Results 1 -
8 of
8
Timing attacks on pin input devices
- In Proceedings of the 17th ACM conference on Computer and communications security
, 2010
"... Keypads are commonly used to enter personal identification numbers (PIN) which are intended to authenticate a user based on what they know. A number of those keypads such as ATM inputs and door keypads provide an audio feedback to the user for each button pressed. Such audio feedback are observable ..."
Abstract
-
Cited by 14 (0 self)
- Add to MetaCart
(Show Context)
Keypads are commonly used to enter personal identification numbers (PIN) which are intended to authenticate a user based on what they know. A number of those keypads such as ATM inputs and door keypads provide an audio feedback to the user for each button pressed. Such audio feedback are observable from a modest distance. We are looking at quantifying the information leaking from delays between acoustic feedback pulses. Preliminary experiments suggest that by using a Hidden Markov Model, it might be possible to substantially narrow the search space. A subsequentbrute force search on the reduced search space could be possible without triggering alerts, lockouts or other mechanisms design to thwart plain brute force attempts.
by
, 2010
"... ii In most secure communication standards today, additional latency is kept to a minimum to preserve the Quality-of-Service. As a result, it is possible to mount side-channel attacks using timing analysis. In this thesis we discuss the viability of these attacks, and demonstrate them by inferring Hi ..."
Abstract
- Add to MetaCart
ii In most secure communication standards today, additional latency is kept to a minimum to preserve the Quality-of-Service. As a result, it is possible to mount side-channel attacks using timing analysis. In this thesis we discuss the viability of these attacks, and demonstrate them by inferring Hidden Markov Models of protocols. These Hidden Markov Models can be used to both detect protocol use and infer information about protocol state. We create experiments that use Markov models to generate traffic and show that we can accurately reconstruct models under many circumstances. We analyze what occurs when timing delays have enough jitter that we can not accurately assign packets to bins. Finally, we show that we can accurately identify the language used for cryptographically protected interactive sessions – Italian or English – on-line with as few as 77 symbols. A maximum-likelihood estimator, the forward-backward procedure, and confidence interval analysis are compared. iii
A neural-statistical modeling approach for keystroke . . .
, 2006
"... The main problem of the computer and information systems is the security, which is to protect the system from the attacks of imposter or unauthorized users. In order to supply better security, it must be determined clearly while system access that if the claimed one is authorized user known by the s ..."
Abstract
- Add to MetaCart
The main problem of the computer and information systems is the security, which is to protect the system from the attacks of imposter or unauthorized users. In order to supply better security, it must be determined clearly while system access that if the claimed one is authorized user known by the system or not. Recently, biometric security systems technology is developed and added to the typical authentication systems, which are consist of username and PIN or password query, aiming to get higher security in system access. The keystroke pattern recognition system is chosen as one of the biometric security system and proposed to perform a classification in this thesis. In order to achieve this, a perspective is developed under the knowledge of the classification algorithms used earlier in keystroke pattern recognition systems. According to this, a model is designed which uses hybrid combination of two different algorithms. One of them is the statistical algorithm which is the very firstly used one in pattern recognition and the other one is the neural networks. In the model, the statistical algorithm formulations are embedded into the neural network architecture. Designed algorithm model is described in detail and tested with sample user datasets and performance results are presented. When thinking about need of new approaches in the classification algorithms in keystroke pattern recognition, this study can be a starting point to further enhancements with its perspective on the subject.
Advanced Authentication Scheme Using a Predefined Keystroke Structure
"... ABSTRACT ..."
(Show Context)
DOI: 10.1109/CTS.2009.5067478 Keystroke Dynamics Authentication For Collaborative Systems
"... ..."
(Show Context)
Privacy: Gone with the Typing! Identifying Web Users by Their Typing Patterns
"... Abstract. The lack of privacy protection for Internet users has been identified as a major problem in modern web browsers. Despite potentially highrisk of identification bytypingpatterns, this topic has received little attention in both the research and general community.In this paper we presentasim ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract. The lack of privacy protection for Internet users has been identified as a major problem in modern web browsers. Despite potentially highrisk of identification bytypingpatterns, this topic has received little attention in both the research and general community.In this paper we presentasimple butefficient statistical detection model for constructing users ’ identity from their typing patterns. Extensive experiments are conducted to justify the accuracy of our model. Using this model, online adversaries could uncover the identity of Web users even if they are using anonymizing services. Our goal is to raise awareness of this privacy risk to general Internet users and encourage countermeasures in future implementations of anonymous browsing techniques.
Mixing and Matching Human Traits using Hand Typing
"... In this paper we have discussed few findings with respect to hand typing. The user behavior of simple typing for the lower case letters, and key stroke behavior during combination of lower and upper case letters is observed. During the entire cases user’s keystroke latencies are measured and the use ..."
Abstract
- Add to MetaCart
(Show Context)
In this paper we have discussed few findings with respect to hand typing. The user behavior of simple typing for the lower case letters, and key stroke behavior during combination of lower and upper case letters is observed. During the entire cases user’s keystroke latencies are measured and the use of combination of “shift key ” and “caps lock ” are observed. Here, the targeted (clear) text is in front of the user and key strokes were recorded. The results are illustrated for the traits finding which will be useful for verification of the user. The deliverable outcome of this work is a timer based program and a deployable library for running in background polling towards the keystrokes.
1Keystroke-Dynamics Authentication Against Synthetic Forgeries
"... Abstract—We describe the use of keystroke-dynamics patterns for authentication and detecting infected hosts, and evaluate its robustness against forgery attacks. Specifically, we present a remote authentication framework called TUBA for monitoring a user’s typing patterns. We evaluate the robustness ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract—We describe the use of keystroke-dynamics patterns for authentication and detecting infected hosts, and evaluate its robustness against forgery attacks. Specifically, we present a remote authentication framework called TUBA for monitoring a user’s typing patterns. We evaluate the robustness of TUBA through comprehensive experimen-tal evaluation including two series of simulated bots. Support vector machine is used for classification. Our results based on 20 users’ keystroke data are reported. Our work shows that keystroke dynamics is robust against synthetic forgery attacks studied, where attacker draws statistical samples from a pool of available keystroke datasets other than the target. TUBA is particularly suitable for detecting extrusion in organizations and protecting the integrity of hosts in collaborative environments, as well as authentication. Index Terms—Keystroke dynamics, authentication, malware detection, forgery. 1
