Publication Type
Conference Proceeding Article
Version
publishedVersion
Publication Date
6-2021
Abstract
While PIN-based user authentication systems such as ATM have long been considered to be secure enough, they are facing new attacks, named UltraPIN, which can be launched from commodity smartphones. As a target user enters a PIN on a PIN-based user authentication system, an attacker may use UltraPIN to infer the PIN from a short distance (50 cm to 100 cm). In this process, UltraPIN leverages smartphone speakers to issue human-inaudible ultrasound signals and uses smartphone microphones to keep recording acoustic signals. It applies a series of signal processing techniques to extract high-quality feature vectors from low-energy and high-noise signals and then applies a combination of machine learning models to classify finger movement patterns during PIN entry and generate a ranked list of highly possible PINs as result. Rigorous experiments show that UltraPIN is highly effective and robust in PIN inference
Keywords
acoustic attack, authentication, doppler effect, PIN
Discipline
Computer and Systems Architecture | Information Security
Research Areas
Cybersecurity
Publication
Proceedings of the ACM Asia Conference on Computer and Communications Security (ACM ASIACCS 2021)
First Page
944
Last Page
957
ISBN
9781450382878
Identifier
10.1145/3433210.3453075
City or Country
Online
Citation
LIU; Ximing; DENG, Robert H.; and DENG, Robert H..
UltraPIN: Inferring PIN entries via ultrasound. (2021). Proceedings of the ACM Asia Conference on Computer and Communications Security (ACM ASIACCS 2021). 944-957.
Available at: https://ink.library.smu.edu.sg/sis_research/6453
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.