When Human cognitive modeling meets PINs: User-independent inter-keystroke timing attacks

Liu, Ximing and Li, Yingjiu and Deng, Robert H. and Chang, Bing and Li, Shujun (2019) When Human cognitive modeling meets PINs: User-independent inter-keystroke timing attacks. Computers and Security, 80 . pp. 90-107. ISSN 0167-4048. (doi:https://doi.org/10.1016/j.cose.2018.09.003) (Access to this publication is currently restricted. You may be able to access a copy if URLs are provided)

PDF - Author's Accepted Manuscript
Restricted to Repository staff only until 21 September 2019.

Creative Commons Licence
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Contact us about this Publication Download (677kB)
Official URL


This paper proposes the first user-independent inter-keystroke timing attacks on PINs. Our attack method is based on an inter-keystroke timing dictionary built from a human cognitive model whose parameters can be determined by a small amount of training data on any users (not necessarily the target victims). Our attacks can thus be potentially launched on a large scale in real-world settings. We investigate inter-keystroke timing attacks in different online attack settings and evaluate their performance on PINs at different strength levels. Our experimental results show that the proposed attack performs significantly better than random guessing attacks. We further demonstrate that our attacks pose a serious threat to real-world applications and propose various ways to mitigate the threat.

Item Type: Article
Uncontrolled keywords: PIN, Authentication, Human cognitive model, Timing attack, Human behavior, Keystroke dynamics
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science
Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming, > QA76.9.H85 Human computer interaction
T Technology > TK Electrical engineering. Electronics Nuclear engineering > TK7800 Electronics (see also: telecommunications) > TK7880 Applications of electronics (inc industrial & domestic) > TK7885 Computer engineering
Divisions: Faculties > University wide - Teaching/Research Groups > Centre for Cyber Security Research
Faculties > Sciences > School of Computing > Security Group
Depositing User: Shujun Li
Date Deposited: 14 Oct 2018 18:24 UTC
Last Modified: 15 Oct 2018 15:59 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/69553 (The current URI for this page, for reference purposes)
Li, Shujun: https://orcid.org/0000-0001-5628-7328
  • Depositors only (login required):


Downloads per month over past year