Attacking Random Keypads through Click Timing Analysis

Author

Fleming, Charles ; Ning Cui ; Dawei Liu ; Haining Liang

Author_Institution

Dept. of Comput. Sci. & Software Eng., Xi´an Jiaotong-Liverpool Univ., Suzhou, China

fYear

2014

fDate

13-15 Oct. 2014

Firstpage

118

Lastpage

121

Abstract

This paper introduces a new method for attacking Personal Identification Numbers (PINs) through analysis of time delay between clicks. While click timing attacks are not new, they previously relied on known spacings between keys. In our method, we do not focus on flaws or weaknesses in the system itself, but on the flaws inherent in the human aspect of the system. Our attack exploits unconscious patterns in PIN input that are a side-effect of the human memorization process to narrow the PIN down to a specific class, such as date, greatly reducing the possible set of pass codes. To identify these patterns, we use a series of Support Vector Machines (SVM) as a multi-class classifier. Through analysis of our collected data set we demonstrate that this attack is very effective.

Keywords

pattern classification; security of data; support vector machines; PIN; SVM; attacking random keypads; click timing analysis; click timing attacks; human memorization process; multiclass classifier; pass codes; personal identification numbers; support vector machines; time delay analysis; Cameras; Computers; Pins; Software; Support vector machines; Timing; Training; PIN; Personal Identification Numbers; security; timing attack;

fLanguage

English

Publisher

ieee

Conference_Titel

Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2014 International Conference on

Conference_Location

Shanghai

Print_ISBN

978-1-4799-6235-8

Type

conf

DOI

10.1109/CyberC.2014.28

Filename

6984291