Browse > Article
http://dx.doi.org/10.13089/JKIISC.2014.24.6.1045

A Side Channel Attack with Vibration Signal on Card Terminal  

Jang, Soohee (Graduate School of Information Security, Korea University)
Ha, Youngmok (ETRI)
Yoon, Jiwon (Graduate School of Information Security, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.24, no.6, 2014 , pp. 1045-1053 More about this Journal
Abstract
In this paper, we assume that the information leakage through side-channel signal may occur from the card payment terminal and newly introduce a real application attack model. The attack model is a side channel attack based on vibration signals, which are detected by a small sensor attached on card terminal by attacker. This study is similar to some other studies regarding side channel attack. However, this paper is different in that it is based on the non-language model. Because the financial transaction information such as a card number, password, mobile phone number and etc cannot have a constant pattern. In addition, there was no study about card terminal. Therefore, this new study is meaningful. We collected vibration signals on card terminal with a small wireless sensor and analyzed signal data with statistical signal processing techniques using spectrum of frequency domain and principal component analysis and pattern recognition algorithms. Finally, we evaluated the performances by using real data from the sensor.
Keywords
Side channel attack; Security; Card terminal; Signal processing;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 J.R. Rao, P. Rohatgi, H. Scherzer and S. Tinguely, "Partitioning attacks: or how to rapidly clone some GSM cards," Proceeding of the 2002 IEEE Symposium on Security and Privacy, pp.31-41, 2002
2 Pedersen, A. Hedegaard and Anders "Security in POS systems," DK-2800, Technical University of Denmark, 2005
3 A manual of sensor, http://www.e2box.co.kr/category/기술정보%20및%20자료/EBMotion
4 P. Kocher, "Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems," Advances in Cryptology-CRYPTO'96, LNCS 1109, pp. 104-113, 1996
5 P. Kocher, J. Jaffe and B. Jun, "Differential power analysis," Advances in Cryptology-CRYPTO'99, pp. 388-397, Jan 1999.
6 P. Marquardt, A. Verma, H. Carter, and P. Traynor, "iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers," Proceedings of the 18th ACM conference on Computer and communications security, pp. 551-562, Oct. 2011
7 [saturday FOCUS] NSA has collected wiretap records using vibration on window, MK News, Nov. 1st 2013, http://news.mk.co.kr/news-Read.php?year=2013&no=1070547
8 M. Backes, M. Durmuth, S. Gerling, M. Pinkal, and C. Sporleder, "Acoustic side-channel attacks on printers.", USENIX Security Symposium, pp. 307-322, 2010
9 Chang-Kyun Kim and Il-Hwan Park, "Investigation of Side Channel Analysis Attacks on Financial IC Cards," Journal of the Korea Institute of Information Security and Cryptology, 18(1), pp. 31-39. Feb. 2008   과학기술학회마을
10 T.S Messerges, E.A Dabbish and R.H. Sloan, "Examining smart-card security under the threat of power analysis attacks," IEEE Transactions on Computers, vol. 51, no. 5, pp. 541-552. May. 2002   DOI   ScienceOn
11 Y.C. ZHOU, Q.Y. CAO, L. GAN, S. FU, and L. GAO, "Embedded POS System Based on Security Module," Information Security and Communications Privacy, 11, 034. 2008
12 E. Oswald, S. Mangard, C. Herbst, and S. Tillich, "Practical second-order DPA attacks for masked smart card implementations of block ciphers," Proceedings of the 2006 The Cryptographers' Track at the RSA Conference on Topics in Cryptology, LNCS 3860, pp. 192-207, 2006.