Abstract
This paper explores the security vulnerability of Personal Identification Number (PIN) or numeric passwords. Entry Device (PEDs) that use small strings of data (PINs, keys or passwords) as means of verifying the legitimacy of a user. Today, PEDs are commonly used by personnel in different industrial and consumer electronic applications, such as entry at security checkpoints, ATMs and customer kiosks, etc. In this paper, we propose a side-channel attack on a 4–6 digit random PIN key, and a PIN key user verification method. The intervals between two keystrokes are extracted from the acoustic emanation and used as features to train machine-learning models. The attack model has a 60% chance to recover the PIN key. The verification model has an 88% accuracy on identifying the user. Our attack methods can perform key recovery by using the acoustic side-channel at low cost. As a countermeasure, our verification method can improve the security of PIN entry devices.
Highlights
The Internet of Things (IoT) refers to a network of tiny small wireless sensors that communicate with each other via the Internet [1]
A system that is able to record the sound emissions of keystroke from the PIN entry device (PED) keypad and extract features which are used to predict the Personal Identification Number (PIN), is shown in Secondly, we look at the feasibility of these acoustic emissions be used in enhancing the security level of PEDs
The objective is to analyze the risk of such an attack that can be implemented by shopkeepers on a point of sales terminal (POS) or a self-checkout kiosk
Summary
The Internet of Things (IoT) refers to a network of tiny small wireless sensors that communicate with each other via the Internet [1]. IoT provides a wide range of consumer applications [2]. IoT devices are resource constrained devices which makes them an attractive target for attacks [3]. To access different applications and services, user authentication and verification is the first layer of security. Failing to authentication and verification process leads to denial of service. Authentication and verification processes are commonly used in Automated Teller Machines (ATMs) and Point of
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
