Napredna pretraga

Pregled bibliografske jedinice broj: 436389

Shoulder-Surfing Safe Login in a Partially Observable Attacker Model


Perković, Toni; Čagalj, Mario; Saxena, Nitesh;
Shoulder-Surfing Safe Login in a Partially Observable Attacker Model // Lecture Notes in Computer Science (Springer-Verlag LNCS): The 14th International Conference on Financial Cryptography and Data Security (Financial Cryptography 2010 - FC10)
Tenerife, Kanarsko otočje, Španjolska, 2010. (predavanje, međunarodna recenzija, cjeloviti rad (in extenso), znanstveni)


Naslov
Shoulder-Surfing Safe Login in a Partially Observable Attacker Model

Autori
Perković, Toni ; Čagalj, Mario ; Saxena, Nitesh ;

Vrsta, podvrsta i kategorija rada
Radovi u zbornicima skupova, cjeloviti rad (in extenso), znanstveni

Izvornik
Lecture Notes in Computer Science (Springer-Verlag LNCS): The 14th International Conference on Financial Cryptography and Data Security (Financial Cryptography 2010 - FC10) / - , 2010

Skup
The 14th International Conference on Financial Cryptography and Data Security (Financial Cryptography 2010 - FC10)

Mjesto i datum
Tenerife, Kanarsko otočje, Španjolska, 25-28.01.2010

Vrsta sudjelovanja
Predavanje

Vrsta recenzije
Međunarodna recenzija

Ključne riječi
Cognitive authentication schemes; usability study; side channel timing attacks

Sažetak
Secure login methods based on human cognitive skills can be classified into two categories based on information available to a passive attacker: (i) the attacker fully observes the entire input and output of a login procedure, (ii) the attacker only partially observes the input and output. Login methods secure in the fully observable model imply very long secrets and/or complex calculations. In this paper, we study three simple PIN-entry methods designed for the partially observable attacker model. A notable feature of the first method is that the user needs to perform a very simple mathematical operation, whereas, in the other two methods, the user performs a simple table lookup. Our usability study shows that all the methods have reasonably low login times and minimal error rates. These results, coupled with low-cost hardware requirements (only earphones), are a significant improvement over existing approaches for this model [9, 10]. We also show that side-channel timing attacks present a real threat to the security of login schemes based on human cognitive skills.

Izvorni jezik
Engleski

Znanstvena područja
Računarstvo



POVEZANOST RADA


Projekt / tema
023-0231924-1660 - NAPREDNE HETEROGENE MREŽNE TEHNOLOGIJE (Dinko Begušić, )

Ustanove
Fakultet elektrotehnike, strojarstva i brodogradnje, Split