Machine Learning for PIN Side-Channel Attacks Based on Smartphone Motion Sensors | IEEE Journals & Magazine | IEEE Xplore

Machine Learning for PIN Side-Channel Attacks Based on Smartphone Motion Sensors


Identification of the i-th digit ?y?_(i) of an N-digit PIN. The attacker exploits the diversity offered by D different samples corresponding to the same digit.

Abstract:

Motion sensors are integrated into all mobile devices, providing useful information for a variety of purposes. However, these sensor data can be read by any application a...Show More

Abstract:

Motion sensors are integrated into all mobile devices, providing useful information for a variety of purposes. However, these sensor data can be read by any application and website accessed through a browser, without requiring security permissions. In this paper, we show that information about smartphone movements can lead to the identification of a Personal Identification Number (PIN) typed by the user. To reduce the amount of sniffed data, we use an event-driven approach, where motion sensors are sampled only when a key is pressed. The acquired data are used to train a Machine Learning (ML) algorithm for the classification of the keystrokes in a supervised manner. We also consider that users insert the same PIN each time authentication is required, leading to further side-channel information available to the attacker. Numerical results show the feasibility of PIN cyber-attacks based on motion sensors, with no restrictions on the PIN length and on the possible digit combinations. For example, 4-digit PINs are correctly recognized at the first attempt with an accuracy of 37%, and in five attempts with an accuracy of 63%.
Identification of the i-th digit ?y?_(i) of an N-digit PIN. The attacker exploits the diversity offered by D different samples corresponding to the same digit.
Published in: IEEE Access ( Volume: 11)
Page(s): 23008 - 23018
Date of Publication: 06 March 2023
Electronic ISSN: 2169-3536

Funding Agency:


References

References is not available for this document.