Publication Type
Journal Article
Version
acceptedVersion
Publication Date
1-2019
Abstract
This paper proposes the first user-independent inter-keystroke timing attacks on PINs. Our attack method is based on an inter-keystroke timing dictionary built from a human cognitive model whose parameters can be determined by a small amount of training data on any users (not necessarily the target victims). Our attacks can thus be potentially launched on a large scale in real-world settings. We investigate inter-keystroke timing attacks in different online attack settings and evaluate their performance on PINs at different strength levels. Our experimental results show that the proposed attack performs significantly better than random guessing attacks. We further demonstrate that our attacks pose a serious threat to real-world applications and propose various ways to mitigate the threat.
Keywords
Authentication, Human behavior, Human cognitive model, Keystroke dynamics, PIN, Timing attack
Discipline
Information Security
Research Areas
Cybersecurity
Publication
Computers and Security
Volume
80
First Page
90
Last Page
107
ISSN
0167-4048
Identifier
10.1016/j.cose.2018.09.003
Publisher
Elsevier
Citation
LIU, Ximing; LI, Yingjiu; DENG, Robert H.; CHANG, Bing; and LI, Shujun.
When Human cognitive modeling meets PINs: User-independent inter-keystroke timing attacks. (2019). Computers and Security. 80, 90-107.
Available at: https://ink.library.smu.edu.sg/sis_research/4153
Copyright Owner and License
Authors
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1016/j.cose.2018.09.003