Attacking Random Keypads through Click Timing Analysis

Abstract: This paper introduces a new method for attacking Personal Identification Numbers(PINs) through analysis of time delay between clicks. While click timing attacks are not new, they previously relied on known spacings between keys. In our method, we do not focus on flaws or weaknesses in the system itself, but on the flaws inherent in the human aspect of the system. Our attack exploits unconscious patterns in PIN input that are a side-effect of the human memorization process to narrow the PIN down to a specific c… Show more

“…Almuairfi et al have pointed out that text-based password and PIN as two conventional alphanumeric methods that are too weak and prompt to speculation and dictionary attacks-that is, attackers can guess using some known patterns and higher-probability passwords [2][3] [27]. Similarly, Chiang and Chiasson also indicated that text-based passwords and PIN can suffer from brute force guessing attacks by which attackers try guess all possible password combinations especially when the length of the passwords is small [3].…”

User Authentication Interfaces in Mobile Devices: Some Design Considerations

“…Almuairfi et al have pointed out that text-based password and PIN as two conventional alphanumeric methods that are too weak and prompt to speculation and dictionary attacks-that is, attackers can guess using some known patterns and higher-probability passwords [2][3] [27]. Similarly, Chiang and Chiasson also indicated that text-based passwords and PIN can suffer from brute force guessing attacks by which attackers try guess all possible password combinations especially when the length of the passwords is small [3].…”

User Authentication Interfaces in Mobile Devices: Some Design Considerations

Side-Channel Attacks on Cryptographic Devices and Their Countermeasures—A Review