Title :
A Theoretical Framework for Assessing Eavesdropping-Resistant Authentication Interfaces
Author :
Hoanca, B. ; Mock, K.
Author_Institution :
Comput. Inf. Syst., Univ. of Alaska Anchorage, Anchorage, AK
Abstract :
A simple theoretical framework is developed to evaluate the security and usability of eavesdropping-resistant authentication schemes. Such schemes strive to allow users to authenticate without disclosing the user´s credentials to an eavesdropper, while using only standard computer hardware (monitor, keyboard and mouse). We find that schemes based on shared secrets and standard computer hardware are unable to deliver real security advantages. For all the schemes reported to date, an attacker can collect all the needed information within ten observations of successful authentications. Shared secret schemes can provide security only if the space of possible shared secrets is extensive enough to prevent an exhaustive search. In turn, this complexity of the shared secrets space is already limited by usability considerations, and cannot be increased further. Thus, for truly user-friendly interfaces resistant to eavesdropping attacks, shared secrets must be combined with other authentication factors: biometrics or special hardware.
Keywords :
security of data; user interfaces; computer hardware; eavesdropping attacks; eavesdropping-resistant authentication interfaces; exhaustive search; security advantages; shared secret schemes; user-friendly interfaces; Authentication; Biometrics; Computer security; Computerized monitoring; Hardware; Immune system; Information security; Keyboards; Mice; Usability;
Conference_Titel :
System Sciences, 2009. HICSS '09. 42nd Hawaii International Conference on
Conference_Location :
Big Island, HI
Print_ISBN :
978-0-7695-3450-3
DOI :
10.1109/HICSS.2009.43
