| Autor: |
Panda S; Department of Computer Science and Engineering, University of California, Riverside, CA 92521, USA., Liu Y; Department of Computer Science, City University of Hong Kong, Hong Kong SAR, China., Hancke GP; Department of Computer Science, City University of Hong Kong, Hong Kong SAR, China., Qureshi UM; Department of Computer Science, City University of Hong Kong, Hong Kong SAR, China.; Department of Telecommunication Engineering, Mehran University of Engineering and Technology, Jamshoro 76062, Sindh, Pakistan. |
| Abstrakt: |
This paper explores the security vulnerability of Personal Identification Number (PIN) or numeric passwords. Entry Device (PEDs) that use small strings of data (PINs, keys or passwords) as means of verifying the legitimacy of a user. Today, PEDs are commonly used by personnel in different industrial and consumer electronic applications, such as entry at security checkpoints, ATMs and customer kiosks, etc. In this paper, we propose a side-channel attack on a 4-6 digit random PIN key, and a PIN key user verification method. The intervals between two keystrokes are extracted from the acoustic emanation and used as features to train machine-learning models. The attack model has a 60% chance to recover the PIN key. The verification model has an 88% accuracy on identifying the user. Our attack methods can perform key recovery by using the acoustic side-channel at low cost. As a countermeasure, our verification method can improve the security of PIN entry devices. |
