Timing Attacks on Cognitive Authentication Schemes

Classical password/PIN-based authentication methods have proven to be vulnerable to a broad range of observation attacks (such as key-logging, video-recording or shoulder surfing attacks). In order to mitigate these attacks, a number of solutions have been proposed, most of them being cognitive authentication schemes (challenge-response protocols that require users to perform some kind of cognitive operations). In this paper, we show successful passive side-channel timing attacks on two cognitive authentication schemes, a well-known Hopper-Blum (HB) protocol and a U.S. patent Mod10 method, previously believed to be secure against observation attacks. As we show, the main security weakness of these methods comes from detectable variations in the user´s cognitive load that results from cognitive operations during the authentication procedure. We carried out theoretical analysis of both Mod10 and HB methods, as well as an experimental user study of Mod10 method with 58 participants to validate the results of our timing attacks. We also propose security enhancements of these schemes aimed to mitigate the timing side-channel attacks. The proposed enhancements show the existence of a strong tradeoff between security and usability, indicating that the security of cognitive authentication schemes comes at a non-negligible usability cost (e.g., increased overall login time). For this reason, the designers of new cognitive authentication schemes should not ignore possible threats induced by side-channel timing attacks.