This attack has the advantage over using a conventional camera that the codes do not need to be captured while they are being typed and can in stead be recovered for a short period afterwards To get the broadest sense of how effective such an attack ID: 33322
Download Pdf The PPT/PDF document "Heat of the Moment Characterizing the Ef..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
thereforeconsiderwhethertheprocessofdeterminingthecodecanbeautomated,andifsoifitismoreorlesseffective(e.g.,accurate)thanmanualvisualinspec-tion.Foreachoftheseunderlyingquestions,wedocumentthattheanswerisinfactyes.Inparticular,weob-servedthatthematerialofthekeypadhasatremendousimpact:thehighthermalconductivityofmetalkeypadsrenderedthemvirtuallyimpervioustotheattack,whileweobtainedqualitativelysimilarresultstoZalewksius-ingtheplastickeypad(althoughinourmeasurementsthethermalresiduepersistedforfarshorter).Similarly,indi-vidualdifferencesofthekeypadoperatorsplaysadeter-miningroleaswell.Somepeoplewerequiteabitmorewarm-bloodedthanothers,andsomeweremoreforce-fulinpressingthekeypad;forthepeoplewithcolderhandsoralightertouch,thethermalresultsfadedsig-nicantlymorequickly.Finally,wedevelopedanalgo-rithmtocompletelyautomatetheextractionofacodeusingasinglepost-hocframefromthethermalcamerafootage,thusdemonstratingthattheattackhasthepo-tentialtoscale.Insummary,whilewedocumentthatpost-hocthermalimagingattacksarefeasibleandautomatable,wealsondthatthewindowofvulnerabilityisfarmoremodestthansomehavefearedandthattherearesimplecounter-measures(i.e.,deployingkeypadswithhighthermalcon-ductivity)thatcanshrinkthisvulnerabilityfurtherstill.2AttackScenariosAsmentionedintheintroduction,thermalcamerashaveaclearadvantageoverconventionalcamerasforthepur-posesofcapturingcodes:conventionalcamerasneedtolmthecodeasitisbeingtyped,whereasthermalcamerascanrecoverthecodeforsometimeafterwards.Thereareofcoursepreventionmethodsthatausermightinturntakeagainstthermalcamera-basedattacks(forexample,continuingtopressthekeypadevenafterhehasenteredthecode,orsimplyrestinghiswholehandonthekeypad);nevertheless,weexpectthatallbutthemostparanoidofusersdonottakethem(atleastnotatpresent),andsotheadvantageoverconventionalcam-erasisstillmeaningful.Weoutlinetwomaincategoriesinwhichtheadvantageismostusefulbelow,andalsodiscussthedifferencesbetweentherequiredattacks.ATMPINs.Whencombinedwithacardskimmer,conventionalcamerasinstalledatATMshavealreadyprovedtobequiteeffectiveinstealingpeople'saccountinformation.Usingathermalcamerainsteadprovidesanattackertheabilitytorecoverthecodeeveninthecaseswhere,forexample,auser'sbodyisblockingthekeypadthroughoutthetransaction,orhejustcoversthekeypadwithhishandashetypesinthePIN.Attackersthere-foregainanextradegreeofexibilityintermsofcameraplacement,asitisnolongeressentialthatthecamerahaveanunobstructedviewofthekeypadatalltimes.InanATMscenario,onecouldeasilyimagineanat-tackerwhosegoalistoobtainasmanyPINsaspossible.Inthistypeofattack,anautomatedcodeextractionpro-cesswouldbehighlybenecial;iftheattackersimplyinstalledthecamera(andpresumablyaskimmeraswell)andthenusedittolmtheATMkeypadforafullday,usinganautomatedprocesswouldsavehimthetroubleofsiftingthroughthisentireday'sworthoffootage.Inaddition,theaccuracyofthecodeextractionisnotsoessentialinthisscenario.Eveniftheattackerdoesnotrecovereverysinglecode,anynon-trivialfractionofthePINsenteredinafullday'sworthofATMusagewouldstillbequitevaluable.Doorcodes.Doors(orgatesorelevators)mayactasaccesscontrolpoints,inwhichentrytoagivenroom,building,etc.ismeanttoberestrictedtoauthorizedusers.AuthorizeduserscouldshareaspecialkeyorIDcard,havetheirbiometricdatastoredinthesystemforngerprintoropticalscans,or,inmanycases,en-terapassword.Inthislastcase,anattackerusingacameratocaptureanauthorizeduserenteringhiscodewouldbeabletogainentrytotherestrictedareaofhischoice.Again,thermalcameraspresentanumberofad-vantageshere.JustaswiththeATMs,usersmayblockthekeypad(eitherintentionallyorunintentionally)intheprocessofenteringthecode,inwhichcaseaninstalledconventionalcamerawouldberendereduseless.Addi-tionally,ifthekeypadisprotectedbyahoodorshroud,anattackerwouldhavetroubleinstallingaconventionalcameraangledinsuchawaythatthewholekeypadcouldbeseen.Thermalcameras,ontheotherhand,areabletoovercomethisproblem;infact,athermalcamerawouldnotnecessarilyevenneedtobeinstalledfull-time.Af-teranauthorizeduserhasenteredthecorrectpassword,anattackercansimplywalkupwiththecameraandlmthekeypad;providedhedoesthissoonenoughafterthecodehasbeenentered(andthatheknowsnoonewillbewalkingby!),hecansafelyrecoverthecode.Inmanyways,thisattackisquitedifferentfromtheattackonATMs.Beyondnotevenhavingtoinstallacamera,thevastmajorityofuserswillbeenteringthesamecode(modulofrequentpasswordchanges);com-paredwithATMkeypadsthen,inwhicheachuserentersadifferentcode,thekeypadforadoorpasswordwillbemuchlessnoisy.Ontheotherhand,theaccuracyofthecodeextractionbecomesessentialhere:iftheattackerdoesnotrecovertheonesinglecorrectcode,thenhehasearnednothing;inotherwords,thefractionofthecodeswhichhenowneedstorecoverisjust1.Inaddi-tion,iftheattackerhastowalkupwithacameraeverytimehelmsthekeypadthentheautomationoftheat-tackbecomeslessrelevant,ashemightaswellalsolook2