article

Differential audio analysis: a new side-channel attack on PIN pads

Authors:

Gerson Souza Faria,

Hae Yong KimAuthors Info & Claims

International Journal of Information Security, Volume 18, Issue 1

Pages 73 - 84

https://doi.org/10.1007/s10207-018-0403-7

Published: 01 February 2019 Publication History

Abstract

This paper introduces a low-cost side-channel attack that identifies the pressed key of tamper-proof mechanical keypads by exploiting the sound that emanates from the pressed key. Classical sound-based attacks usually identify the pressed key using the fact that each key emits a characteristic sound. These techniques use, for example, the frequency spectrum to identify the key. Instead, our attack (named DAA--differential audio analysis) analyzes the differential characteristics of the sounds captured by two microphones placed inside the empty space of the device, expressed as the transfer function between the two signals. We applied our attack to four PIN entry devices--also known as PIN pads. Our technique was able to correctly recognize all 1200 keystrokes of two independently tested equipments of the same model, generating a classification rate of 100%. We also attacked the same PIN pads using the classical frequency spectrum technique, obtaining the average classification rate of only 78%. This result shows clearly the superiority of the new technique. Our attack also successfully attacked a second model from another manufacturer, with classification rate of 99.8%. However, some PIN pads do not emit sufficiently audible sound when a key is pressed. Evidently, these devices cannot be attacked analyzing audio emission. We applied our DAA attack to a device of this kind and obtained only 63% of classification success. This result shows that there are models quite vulnerable and models not as vulnerable to our attack. Finally, we present design suggestions in order to mitigate the vulnerabilities that make our attack possible. These vulnerabilities are present in many certified PIN pad models available currently in the worldwide market.

References

[1]

FICO Reports a 70 Percent Rise in Debit Cards Compromised at U.S. ATMs and Merchants in 2016 (2017), http://www.fico.com/en/newsroom/fico-reports-a-70-percent-rise-in-debit-cards-compromised-at-us-atms-and-merchants-in-2016-03-29-2017. Accessed 10 Nov 2017

[2]

How the Shift to EMV Is Faring (So Far) (2016) http://www.americanbanker.com/gallery/how-the-shift-to-emv-is-faring-so-far-1080295-1.html. Accessed 3 Jan 2017

[3]

Drimer, S., Murdoch, S.J., Anderson, R.: Thinking inside the box: system-level failures of tamper proofing, In: Proceedings of IEEE Symposium on Security and Privacy, pp. 281---295 (2008)

Digital Library

[4]

Asonov, D., Agrawal, R.: Keyboard acoustic emanations. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 3---11 (2004)

[5]

Berger, Y., Wool, A., Yeredor, A.: Dictionary Attacks Using Keyboard Acoustic Emanations. In: Proceedings of ACM Conference on Computer and Communications Security, pp. 245---254 (2006)

Digital Library

[6]

Zhuang, L., Zhou, F., Tygar, J.D.: Keyboard acoustic emanations revisited. ACM Trans. Inf. Syst. Secur. 13(1), 3 (2009)

Digital Library

[7]

Halevi, T., Saxena, N.: A Closer look at keyboard acoustic emanations: random passwords, typing styles and decoding techniques. In: Proceedings of ACM Symposium on Information, Computer and Communications Security, pp. 89---90 (2012)

Digital Library

[8]

Zhu, T., Ma, Q., Zhang, S., Liu, Y.: Context-free attacks using keyboard acoustic emanations. In: Proceedings of ACM SIGSAC Conference on Computer and Communications Security, pp. 453---464 (2014)

Digital Library

[9]

Backes, M., Dürmuth, M., Gerling, S., Pinkal, M., Sporleder, C.: Acoustic side-channel attacks on printers. In: Proceedings of USENIX Security symposium, pp. 307---322 (2010)

Digital Library

[10]

Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis. In: Proceedings of International Cryptology Conference, pp. 444---461 (2014)

[11]

Kuhn, M.G.: Compromising emanations: eavesdropping risks of computer displays. Ph.D. thesis, University of Cambridge (2002)

[12]

Kuhn, M.G.: Compromising emanations of LCD TV sets. IEEE Trans. Electromagn. Compat. 55(3), 564---570 (2013)

[13]

Marquardt, P., Verma, A., Carter, H., Traynor, P.: (Sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers. In: Proceedings of ACM Conference on Computer and Communications Security, pp. 551---562 (2011)

Digital Library

[14]

Faria, G.S., Kim, H.Y.: Identification of pressed keys from mechanical vibrations. IEEE Trans. Inf. Forensics Secur. 8(7), 1221---1229 (2013)

Digital Library

[15]

Faria, G.S., Kim, H.Y.: Identification of pressed keys by time difference of arrivals of mechanical vibrations. Comput. Secur. 57, 93---105 (2016)

Digital Library

[16]

Havelock, D., Kuwano, S., Vorländer, M.: Handbook of Signal Processing in Acoustics, vol. 2. Springer, Berlin (2008)

[17]

Faria, G.S., Kim, H.Y.: Identification of pressed keys by acoustic transfer function. In: Proceedings of IEEE International Conference on Systems, Man, and Cybernetics, pp. 240---245 (2015)

[18]

Havelock, D., Kuwano, S., Vorländer, M.: Handbook of Signal Processing in Acoustics, vol. 1. Springer, Berlin (2008)

[19]

Kay, S.M.: Modern Spectral Estimation. Pearson, New York (1988)

[20]

