MAGLeak: A Learning-Based Side-Channel Attack for Password Recognition With Multiple Sensors in IIoT Environment

As an emerging technology, industrial Internet of Things (IIoT) connects massive sensors and actuators to empower industrial sectors being smart, autonomous, efficient, and safety. However, due the large number of build-in sensors of IIoT smart devices, the IIoT systems are vulnerable to side-channel attack. In this article, a novel side-channel-based passwords cracking system, namely MAGLeak, is proposed to recognize the victim's passwords by leveraging accelerometer, gyroscope, and magnetometer of IIoT touch-screen smart device. Specifically, an event-driven data collection method is proposed to ensure that the user's keystroke behavior can be reflected accurately by the obtained measurements of three sensors. Moreover, random forest algorithm is leveraged for the recognition module, followed by a data preprocessing process. Extensive experimental results demonstrate that MAGLeak achieves a high recognition accuracy under small training dataset, e.g., achieving recognition accuracy 98% of each single key for 2000 training samples.