This paper introduces a new method for attacking Personal Identification Numbers(PINs) through analysis of time delay between clicks. While click timing attacks are not new, they previously relied on known spacings between keys. In our method, we do not focus on flaws or weaknesses in the system itself, but on the flaws inherent in the human aspect of the system. Our attack exploits unconscious patterns in PIN input that are a side-effect of the human memorization process to narrow the PIN down to a specific class, such as date, greatly reducing the possible set of passcodes. To identify these patterns, we use a series of Support Vector Machines(SVM) as a multi-class classifier. Through analysis of our collected data set we demonstrate that this attack is very effective.

• 出版日期2014
• 单位西交利物浦大学