Abstract
To access automated voice services, Voice over IP (VoIP) users sometimes are required to provide their Personal Identification Numbers (PIN) for authentication. Therefore when they enter PINs, their user-agents generate packets for each key pressed and send them immediately over the networks. This paper shows that a malicious intermediary can recover the inter-keystroke time delay for each PIN input even if the standard encryption mechanism has been applied. The inter-keystroke delay can leak information of what has been typed: Our experiments show that the average search space of a brute force attack on PIN can be reduced by around 80%.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Automated Telephone Payments. visited at 15th-Nov-2010, http://www.elmbridge.gov.uk/online/atp.htm
TCPDump. visited at 20th-July-2010, http://www.tcpdump.org/
X-Lite. visited at 18th-July-2010, http://www.counterpath.com/x-lite.html
Baugher, M., McGrew, D., Naslund, M., Carrara, E., Norrman, K.: The Secure Real-time Transport Protocol (SRTP). RFC 3711 (2004)
Hogye, M.A., Hughes, C.T., Sarfaty, J.M., Wolf, J.D.: Analysis of the feasibility of keystroke timing attacks over ssh connections, technical report (2001)
Foo Kune, D., Kim, Y.: Timing attacks on pin input devices. In: Proceedings of CCS 2010, USA, pp. 678–680. ACM Press, New York (2010)
Rabiner, L.R.: Readings in speech recognition. In: Chapter A Tutorial on Hidden Markov Models and Selected Applications in Speech Recognition, pp. 267–296. Morgan Kaufmann Publishers Inc., San Francisco (1990)
Reynolds, R.J.B., Rix, A.W.: Quality voip: An engineering challenge. BT Technology Journal 19, 23–32 (2001)
Schulzrinne, H., Casner, S., Frederick, R., Jacobson, V.: RTP: A transport protocol for real-time applications. RFC 3550 (2003)
Schulzrinne, H., Taylor, T.: RTP Payload for DTMF Digits, Telephony Tones, and Telephony Signals. RFC 4733 (2006)
Song, D.X., Wagner, D., Tian, X.: Timing analysis of keystrokes and timing attacks on ssh. In: Proceedings of SSYM 2001. USENIX Association, Berkeley (2001)
International Telecommunication Union. Technical features of push-button telephone sets. ITU-T Recommendation Q.24 (1988)
Zhang, K., Wang, X.: Peeping tom in the neighborhood: keystroke eavesdropping on multi-user systems. In: Proceedings of SSYM 2009, Berkeley, CA, pp. 17–32. USENIX Association (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhang, G., Fischer-Hübner, S. (2011). Timing Attacks on PIN Input in VoIP Networks (Short Paper). In: Holz, T., Bos, H. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2011. Lecture Notes in Computer Science, vol 6739. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22424-9_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-22424-9_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22423-2
Online ISBN: 978-3-642-22424-9
eBook Packages: Computer ScienceComputer Science (R0)