Skip to Main Content
We present attacks against two cognitive authentication schemes  proposed at the 2006 IEEE Symposium on Security and Privacy. These authentication schemes are designed to be secure against eavesdropping attacks while relying only on human cognitive skills. They achieve authentication via challenge response protocols based on a shared secret set of pictures. Our attacks use a SAT solver to recover a user's secret key in a few seconds, after observing only a small number of successful logins. These attacks demonstrate that the authentication schemes of  are not secure against an eavesdropping adversary.