2006 IEEE Symposium on Security and Privacy (S&P'06) (2006)
May 21, 2006 to May 24, 2006
pp: 6 pp.-300
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SP.2006.10
D. Weinshall , Sch. of Comput. Sci. & Eng., Hebrew Univ. of Jerusalem, Israel
Can we secure user authentication against eavesdropping adversaries, relying on human cognitive functions alone, unassisted by any external computational device? To accomplish this goal, we propose challenge response protocols that rely on a shared secret set of pictures. Under the considered brute-force attack the protocols are safe against eavesdropping, in that a modestly powered adversary who fully records a series of successful interactions cannot compute the user's secret. Moreover, the protocols can be tuned to any desired level of security against random guessing, where security can be traded-off with authentication time. The proposed protocols have two drawbacks: First, training is required to familiarize the user with the secret set of pictures. Second, depending on the level of security required, entry time can be significantly longer than with alternative methods. We describe user studies showing that people can use these protocols successfully, and quantify the time it takes for training and for successful authentication. We show evidence that the secret can be maintained for a long time (up to a year) with relatively low loss
Authentication, Protocols, Humans, Security, Cryptography, Computer science, Power engineering computing, Computer networks, IP networks, Protection
D. Weinshall, "Cognitive authentication schemes safe against spyware," 2006 IEEE Symposium on Security and Privacy (S&P'06)(SECPRI), Berkeley/Oakland, CA, 2009, pp. 6 pp.-300.