Abstract : Malicious intermediaries are able to detect the availability of VoIP conversation flows in a network and observe the IP addresses used by the conversation partners. However, it is insufficient to infer the calling records of a particular user in this way since the linkability between a user and a IP address is uncertain: users may regularly change or share IP addresses. Unfortunately, VoIP flows may contain humanspecific features. For example, users sometimes are required to provide Personal identification numbers (PINs) to a voice server for authentication and thus the key-click patterns of entering a PIN can be extracted from VoIP flows for user recognition. We invited 31 subjects to enter 4-digital PINs on a virtual keypad of a popular VoIP user-agent with mouse clicking. Employing machine learning algorithms, we achieved average equal error rates of 10-29% for user verification and a hitting rate up to 65% with a false positive rate around 1% for user classification.
https://hal.inria.fr/hal-01567602 Contributor : Hal IfipConnect in order to contact the contributor Submitted on : Monday, July 24, 2017 - 10:40:21 AM Last modification on : Wednesday, November 10, 2021 - 9:02:03 AM
Ge Zhang. Analyzing Key-Click Patterns of PIN Input for Recognizing VoIP Users. 26th International Information Security Conference (SEC), Jun 2011, Lucerne, Switzerland. pp.247-258, ⟨10.1007/978-3-642-21424-0_20⟩. ⟨hal-01567602⟩