• DocumentCode
    1807010
  • Title

    Cognitive authentication schemes safe against spyware

  • Author

    Weinshall, Daphna

  • Author_Institution
    Sch. of Comput. Sci. & Eng., Hebrew Univ. of Jerusalem
  • fYear
    2006
  • fDate
    21-24 May 2006
  • Lastpage
    300
  • Abstract
    Can we secure user authentication against eavesdropping adversaries, relying on human cognitive functions alone, unassisted by any external computational device? To accomplish this goal, we propose challenge response protocols that rely on a shared secret set of pictures. Under the considered brute-force attack the protocols are safe against eavesdropping, in that a modestly powered adversary who fully records a series of successful interactions cannot compute the user´s secret. Moreover, the protocols can be tuned to any desired level of security against random guessing, where security can be traded-off with authentication time. The proposed protocols have two drawbacks: First, training is required to familiarize the user with the secret set of pictures. Second, depending on the level of security required, entry time can be significantly longer than with alternative methods. We describe user studies showing that people can use these protocols successfully, and quantify the time it takes for training and for successful authentication. We show evidence that the secret can be maintained for a long time (up to a year) with relatively low loss
  • Keywords
    authorisation; computer crime; computer viruses; brute-force attack; cognitive authentication schemes; eavesdropping adversaries; spyware; user authentication; Authentication; Computer networks; Computer science; Cryptography; Humans; IP networks; Power engineering computing; Protection; Protocols; Security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Security and Privacy, 2006 IEEE Symposium on
  • Conference_Location
    Berkeley/Oakland, CA
  • ISSN
    1081-6011
  • Print_ISBN
    0-7695-2574-1
  • Type

    conf

  • DOI
    10.1109/SP.2006.10
  • Filename
    1624019