TY - GEN
T1 - Cognitive authentication schemes safe against spyware (short paper)
AU - Weinshall, Daphna
PY - 2006
Y1 - 2006
N2 - Can we secure user authentication against eavesdropping adversaries, relying on human cognitive functions alone, unassisted by any external computational device ? To accomplish this goal, we propose challenge response protocols that rely on a shared secret set of pictures. Under the considered brute-force attack the protocols are safe against eavesdropping, in that a modestly powered adversary who fully records a series of successful interactions cannot compute the user's secret. Moreover, the protocols can be tuned to any desired level of security against random guessing, where security can be traded-off with authentication time. The proposed protocols have two drawbacks: First, training is required to familiarize the user with the secret set of pictures. Second, depending on the level of security required, entry time can be significantly longer than with alternative methods. We describe user studies showing that people can use these protocols successfully, and quantify the time it takes for training and for successful authentication. We show evidence that the secret can be maintained for a long time (up to a year) with relatively low loss.
AB - Can we secure user authentication against eavesdropping adversaries, relying on human cognitive functions alone, unassisted by any external computational device ? To accomplish this goal, we propose challenge response protocols that rely on a shared secret set of pictures. Under the considered brute-force attack the protocols are safe against eavesdropping, in that a modestly powered adversary who fully records a series of successful interactions cannot compute the user's secret. Moreover, the protocols can be tuned to any desired level of security against random guessing, where security can be traded-off with authentication time. The proposed protocols have two drawbacks: First, training is required to familiarize the user with the secret set of pictures. Second, depending on the level of security required, entry time can be significantly longer than with alternative methods. We describe user studies showing that people can use these protocols successfully, and quantify the time it takes for training and for successful authentication. We show evidence that the secret can be maintained for a long time (up to a year) with relatively low loss.
UR - http://www.scopus.com/inward/record.url?scp=33751057130&partnerID=8YFLogxK
U2 - 10.1109/SP.2006.10
DO - 10.1109/SP.2006.10
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:33751057130
SN - 0769525741
SN - 9780769525747
T3 - Proceedings - IEEE Symposium on Security and Privacy
SP - 295
EP - 300
BT - Proceedings - 2006 IEEE Symposium on Security and Privacy, S+P 2006
T2 - 2006 IEEE Symposium on Security and Privacy, S and P 2006
Y2 - 21 May 2006 through 24 May 2006
ER -