Sciweavers

DIMVA
2011

Timing Attacks on PIN Input in VoIP Networks (Short Paper)

13 years 4 months ago
Timing Attacks on PIN Input in VoIP Networks (Short Paper)
To access automated voice services, Voice over IP (VoIP) users sometimes are required to provide their Personal Identification Numbers (PIN) for authentication. Therefore when they enter PINs, their user-agents generate packets for each key pressed and send them immediately over the networks. This paper shows that a malicious intermediary can recover the inter-keystroke time delay for each PIN input even if the standard encryption mechanism has been applied. The inter-keystroke delay can leak information of what has been typed: Our experiments show that the average search space of a brute force attack on PIN can be reduced by around 80%.
Ge Zhang, Simone Fischer-Hübner
Added 27 Aug 2011
Updated 27 Aug 2011
Type Journal
Year 2011
Where DIMVA
Authors Ge Zhang, Simone Fischer-Hübner
Comments (0)