PEK - Privacy Enhancing Keyboard


PEK is a novel context aware privacy enhancing keyboard for touch-enabled device. When a user inputs normal text like an email or a message, PEK shows a normal QWERTY keyboard or a system default keyboard. However, every time a user of a touch-enabled device presses a password input box on the screen, PEK will randomly shuffle the positions of the characters on the keyboard and show this randomized keyboard to the user. PEK's usability is well preserved since PEK is context aware. That is, a randomized keyboard shows up only when a user inputs a password or pin, and users do NOT input passwords quite often in their daily use of a touch-enabled device.

PEK can resist various attacks including the fingerprint attack disclosing passwords from fingerprints left on touch screen, attacks by malicious apps reading orientation and accelerometer data to infer tapped passwords, attacks utilizing vibrations of tapping keys, attacks exploiting thermal residue of finger left on the pressed keys on a keypad in order to infer tapped keys or pins, and various shoulder surfing attacks.

Two versions are available on Google Play
1. PEK English: support English language input
2. PEK Chinese: support both Chinese and English language input

Publications:

  1. Qinggang Yue, Zhen Ling, Xinwen Fu, Benyuan Liu, Kui Ren, Wei Zhao, "Blind Recognition of Touched Keys on Mobile Devices", in Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS'14), Scottsdale, Arizona, USA, November 3-7, 2014, pp. 1403-1414.

Video demo

PEK - Randomized Keys

PEK - Borownian Motion