Pretražite po imenu i prezimenu autora, mentora, urednika, prevoditelja

Napredna pretraga

Pregled bibliografske jedinice broj: 732628

Timing Attacks on Cognitive Authentication Schemes


Čagalj, Mario; Perković, Toni; Bugarić, Marin
Timing Attacks on Cognitive Authentication Schemes // IEEE transactions on information forensics and security, 10 (2015), 3; 584-596 doi:10.1109/TIFS.2014.2376177 (međunarodna recenzija, članak, znanstveni)


CROSBI ID: 732628 Za ispravke kontaktirajte CROSBI podršku putem web obrasca

Naslov
Timing Attacks on Cognitive Authentication Schemes

Autori
Čagalj, Mario ; Perković, Toni ; Bugarić, Marin

Izvornik
IEEE transactions on information forensics and security (1556-6013) 10 (2015), 3; 584-596

Vrsta, podvrsta i kategorija rada
Radovi u časopisima, članak, znanstveni

Ključne riječi
Authentication; cognitive authentication schemes; human factors; observation attack; side-channel timing attack

Sažetak
Classical password/PIN-based authentication methods have proven to be vulnerable to a broad range of observation attacks (such as key- logging, video-recording or shoulder surfing attacks). In order to mitigate these attacks, a number of solutions have been proposed, most of them being cognitive authentication schemes (challenge-response protocols that require users to perform some kind of cognitive operations). In this paper we show successful passive side- channel timing attacks on two cognitive authentication schemes, a well-known Hopper- Blum (HB) protocol and a US patent Mod10 method, previously believed to be secure against observation attacks. As we show, the main security weakness of these methods comes from detectable variations in the user’s cognitive load that results from cognitive operations during the authentication procedure. We carried out theoretical analysis of both Mod10 and HB methods, as well as an experimental user study of Mod10 method with 58 participants to validate the results of our timing attacks. We also propose security enhancements of these schemes aimed to mitigate the timing side- channel attacks. The proposed enhancements show the existence of a strong tradeoff between security and usability, indicating that the security of cognitive authentication schemes comes at a non- negligible usability cost (e.g., increased overall login time). For this reason, the designers of new cognitive authentication schemes should not ignore possible threats induced by side-channel timing attacks.

Izvorni jezik
Engleski

Znanstvena područja
Elektrotehnika, Računarstvo



POVEZANOST RADA


Ustanove:
Fakultet elektrotehnike, strojarstva i brodogradnje, Split

Profili:

Avatar Url Marin Bugarić (autor)

Avatar Url Mario Čagalj (autor)

Avatar Url Toni Perković (autor)

Poveznice na cjeloviti tekst rada:

doi ieeexplore.ieee.org

Citiraj ovu publikaciju:

Čagalj, Mario; Perković, Toni; Bugarić, Marin
Timing Attacks on Cognitive Authentication Schemes // IEEE transactions on information forensics and security, 10 (2015), 3; 584-596 doi:10.1109/TIFS.2014.2376177 (međunarodna recenzija, članak, znanstveni)
Čagalj, M., Perković, T. & Bugarić, M. (2015) Timing Attacks on Cognitive Authentication Schemes. IEEE transactions on information forensics and security, 10 (3), 584-596 doi:10.1109/TIFS.2014.2376177.
@article{article, year = {2015}, pages = {584-596}, DOI = {10.1109/TIFS.2014.2376177}, keywords = {Authentication, cognitive authentication schemes, human factors, observation attack, side-channel timing attack}, journal = {IEEE transactions on information forensics and security}, doi = {10.1109/TIFS.2014.2376177}, volume = {10}, number = {3}, issn = {1556-6013}, title = {Timing Attacks on Cognitive Authentication Schemes}, keyword = {Authentication, cognitive authentication schemes, human factors, observation attack, side-channel timing attack} }
@article{article, year = {2015}, pages = {584-596}, DOI = {10.1109/TIFS.2014.2376177}, keywords = {Authentication, cognitive authentication schemes, human factors, observation attack, side-channel timing attack}, journal = {IEEE transactions on information forensics and security}, doi = {10.1109/TIFS.2014.2376177}, volume = {10}, number = {3}, issn = {1556-6013}, title = {Timing Attacks on Cognitive Authentication Schemes}, keyword = {Authentication, cognitive authentication schemes, human factors, observation attack, side-channel timing attack} }

Časopis indeksira:


  • Current Contents Connect (CCC)
  • Web of Science Core Collection (WoSCC)
    • Science Citation Index Expanded (SCI-EXP)
    • SCI-EXP, SSCI i/ili A&HCI
  • Scopus


Citati:





    Contrast
    Increase Font
    Decrease Font
    Dyslexic Font