Nalazite se na CroRIS probnoj okolini. Ovdje evidentirani podaci neće biti pohranjeni u Informacijskom sustavu znanosti RH. Ako je ovo greška, CroRIS produkcijskoj okolini moguće je pristupi putem poveznice www.croris.hr
izvor podataka: crosbi

Timing Attacks on Cognitive Authentication Schemes (CROSBI ID 212088)

Prilog u časopisu | izvorni znanstveni rad | međunarodna recenzija

Čagalj, Mario ; Perković, Toni ; Bugarić, Marin Timing Attacks on Cognitive Authentication Schemes // Ieee transactions on information forensics and security, 10 (2015), 3; 584-596. doi: 10.1109/TIFS.2014.2376177

Podaci o odgovornosti

Čagalj, Mario ; Perković, Toni ; Bugarić, Marin

engleski

Timing Attacks on Cognitive Authentication Schemes

Classical password/PIN-based authentication methods have proven to be vulnerable to a broad range of observation attacks (such as key- logging, video-recording or shoulder surfing attacks). In order to mitigate these attacks, a number of solutions have been proposed, most of them being cognitive authentication schemes (challenge-response protocols that require users to perform some kind of cognitive operations). In this paper we show successful passive side- channel timing attacks on two cognitive authentication schemes, a well-known Hopper- Blum (HB) protocol and a US patent Mod10 method, previously believed to be secure against observation attacks. As we show, the main security weakness of these methods comes from detectable variations in the user’s cognitive load that results from cognitive operations during the authentication procedure. We carried out theoretical analysis of both Mod10 and HB methods, as well as an experimental user study of Mod10 method with 58 participants to validate the results of our timing attacks. We also propose security enhancements of these schemes aimed to mitigate the timing side- channel attacks. The proposed enhancements show the existence of a strong tradeoff between security and usability, indicating that the security of cognitive authentication schemes comes at a non- negligible usability cost (e.g., increased overall login time). For this reason, the designers of new cognitive authentication schemes should not ignore possible threats induced by side-channel timing attacks.

Authentication; cognitive authentication schemes; human factors; observation attack; side-channel timing attack

nije evidentirano

nije evidentirano

nije evidentirano

nije evidentirano

nije evidentirano

nije evidentirano

Podaci o izdanju

10 (3)

2015.

584-596

objavljeno

1556-6013

10.1109/TIFS.2014.2376177

Povezanost rada

Elektrotehnika, Računarstvo

Poveznice
Indeksiranost