Shoulder-Surfing Safe Login in a Partially Observable Attacker Model (CROSBI ID 557090)
Prilog sa skupa u zborniku | izvorni znanstveni rad | međunarodna recenzija
Podaci o odgovornosti
Perković, Toni ; Čagalj, Mario ; Saxena, Nitesh ;
engleski
Shoulder-Surfing Safe Login in a Partially Observable Attacker Model
Secure login methods based on human cognitive skills can be classified into two categories based on information available to a passive attacker: (i) the attacker fully observes the entire input and output of a login procedure, (ii) the attacker only partially observes the input and output. Login methods secure in the fully observable model imply very long secrets and/or complex calculations. In this paper, we study three simple PIN-entry methods designed for the partially observable attacker model. A notable feature of the first method is that the user needs to perform a very simple mathematical operation, whereas, in the other two methods, the user performs a simple table lookup. Our usability study shows that all the methods have reasonably low login times and minimal error rates. These results, coupled with low-cost hardware requirements (only earphones), are a significant improvement over existing approaches for this model [9, 10]. We also show that side-channel timing attacks present a real threat to the security of login schemes based on human cognitive skills.
cognitive authentication schemes; usability study; side channel timing attacks
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
Podaci o prilogu
2010.
objavljeno
Podaci o matičnoj publikaciji
Lecture Notes in Computer Science (Springer-Verlag LNCS): The 14th International Conference on Financial Cryptography and Data Security (Financial Cryptography 2010 - FC10)
Podaci o skupu
The 14th International Conference on Financial Cryptography and Data Security (Financial Cryptography 2010 - FC10)
predavanje
25.01.2010-28.01.2010
Tenerife, Španjolska