PM IAS EDITORIAL ANALYSIS AUG 21

Editorial 1: How AI is used to increase the frequency of Acoustic Side Channel Attacks

Context

  • Artificial Intelligence (AI) can be used to decode passwords by analysing the sound produced by keystrokes. The study highlighted the accuracy of Acoustic Side Channel Attacks (ASCA) when state-of-the-art deep learning models were used to classify laptop keystrokes and their mitigation.

Defining ASCA

  • To understand Acoustic Side Channel Attacks, one should know Side Channel Attacks (SCAs).
  • SCAs are a method of hacking a cryptographic algorithm based on the analysis of auxiliary systems used in the encryption method.
  • These can be performed using a collection of signals emitted by devices, including electromagnetic waves, power consumption, mobile sensors as well as sound from keyboards and printers to target devices.
  • Once collected, these signals are used to interpret signals that can be then used to compromise the security of a device.
  • In an ASCA, the sound of clicks generated by a keyboard is used to analyse keystrokes and interpret what is being typed to leak sensitive information.
  • These attacks are particularly dangerous as the acoustic sounds from a keyboard are not only readily available but also because their misuse is underestimated by users.
  • While most users hide their screens when typing sensitive information, no precautionary steps are taken to hide the sound of the keystrokes.
  • And though over time, the sound of keyboard clicks has become less profound with devices making use of non-mechanical keyboards, the technology with which the acoustics can be accessed and processed has also improved drastically.
  • Additionally, the use of laptops has increased the scope of ASCAs as laptop models have the same keyboard making it easier for AI-enabled deep learning models to pick up and interpret the acoustics.

The accuracy

  • The study found that when trained on keystrokes by a nearby phone, the classifier achieved an accuracy of 95%, the highest accuracy seen without the use of a language model.
  • When a deep learning model was trained on the data with default values, the model was able to acquire a meaningful interpretation of the data.
  • Additionally, when the AI model was made to recognise keystrokes using audio captured through a smartphone microphone, it was able to achieve 95% accuracy.

ASCA attacks

  • ASCA attacks are not new and have been around since 1950 when acoustic emanations of encryption devices were used to crack their security.
  • Over the past decades, researchers have published papers talking about the threats from ASCA attacks with the advent of modern technology that brought more microphones in close proximity to keyboards, making it easier to collect and interpret acoustic data.
  • However, with the increasing use of AI and the accuracy with which deep learning models can recognise and analyse keystrokes, the threat from ASCA has resurfaced.

Protection against ASCA

  • While there is no explicit means of defence against ASCAs, simple changes to typing could reduce the chances of attacks.
  • Using touch-based typing can also reduce the chances of successful keystroke recognition from 64% to 40%, making it more difficult for threat actors to leak sensitive information.
  • Additionally, changes in typing style and creating stronger passwords that use a combination of upper- and lower-case alphabets can make it more difficult for criminals to launch successful ASCA attacks.

Way forward

  • Users should also avoid the use of easily recognisable phrases which can make it easier for AI models to predict the text.

Editorial 2: What is RBI’s new pilot for frictionless credit?

Context

  • On August 17, the RBI commenced a pilot programme endeavouring to evaluate the feasibility and functionality of the ‘Public Tech Platform for Frictionless Credit’. The suggested platform would strive to “enable delivery of frictionless credit by facilitating seamless flow of required digital information to lenders.”

The Platform

  • Digital delivery of credit (delivering credit/loans though digital means) or any loan is preceded by a process of scrutiny known as credit appraisal.
  • The process attempts to evaluate and accordingly predict the prospective borrowers’ ability for repayment of credit/loan and adhering to the credit agreement.
  • This pre-disbursal process is particularly important for banks since it would in turn determine their interest income and impact on the balance sheet.
  • The central banking regulator has observed that the data required for the process rests with different entities like central and state governments, account aggregators, banks, credit information companies, and digital identity authorities.
  • This new platform would bring all of it together in a single place. To facilitate “frictionless” and “timely delivery” of loans, the central banking regulator had instituted a pilot project for the digitalisation of Kisan Credit Card (KCC) loans.
  •  It tested “end-to-end digitalisation of the lending process in a paperless and hassle-free manner”.
  • The pilot is currently ongoing in select districts of Madhya Pradesh, Tamil Nadu, Karnataka, Uttar Pradesh and Maharashtra.
  • It provides for “doorstep disbursement of loans in assisted or self-service mode without any paperwork.”

About new pilot

  • The platform is premised around the learnings from all the ongoing programmes, and further expands the scope to all types of digital loans.
  • The public platform will be developed by its wholly owned subsidiary, the Reserve Bank Innovation Hub (RBIH).
  • The proposed end-to-end platform will have an open architecture, open Application Programming Interfaces (API) and standards, to which all financial sector players would be able to connect seamlessly in a ‘plug and play’ model.
  • With the participation from certain banks, the platform would extend its focus also towards dairy loans, MSME loans (without collateral), personal loans and home loans.
  • It is expected to link with services like Aadhar e-KYC, Aadhar e-signing, land records from onboarded State governments, satellite data, PAN validation, transliteration, account aggregation by account aggregators (AAs), milk pouring data from select dairy co-operatives, and house/property search data.
  • Thus, it would cover all aspects of farming operations alongside those necessary for ascertaining financial profiles.
  • Based on the learnings from this project, the scope and coverage would be further expanded to include more information providers and lenders.

Serving the purpose

  • Experts, including the World Bank, point out that improved access to information provides the basis for fact-based and quick credit assessments.
  • It ensures that credit is extended to a larger set of borrowers with good credit history.
  • The borrowers too would benefit by the resulting lower cost of accessing capital, which would translate into productive investment spending.
  •  Availing formal credit may entail multiple visits to the bank alongside cumbersome documentation.
  • This translates to higher operational costs for lenders which may also get distributed to borrowers.

Conclusion

  • As per media reports, an RBI survey indicated that processing of farm loans used to take two to four weeks and cost about 6% of the loan’s total value. All in all, the lending platform would bring about “reduction of costs, quicker disbursement and scalability,” RBI noted.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *