Cryptanalysis of a Cognitive Authentication Scheme (Extended Abstract)
Golle, P.
Wagner, D.
Palo Alto Res. Center, Palo Alto, CA;
This paper appears in: Security and Privacy, 2007. SP '07. IEEE Symposium on
Publication Date: 20-23 May 2007
On page(s): 66-70
Location: Berkeley, CA,
ISSN: 1081-6011
ISBN: 0-7695-2848-1
INSPEC Accession Number: 10286350
Digital Object Identifier: 10.1109/SP.2007.13
Current Version Published: 2007-06-04
Abstract
We present attacks against two cognitive authentication schemes [9] proposed at the 2006 IEEE Symposium on Security and Privacy. These authentication schemes are designed to be secure against eavesdropping attacks while relying only on human cognitive skills. They achieve authentication via challenge response protocols based on a shared secret set of pictures. Our attacks use a SAT solver to recover a user's secret key in a few seconds, after observing only a small number of successful logins. These attacks demonstrate that the authentication schemes of [9] are not secure against an eavesdropping adversary.
Index
Terms
Available to subscribers and IEEE members.
References
Available to subscribers and IEEE members.
Citing Documents
Available to subscribers and IEEE members.
Cart
