Keypads are commonly used to enter personal identification numbers (PIN) which are intended to authenticate a user based on what they know. A number of those keypads such as ATM inputs and door keypads provide an audio feedback to the user for each button pressed. Such audio feedback are observable from a modest distance. We are looking at quantifying the information leaking from delays between acoustic feedback pulses. Preliminary experiments suggest that by using a Hidden Markov Model, it might be possible to substantially narrow the search space. A subsequent brute force search on the reduced search space could be possible with- out triggering alerts, lockouts or other mechanisms design to thwart plain brute force attempts.
[1]
Feng Zhou,et al.
Keyboard acoustic emanations revisited
,
2005,
CCS '05.
[2]
Peter Norvig,et al.
Artificial Intelligence: A Modern Approach
,
1995
.
[3]
2004 IEEE Symposium on Security and Privacy (S&P 2004), 9-12 May 2004, Berkeley, CA, USA
,
2004,
IEEE Symposium on Security and Privacy.
[4]
Rakesh Agrawal,et al.
Keyboard acoustic emanations
,
2004,
IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.
[5]
Dawn Xiaodong Song,et al.
Timing Analysis of Keystrokes and Timing Attacks on SSH
,
2001,
USENIX Security Symposium.
[6]
Jarmo Ilonen.
Keystroke Dynamics
,
2009,
Encyclopedia of Biometrics.