When Human cognitive modeling meets PINs: User-independent inter-keystroke timing attacks

This paper proposes the first user-independent inter-keystroke timing attacks on PINs. Our attack method is based on an inter-keystroke timing dictionary built from a human cognitive model whose parameters can be determined by a small amount of training data on any users (not necessarily the target...

全面介紹

Saved in:
書目詳細資料
Main Authors: LIU, Ximing, LI, Yingjiu, DENG, Robert H., CHANG, Bing, LI, Shujun
格式: text
語言:English
出版: Institutional Knowledge at Singapore Management University 2019
主題:
PIN
在線閱讀:https://ink.library.smu.edu.sg/sis_research/4153
https://ink.library.smu.edu.sg/context/sis_research/article/5157/viewcontent/Human_Cognitive_Model_PINS_2019_01.pdf
標簽: 添加標簽
沒有標簽, 成為第一個標記此記錄!
實物特徵
總結:This paper proposes the first user-independent inter-keystroke timing attacks on PINs. Our attack method is based on an inter-keystroke timing dictionary built from a human cognitive model whose parameters can be determined by a small amount of training data on any users (not necessarily the target victims). Our attacks can thus be potentially launched on a large scale in real-world settings. We investigate inter-keystroke timing attacks in different online attack settings and evaluate their performance on PINs at different strength levels. Our experimental results show that the proposed attack performs significantly better than random guessing attacks. We further demonstrate that our attacks pose a serious threat to real-world applications and propose various ways to mitigate the threat.