Liu, Ximing, Li, Yingjiu, Deng, Robert H., Chang, Bing, Li, Shujun (2019) When Human cognitive modeling meets PINs: User-independent inter-keystroke timing attacks. Computers and Security, 80 . pp. 90-107. ISSN 0167-4048. (doi:10.1016/j.cose.2018.09.003) (KAR id:69553)
|
PDF
Author's Accepted Manuscript
Language: English 
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
|
|
|
Download this file (PDF/911kB) |
![[thumbnail of TimeDictionaryAttack.pdf]](https://kar.kent.ac.uk/style/images/fileicons/application_pdf.png) |
| Request a format suitable for use with assistive technology e.g. a screenreader | |
| Official URL: https://doi.org/10.1016/j.cose.2018.09.003 |
|
Abstract
This paper proposes the first user-independent inter-keystroke timing attacks on PINs. Our attack method is based on an inter-keystroke timing dictionary built from a human cognitive model whose parameters can be determined by a small amount of training data on any users (not necessarily the target victims). Our attacks can thus be potentially launched on a large scale in real-world settings. We investigate inter-keystroke timing attacks in different online attack settings and evaluate their performance on PINs at different strength levels. Our experimental results show that the proposed attack performs significantly better than random guessing attacks. We further demonstrate that our attacks pose a serious threat to real-world applications and propose various ways to mitigate the threat.
| Item Type: | Article |
|---|---|
| DOI/Identification number: | 10.1016/j.cose.2018.09.003 |
| Uncontrolled keywords: | PIN, Authentication, Human cognitive model, Timing attack, Human behavior, Keystroke dynamics |
| Subjects: |
Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming, > QA76.9.H85 Human computer interaction T Technology > TK Electrical engineering. Electronics. Nuclear engineering > TK7800 Electronics > TK7880 Applications of electronics > TK7885 Computer engineering. Computer hardware |
| Institutional Unit: |
Schools > School of Computing Institutes > Institute of Cyber Security for Society |
| Former Institutional Unit: |
Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing University-wide institutes > Institute of Cyber Security for Society
|
| Funders: |
AXA Research Fund (https://ror.org/02zxqxw53)
Organisations -1 not found. |
| Depositing User: | Shujun Li |
| Date Deposited: | 14 Oct 2018 18:24 UTC |
| Last Modified: | 20 May 2025 10:22 UTC |
| Resource URI: | https://kar.kent.ac.uk/id/eprint/69553 (The current URI for this page, for reference purposes) |
University of Kent Author Information
Li, Shujun.
| Creator's ORCID: |
 https://orcid.org/0000-0001-5628-7328
|
|---|---|
| CReDIT Contributor Roles: |
- Link to SensusAccess
- Export to:
- RefWorks
- EPrints3 XML
- BibTeX
- CSV
- Depositors only (login required):
Altmetric
Altmetric
