论文信息 - Guessing Bank PINs by Winning a Mastermind Game

Guessing Bank PINs by Winning a Mastermind Game

In this paper we formally prove that the problem of cracking, i.e., correctly guessing, bank PINs used for accessing Automated Teller Machines and the problem of solving the Generalized Mastermind Game are strictly related. The Generalized Mastermind Game with N colors and k pegs is an extension of the well known Mastermind game, played with 6 colors and 4 pegs. The rules are the same, one player has to conceal a sequence of k colored pegs behind a screen and another player has to guess the exact position and colors of the pegs using the minimal number of moves. We first introduce a general game, called the Extended Mastermind Game (EMG), and we then formally prove it includes both the Generalized Mastermind Game and the PIN cracking Problem. We then present some experimental results that we have devised using a computer program that optimizes a well known technique presented by Knuth in 1976 for the standard Mastermind game. We finally show that the program improves the as state-of-the-art Mastermind solvers as it is able to compute strategies for cases which were not yet covered. More interestingly, the same solving strategy is adapted also for the solution of the PIN cracking problem.

Flaminia L. Luccio | Riccardo Focardi

[1] Omer Berkman,et al. The Unbearable Lightness of PIN Cracking , 2007, Financial Cryptography.

[2] Zhixiang Chen,et al. Finding a Hidden Code by Asking Questions , 1996, COCOON.

[3] Flaminia L. Luccio,et al. Cracking Bank PINs by Playing Mastermind , 2010, FUN.

[4] Tom Kalisker,et al. Solving Mastermind Using Genetic Algorithms , 2003, GECCO.

[5] Graham Steel. Formal analysis of PIN block attacks , 2006, Theor. Comput. Sci..

[6] Vasek Chvátal,et al. Mastermind , 1983, Comb..

[7] Piotr Zielinski,et al. Decimalisation table attacks for PIN cracking , 2003 .

[8] Mike Bond,et al. Extending Security Protocol Analysis: New Challenges , 2005, Electron. Notes Theor. Comput. Sci..

[9] Graham Steel,et al. Blunting Differential Attacks on PIN Processing APIs , 2009, NordSec.

[10] Wayne Goddard,et al. Mastermind Revisited , 2004 .

[11] D. Knuth. The Computer as Master Mind , 1977 .

[12] K. Koyama,et al. An Optimal Mastermind Strategy , 1993 .

[13] Agostinho C. Rosa,et al. Mastermind by evolutionary algorithms , 1999, SAC '99.

[14] Dries R. Goossens,et al. Efficient solutions for Mastermind using genetic algorithms , 2009, Comput. Oper. Res..

[15] Guo-Qiang Zhang,et al. Mastermind is NP-Complete , 2005, ArXiv.

[16] Graham Steel,et al. Type-Based Analysis of PIN Processing APIs , 2009, ESORICS.

[17] Gerold Jäger,et al. The number of pessimistic guesses in Generalized Mastermind , 2009, Inf. Process. Lett..