Cryptanalysis of a Cognitive Authentication Scheme (Extended Abstract)

Author

Golle, Philippe ; Wagner, David

Author_Institution

Palo Alto Res. Center, Palo Alto, CA

fYear

2007

fDate

20-23 May 2007

Firstpage

Lastpage

Abstract

We present attacks against two cognitive authentication schemes [9] proposed at the 2006 IEEE Symposium on Security and Privacy. These authentication schemes are designed to be secure against eavesdropping attacks while relying only on human cognitive skills. They achieve authentication via challenge response protocols based on a shared secret set of pictures. Our attacks use a SAT solver to recover a user´s secret key in a few seconds, after observing only a small number of successful logins. These attacks demonstrate that the authentication schemes of [9] are not secure against an eavesdropping adversary.

Keywords

cognitive systems; computability; cryptography; message authentication; SAT solver; challenge response protocols; cognitive authentication scheme; cryptanalysis; eavesdropping attacks; human cognitive skills; Authentication; Humans; Internet; Privacy; Protocols; Security; Web server; Writing;

fLanguage

English

Publisher

ieee

Conference_Titel

Security and Privacy, 2007. SP '07. IEEE Symposium on

Conference_Location

Berkeley, CA

ISSN

1081-6011

Print_ISBN

0-7695-2848-1

Type

conf

DOI

10.1109/SP.2007.13

Filename

4223214

Link To Document

https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2755895