Stoica, P., Moses, R.L.: Spectral Analysis of Signals. Pearson Prentice Hall, New York (2005)

[21]

Krebs On Security--Pro-Grade Point-of-Sale Skimmer (2013). http://krebsonsecurity.com/2013/02/pro-grade-point-of-sale-skimmer. Accessed 5 Mar 2013

[22]

Payment Card Industry--Security Standards Council LLC, PIN Transaction Security (PTS) Point of Interaction (POI) Modular Derived Test Requirements v5.0 (2016). https://www.pcisecuritystandards.org/pci_security/dtr (registration required). Accessed 9 Nov 2017

Cited By

Dai HChen YDu YWang LShao ZLiu HRen YYu JLiu B(2024)ArmSpy++: Enhanced PIN Inference through Video-based Fine-grained Arm Posture AnalysisACM Transactions on Privacy and Security10.1145/3696418Online publication date: 23-Sep-2024
https://dl.acm.org/doi/10.1145/3696418
Balagani KCardaioli MCecconello SConti MTsudik G(2022)We Can Hear Your PIN Drop: An Acoustic Side-Channel Attack on ATM PIN PadsComputer Security – ESORICS 202210.1007/978-3-031-17140-6_31(633-652)Online publication date: 26-Sep-2022
https://dl.acm.org/doi/10.1007/978-3-031-17140-6_31
Sukhoparov MSemenov VSalakhutdinova KBoitsova ELebedev I(2020)The State Identification of Industry 4.0 Mechatronic Elements Based on Behavioral PatternsInternet of Things, Smart Spaces, and Next Generation Networks and Systems10.1007/978-3-030-65726-0_12(126-134)Online publication date: 26-Aug-2020
https://dl.acm.org/doi/10.1007/978-3-030-65726-0_12
Show More Cited By

Differential audio analysis: a new side-channel attack on PIN pads
1. Social and professional topics
  1. Computing / technology policy

Recommendations

Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
Abstract
Side-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...
Thinking Inside the Box: System-Level Failures of Tamper Proofing
SP '08: Proceedings of the 2008 IEEE Symposium on Security and Privacy

PIN entry devices (PEDs) are critical security components in EMV smartcard payment systems as they receive a customer's card and PIN. Their approval is subject to an extensive suite of evaluation and certification procedures. In this paper, we ...
Identification of pressed keys by time difference of arrivals of mechanical vibrations

We identify the pressed keys of commercial PIN-pads by monitoring the arrival times of mechanical vibrations.We correctly classify the pressed key with 96.4% of accuracy.The certification processes does not address this new side-channel attack.We ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image International Journal of Information Security

International Journal of Information Security Volume 18, Issue 1

February 2019

124 pages

ISSN:1615-5262

EISSN:1615-5270

Issue’s Table of Contents

Copyright © Copyright © 2019 Springer-Verlag GmbH Germany, part of Springer Nature.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 01 February 2019

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 26 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Dai HChen YDu YWang LShao ZLiu HRen YYu JLiu B(2024)ArmSpy++: Enhanced PIN Inference through Video-based Fine-grained Arm Posture AnalysisACM Transactions on Privacy and Security10.1145/3696418Online publication date: 23-Sep-2024
https://dl.acm.org/doi/10.1145/3696418
Balagani KCardaioli MCecconello SConti MTsudik G(2022)We Can Hear Your PIN Drop: An Acoustic Side-Channel Attack on ATM PIN PadsComputer Security – ESORICS 202210.1007/978-3-031-17140-6_31(633-652)Online publication date: 26-Sep-2022
https://dl.acm.org/doi/10.1007/978-3-031-17140-6_31
Sukhoparov MSemenov VSalakhutdinova KBoitsova ELebedev I(2020)The State Identification of Industry 4.0 Mechatronic Elements Based on Behavioral PatternsInternet of Things, Smart Spaces, and Next Generation Networks and Systems10.1007/978-3-030-65726-0_12(126-134)Online publication date: 26-Aug-2020
https://dl.acm.org/doi/10.1007/978-3-030-65726-0_12
Sukhoparov MLebedev ISemenov V(2020)Information Security State Analysis of Elements of Industry 4.0 Devices in Information SystemsInternet of Things, Smart Spaces, and Next Generation Networks and Systems10.1007/978-3-030-65726-0_11(119-125)Online publication date: 26-Aug-2020
https://dl.acm.org/doi/10.1007/978-3-030-65726-0_11
Semenov VSukhoparov MLebedev I(2020)Identification of Abnormal Functioning of Devices of Cyber-Physical SystemsInternet of Things, Smart Spaces, and Next Generation Networks and Systems10.1007/978-3-030-65726-0_1(3-10)Online publication date: 26-Aug-2020
https://dl.acm.org/doi/10.1007/978-3-030-65726-0_1
Semenov VLebedev ISukhoparov MSalakhutdinova K(2019)Application of an Autonomous Object Behavior Model to Classify the Cybersecurity StateInternet of Things, Smart Spaces, and Next Generation Networks and Systems10.1007/978-3-030-30859-9_9(104-112)Online publication date: 26-Aug-2019
https://dl.acm.org/doi/10.1007/978-3-030-30859-9_9
Semenov VSukhoparov MLebedev I(2019)Approach to Side Channel-Based Cybersecurity Monitoring for Autonomous Unmanned ObjectsInteractive Collaborative Robotics10.1007/978-3-030-26118-4_27(278-286)Online publication date: 20-Aug-2019
https://dl.acm.org/doi/10.1007/978-3-030-26118-4_27

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents