Behavioral acoustic emanations: Attack and verification of pin entry using keypress sounds

Sourav Panda, Yuanzhen Liu, Gerhard Petrus Hancke, Umair Mujtaba Qureshi

Research output: Contribution to journalArticlepeer-review

5 Citations (Scopus)

Abstract

This paper explores the security vulnerability of Personal Identification Number (PIN) or numeric passwords. Entry Device (PEDs) that use small strings of data (PINs, keys or passwords) as means of verifying the legitimacy of a user. Today, PEDs are commonly used by personnel in different industrial and consumer electronic applications, such as entry at security checkpoints, ATMs and customer kiosks, etc. In this paper, we propose a side-channel attack on a 4–6 digit random PIN key, and a PIN key user verification method. The intervals between two keystrokes are extracted from the acoustic emanation and used as features to train machine-learning models. The attack model has a 60% chance to recover the PIN key. The verification model has an 88% accuracy on identifying the user. Our attack methods can perform key recovery by using the acoustic side-channel at low cost. As a countermeasure, our verification method can improve the security of PIN entry devices.

Original languageEnglish
Article number3015
JournalSensors (Switzerland)
Volume20
Issue number11
DOIs
Publication statusPublished - 1 Jun 2020

Keywords

  • Biometric verification
  • Personal identification number
  • PIN entry device
  • Side-channel attack

Fingerprint

Dive into the research topics of 'Behavioral acoustic emanations: Attack and verification of pin entry using keypress sounds'. Together they form a unique fingerprint.

Cite this