## Cryptology ePrint Archive: Report 2003/217

Chemical Combinatorial Attacks on Keyboards

Eric Brier and David Naccache and Pascal Paillier

Abstract: This paper presents a new attack on keyboards. \smallskip

The attack consists in depositing on each keyboard key a small ionic salt quantity ({\sl e.g.} some NaCl on key 0, some KCl on key 1, LiCl on key 2, SrCl$_2$ on key 3, BaCl$_2$ on key 4, CaCl$_2$ on key 5...). As the user enters his PIN, salts get mixed and leave the keyboard in a state that leaks secret information. Nicely enough, evaluating the entropy loss due to the chemical trace turns out to be a very interesting combinatorial exercise. \smallskip

Under the assumption that mass spectroscopic analysis can reveal with accuracy the mixture of chemical compounds generated by the user, we show that, for moderate-size decimal PINs, the attack would generally disclose the PIN. \smallskip

The attack may apply to door PIN codes, phone numbers dialed from a hotel rooms, computer keyboards or even ATMs. \ss

While we did not implement the chemical part of the attack, a number of mass spectrometry specialists confirmed to the authors its feasibility.

Category / Keywords: implementation /

Publication Info: chemistry attack keyboard combinatorics entropy