When Human cognitive modeling meets PINs: User-independent inter-keystroke timing attacks

When Human cognitive modeling meets PINs: User-independent inter-keystroke timing attacks

This paper proposes the first user-independent inter-keystroke timing attacks on PINs. Our attack method is based on an inter-keystroke timing dictionary built from a human cognitive model whose parameters can be determined by a small amount of training data on any users (not necessarily the target...

Full description

Saved in:
Bibliographic Details
Main Authors: LIU, Ximing, LI, Yingjiu, DENG, Robert H., CHANG, Bing, LI, Shujun
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2019
Subjects:
Authentication
Human behavior
Human cognitive model
Keystroke dynamics
PIN
Timing attack
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/4153
https://ink.library.smu.edu.sg/context/sis_research/article/5157/viewcontent/Human_Cognitive_Model_PINS_2019_01.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-5157
record_format dspace
spelling sg-smu-ink.sis_research-51572020-04-08T07:53:29Z When Human cognitive modeling meets PINs: User-independent inter-keystroke timing attacks LIU, Ximing LI, Yingjiu DENG, Robert H. CHANG, Bing LI, Shujun This paper proposes the first user-independent inter-keystroke timing attacks on PINs. Our attack method is based on an inter-keystroke timing dictionary built from a human cognitive model whose parameters can be determined by a small amount of training data on any users (not necessarily the target victims). Our attacks can thus be potentially launched on a large scale in real-world settings. We investigate inter-keystroke timing attacks in different online attack settings and evaluate their performance on PINs at different strength levels. Our experimental results show that the proposed attack performs significantly better than random guessing attacks. We further demonstrate that our attacks pose a serious threat to real-world applications and propose various ways to mitigate the threat. 2019-01-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/4153 info:doi/10.1016/j.cose.2018.09.003 https://ink.library.smu.edu.sg/context/sis_research/article/5157/viewcontent/Human_Cognitive_Model_PINS_2019_01.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Authentication Human behavior Human cognitive model Keystroke dynamics PIN Timing attack Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Authentication
Human behavior
Human cognitive model
Keystroke dynamics
PIN
Timing attack
Information Security
spellingShingle Authentication
Human behavior
Human cognitive model
Keystroke dynamics
PIN
Timing attack
Information Security
LIU, Ximing
LI, Yingjiu
DENG, Robert H.
CHANG, Bing
LI, Shujun
When Human cognitive modeling meets PINs: User-independent inter-keystroke timing attacks
description This paper proposes the first user-independent inter-keystroke timing attacks on PINs. Our attack method is based on an inter-keystroke timing dictionary built from a human cognitive model whose parameters can be determined by a small amount of training data on any users (not necessarily the target victims). Our attacks can thus be potentially launched on a large scale in real-world settings. We investigate inter-keystroke timing attacks in different online attack settings and evaluate their performance on PINs at different strength levels. Our experimental results show that the proposed attack performs significantly better than random guessing attacks. We further demonstrate that our attacks pose a serious threat to real-world applications and propose various ways to mitigate the threat.
format text
author LIU, Ximing
LI, Yingjiu
DENG, Robert H.
CHANG, Bing
LI, Shujun
author_facet LIU, Ximing
LI, Yingjiu
DENG, Robert H.
CHANG, Bing
LI, Shujun
author_sort LIU, Ximing
title When Human cognitive modeling meets PINs: User-independent inter-keystroke timing attacks
title_short When Human cognitive modeling meets PINs: User-independent inter-keystroke timing attacks
title_full When Human cognitive modeling meets PINs: User-independent inter-keystroke timing attacks
title_fullStr When Human cognitive modeling meets PINs: User-independent inter-keystroke timing attacks
title_full_unstemmed When Human cognitive modeling meets PINs: User-independent inter-keystroke timing attacks
title_sort when human cognitive modeling meets pins: user-independent inter-keystroke timing attacks
publisher Institutional Knowledge at Singapore Management University
publishDate 2019
url https://ink.library.smu.edu.sg/sis_research/4153
https://ink.library.smu.edu.sg/context/sis_research/article/5157/viewcontent/Human_Cognitive_Model_PINS_2019_01.pdf
_version_ 1770574385573265408

Similar Items