TY - JOUR
T1 - Behavioral acoustic emanations
T2 - Attack and verification of pin entry using keypress sounds
AU - Panda, Sourav
AU - Liu, Yuanzhen
AU - Hancke, Gerhard Petrus
AU - Qureshi, Umair Mujtaba
N1 - Funding Information:
Funding: This work was supported by City University of Hong Kong Projects CityU 11200017 (7004892) and CityU 11202618 (7005053).
Publisher Copyright:
© 2019 by the authors. Licensee MDPI, Basel, Switzerland.
PY - 2020/6/1
Y1 - 2020/6/1
N2 - This paper explores the security vulnerability of Personal Identification Number (PIN) or numeric passwords. Entry Device (PEDs) that use small strings of data (PINs, keys or passwords) as means of verifying the legitimacy of a user. Today, PEDs are commonly used by personnel in different industrial and consumer electronic applications, such as entry at security checkpoints, ATMs and customer kiosks, etc. In this paper, we propose a side-channel attack on a 4–6 digit random PIN key, and a PIN key user verification method. The intervals between two keystrokes are extracted from the acoustic emanation and used as features to train machine-learning models. The attack model has a 60% chance to recover the PIN key. The verification model has an 88% accuracy on identifying the user. Our attack methods can perform key recovery by using the acoustic side-channel at low cost. As a countermeasure, our verification method can improve the security of PIN entry devices.
AB - This paper explores the security vulnerability of Personal Identification Number (PIN) or numeric passwords. Entry Device (PEDs) that use small strings of data (PINs, keys or passwords) as means of verifying the legitimacy of a user. Today, PEDs are commonly used by personnel in different industrial and consumer electronic applications, such as entry at security checkpoints, ATMs and customer kiosks, etc. In this paper, we propose a side-channel attack on a 4–6 digit random PIN key, and a PIN key user verification method. The intervals between two keystrokes are extracted from the acoustic emanation and used as features to train machine-learning models. The attack model has a 60% chance to recover the PIN key. The verification model has an 88% accuracy on identifying the user. Our attack methods can perform key recovery by using the acoustic side-channel at low cost. As a countermeasure, our verification method can improve the security of PIN entry devices.
KW - Biometric verification
KW - Personal identification number
KW - PIN entry device
KW - Side-channel attack
UR - http://www.scopus.com/inward/record.url?scp=85085607768&partnerID=8YFLogxK
U2 - 10.3390/s20113015
DO - 10.3390/s20113015
M3 - Article
C2 - 32466431
AN - SCOPUS:85085607768
VL - 20
JO - Sensors (Switzerland)
JF - Sensors (Switzerland)
SN - 1424-8220
IS - 11
M1 - 3015
ER -