Timing Attacks on PIN Input in VoIP Networks (Short Paper)

8 years 6 months ago
Timing Attacks on PIN Input in VoIP Networks (Short Paper)
To access automated voice services, Voice over IP (VoIP) users sometimes are required to provide their Personal Identiļ¬cation Numbers (PIN) for authentication. Therefore when they enter PINs, their user-agents generate packets for each key pressed and send them immediately over the networks. This paper shows that a malicious intermediary can recover the inter-keystroke time delay for each PIN input even if the standard encryption mechanism has been applied. The inter-keystroke delay can leak information of what has been typed: Our experiments show that the average search space of a brute force attack on PIN can be reduced by around 80%.
Ge Zhang, Simone Fischer-Hübner
Added 27 Aug 2011
Updated 27 Aug 2011
Type Journal
Year 2011
Authors Ge Zhang, Simone Fischer-Hübner
Comments (0)