Thermal Imaging Attacks on Keypad Security Systems

Wojciech Wodo, Lucjan Hanzlik

Abstract

The paper discusses the issue of thermal imaging attacks on a variety of keyboard devices, such as cash machines, payment terminals, combination locks or computer keyboards. The aim of the research was to obtain the entered code or password in the most non-invasive way. As it turned out, attacks based on images from thermal imaging cameras are very easy to carry out and work in almost every case, which calls for extra safety measures. The authors consider various attack scenarios and come up with recommendations for both manufacturers and users of electronic keyboard security systems.

References

  1. Kocher, Paul, (1996). Timing Attacks on Implementations of Diffie-Hellman. RSA, DSS, and Other Systems, Advances in Cryptology-CRYPTO'96.
  2. Messerges, Thomas S., Ezzy A. Dabbish, and Robert H. Sloan, (1999). Investigations of power analysis attacks on smartcards. In Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology (WOST'99).
  3. Kocher, Paul, J. Jaffe, and B. Jun. (1999). Differential power analysis. Proceedings of CRYPTO'99, vol. 1666, pp. 388-397.
  4. Van Eck, W. (1985). Electromagnetic radiation from video display units: An eavesdropping risk? Computers & Security 4, 4.
  5. Markettos, A. T. and S. W. Moore. (2009). The Frequency Injection Attack on Ring-Oscillator-Based True Random Number Generators. In Proceedings of Cryptographic Hardware and Embedded Systems (CHES). Lecture Notes in Computer Science 5747, Springer, pp. 317-331.
  6. Li, H., A. T. Markettos and S. W. Moore. (2005). A Security Evaluation Methodology for Smart Cards Against Electromagnetic Analysis. In Proceedings of the 39th IEEE International Carnahan Conference on Security Technology (ICCST 2005), Las Palmas de Gran Canaria, Spain, pp. 208-211.
  7. Markettos, A. T. and S. W. Moore. (2004). Electromagnetic Analysis of Synchronous and Asynchronous Circuits using Hard Disc Heads. 16th UK Asynchronous Forum, Manchester, UK.
  8. Zalewski, Mariusz. (2005). Cracking safes with thermal imaging, [online] Available at: http://lcamtuf. coredump.cx/tsafe. [Accessed 23 May 2016].
  9. Meiklejohn, Sarah and Stefan Savage. (2011). Heat of the Moment: Characterizing the Efficacy of Thermal Camera-Based Attacks. Proceedings of Workshop on Offensive Technologies (WOOT).
  10. Snapsupplies.com. (2014). ATM Skimming Devices, [online] Available at: https://www.snapsupplies.com/
  11. Snap/Industry-News/ATM-Skimming-Devices_12.asp x. [Accessed 23 May 2016].
  12. Stefan Wisniewski, Tomasz S. Wisniewski. (2012). Wymiana ciepla, WNT.
  13. Hanzlik, L., W. Wodo. (2013). Identity security in biometric systems based on keystroking. International Conference on Security and Cryptography (SECRYPT), Reykjavik, Iceland.
  14. Hancke, Gerhard P., (2005). A practical relay attack on ISO 14443 proximity cards. Technical report, University of Cambridge Computer Laboratory.
Download


Paper Citation


in Harvard Style

Wodo W. and Hanzlik L. (2016). Thermal Imaging Attacks on Keypad Security Systems . In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016) ISBN 978-989-758-196-0, pages 458-464. DOI: 10.5220/0005998404580464


in Bibtex Style

@conference{secrypt16,
author={Wojciech Wodo and Lucjan Hanzlik},
title={Thermal Imaging Attacks on Keypad Security Systems},
booktitle={Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)},
year={2016},
pages={458-464},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005998404580464},
isbn={978-989-758-196-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)
TI - Thermal Imaging Attacks on Keypad Security Systems
SN - 978-989-758-196-0
AU - Wodo W.
AU - Hanzlik L.
PY - 2016
SP - 458
EP - 464
DO - 10.5220/0005998404580464