Timing attacks on PIN input in VoIP networks

Authors:
Ge Zhang;Simone Fischer-Hübner
Affiliations:
Karlstad University;Karlstad University
Venue:
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
Year:
2011

Citing 5
Cited 0

A tutorial on hidden Markov models and selected applications in speech recognition

Readings in speech recognition
Quality VoIP — An Engineering Challenge

BT Technology Journal
Timing analysis of keystrokes and timing attacks on SSH

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Peeping tom in the neighborhood: keystroke eavesdropping on multi-user systems

SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Timing attacks on PIN input devices

Proceedings of the 17th ACM conference on Computer and communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

To access automated voice services, Voice over IP (VoIP) users sometimes are required to provide their Personal Identification Numbers (PIN) for authentication. Therefore when they enter PINs, their user-agents generate packets for each key pressed and send them immediately over the networks. This paper shows that a malicious intermediary can recover the inter-keystroke time delay for each PIN input even if the standard encryption mechanism has been applied. The inter-keystroke delay can leak information of what has been typed: Our experiments show that the average search space of a brute force attack on PIN can be reduced by around 80%.