhance cybersecurity as well as law enforcement efforts to track down cyber-criminals. The CIA has taken the astute step of establishing a venture capital firm to fund cutting-edge technologies. What is also needed is for the government to look at next generation cyber-threats – before they are employed. Although new threats may be high tech, they could also simply be the ingenious use of existing tools and techniques.

Although federal efforts to imagine and address potential new cyber-threats could take many forms, they should include two elements: 1) participation by the private sector and academia; and 2) security measures to ensure that the project does not act as a tip sheet for the malevolently inclined.

  • See Scientific American article

  • Copyright © 2005 The Center for Regulatory Effectiveness.
    All rights reserved.