A Theoretical Framework for Assessing Eavesdropping-Resistant Authentication Interfaces

A simple theoretical framework is developed to evaluate the security and usability of eavesdropping-resistant authentication schemes. Such schemes strive to allow users to authenticate without disclosing the user´s credentials to an eavesdropper, while using only standard computer hardware (monitor, keyboard and mouse). We find that schemes based on shared secrets and standard computer hardware are unable to deliver real security advantages. For all the schemes reported to date, an attacker can collect all the needed information within ten observations of successful authentications. Shared secret schemes can provide security only if the space of possible shared secrets is extensive enough to prevent an exhaustive search. In turn, this complexity of the shared secrets space is already limited by usability considerations, and cannot be increased further. Thus, for truly user-friendly interfaces resistant to eavesdropping attacks, shared secrets must be combined with other authentication factors: biometrics or special hardware.