Behavioral Acoustic Emanations : Attack and Verification of PIN Entry Using Keypress Sounds

Research output: Journal Publications and Reviews (RGC: 21, 22, 62)21_Publication in refereed journalpeer-review

9 Scopus Citations
View graph of relations

Related Research Unit(s)


Original languageEnglish
Article number3015
Journal / PublicationSensors (Switzerland)
Issue number11
Online published26 May 2020
Publication statusPublished - Jun 2020



This paper explores the security vulnerability of Personal Identification Number (PIN) or numeric passwords. Entry Device (PEDs) that use small strings of data (PINs, keys or passwords) as means of verifying the legitimacy of a user. Today, PEDs are commonly used by personnel in different industrial and consumer electronic applications, such as entry at security checkpoints, ATMs and customer kiosks, etc. In this paper, we propose a side-channel attack on a 4–6 digit random PIN key, and a PIN key user verification method. The intervals between two keystrokes are extracted from the acoustic emanation and used as features to train machine-learning models. The attack model has a 60% chance to recover the PIN key. The verification model has an 88% accuracy on identifying the user. Our attack methods can perform key recovery by using the acoustic side-channel at low cost. As a countermeasure, our verification method can improve the security of PIN entry devices.

Research Area(s)

  • Biometric verification, Personal identification number, PIN entry device, Side-channel attack

Download Statistics

No data available