Attacking random keypads through click timing analysis

Charles Fleming; Ning Cui; Dawei Liu; Haining Liang

doi:10.1109/CyberC.2014.28

Attacking random keypads through click timing analysis

Charles Fleming^*, Ning Cui, Dawei Liu, Haining Liang

^*Corresponding author for this work

Xi'an Jiaotong-Liverpool University

Research output: Chapter in Book or Report/Conference proceeding › Conference Proceeding › peer-review

3 Citations (Scopus)

Abstract

This paper introduces a new method for attacking Personal Identification Numbers (PINs) through analysis of time delay between clicks. While click timing attacks are not new, they previously relied on known spacings between keys. In our method, we do not focus on flaws or weaknesses in the system itself, but on the flaws inherent in the human aspect of the system. Our attack exploits unconscious patterns in PIN input that are a side-effect of the human memorization process to narrow the PIN down to a specific class, such as date, greatly reducing the possible set of pass codes. To identify these patterns, we use a series of Support Vector Machines (SVM) as a multi-class classifier. Through analysis of our collected data set we demonstrate that this attack is very effective.

Original language	English
Title of host publication	Proceedings - 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2014
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	118-121
Number of pages	4
ISBN (Electronic)	9781479962358
DOIs	https://doi.org/10.1109/CyberC.2014.28
Publication status	Published - 12 Dec 2014
Event	6th International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2014 - Shanghai, China Duration: 10 Oct 2014 → 12 Oct 2014

Publication series

Name	Proceedings - 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2014

Conference

Conference	6th International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2014
Country/Territory	China
City	Shanghai
Period	10/10/14 → 12/10/14

Keywords

PIN
Personal Identification Numbers
security
timing attack

Access to Document

10.1109/CyberC.2014.28

Cite this

Fleming, C., Cui, N., Liu, D., & Liang, H. (2014). Attacking random keypads through click timing analysis. In Proceedings - 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2014 (pp. 118-121). Article 6984291 (Proceedings - 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2014). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CyberC.2014.28

Fleming, Charles ; Cui, Ning ; Liu, Dawei et al. / Attacking random keypads through click timing analysis. Proceedings - 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2014. Institute of Electrical and Electronics Engineers Inc., 2014. pp. 118-121 (Proceedings - 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2014).

@inproceedings{4157f3d5addd44629a7344c775168cc9,

title = "Attacking random keypads through click timing analysis",

abstract = "This paper introduces a new method for attacking Personal Identification Numbers (PINs) through analysis of time delay between clicks. While click timing attacks are not new, they previously relied on known spacings between keys. In our method, we do not focus on flaws or weaknesses in the system itself, but on the flaws inherent in the human aspect of the system. Our attack exploits unconscious patterns in PIN input that are a side-effect of the human memorization process to narrow the PIN down to a specific class, such as date, greatly reducing the possible set of pass codes. To identify these patterns, we use a series of Support Vector Machines (SVM) as a multi-class classifier. Through analysis of our collected data set we demonstrate that this attack is very effective.",

keywords = "PIN, Personal Identification Numbers, security, timing attack",

author = "Charles Fleming and Ning Cui and Dawei Liu and Haining Liang",

note = "Publisher Copyright: {\textcopyright} 2014 IEEE.; 6th International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2014 ; Conference date: 10-10-2014 Through 12-10-2014",

year = "2014",

month = dec,

day = "12",

doi = "10.1109/CyberC.2014.28",

language = "English",

series = "Proceedings - 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2014",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "118--121",

booktitle = "Proceedings - 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2014",

}

Fleming, C, Cui, N, Liu, D & Liang, H 2014, Attacking random keypads through click timing analysis. in Proceedings - 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2014., 6984291, Proceedings - 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2014, Institute of Electrical and Electronics Engineers Inc., pp. 118-121, 6th International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2014, Shanghai, China, 10/10/14. https://doi.org/10.1109/CyberC.2014.28

Attacking random keypads through click timing analysis. / Fleming, Charles; Cui, Ning; Liu, Dawei et al.
Proceedings - 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2014. Institute of Electrical and Electronics Engineers Inc., 2014. p. 118-121 6984291 (Proceedings - 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2014).

Research output: Chapter in Book or Report/Conference proceeding › Conference Proceeding › peer-review

TY - GEN

T1 - Attacking random keypads through click timing analysis

AU - Fleming, Charles

AU - Cui, Ning

AU - Liu, Dawei

AU - Liang, Haining

PY - 2014/12/12

Y1 - 2014/12/12

N2 - This paper introduces a new method for attacking Personal Identification Numbers (PINs) through analysis of time delay between clicks. While click timing attacks are not new, they previously relied on known spacings between keys. In our method, we do not focus on flaws or weaknesses in the system itself, but on the flaws inherent in the human aspect of the system. Our attack exploits unconscious patterns in PIN input that are a side-effect of the human memorization process to narrow the PIN down to a specific class, such as date, greatly reducing the possible set of pass codes. To identify these patterns, we use a series of Support Vector Machines (SVM) as a multi-class classifier. Through analysis of our collected data set we demonstrate that this attack is very effective.

AB - This paper introduces a new method for attacking Personal Identification Numbers (PINs) through analysis of time delay between clicks. While click timing attacks are not new, they previously relied on known spacings between keys. In our method, we do not focus on flaws or weaknesses in the system itself, but on the flaws inherent in the human aspect of the system. Our attack exploits unconscious patterns in PIN input that are a side-effect of the human memorization process to narrow the PIN down to a specific class, such as date, greatly reducing the possible set of pass codes. To identify these patterns, we use a series of Support Vector Machines (SVM) as a multi-class classifier. Through analysis of our collected data set we demonstrate that this attack is very effective.

KW - PIN

KW - Personal Identification Numbers

KW - security

KW - timing attack

UR - http://www.scopus.com/inward/record.url?scp=84921022429&partnerID=8YFLogxK

U2 - 10.1109/CyberC.2014.28

DO - 10.1109/CyberC.2014.28

M3 - Conference Proceeding

AN - SCOPUS:84921022429

T3 - Proceedings - 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2014

SP - 118

EP - 121

BT - Proceedings - 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2014

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 6th International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2014

Y2 - 10 October 2014 through 12 October 2014

ER -

Fleming C, Cui N, Liu D, Liang H. Attacking random keypads through click timing analysis. In Proceedings - 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2014. Institute of Electrical and Electronics Engineers Inc. 2014. p. 118-121. 6984291. (Proceedings - 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2014). doi: 10.1109/CyberC.2014.28

Attacking random keypads through click timing analysis

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Cite this