Napredna pretraga

Pregled bibliografske jedinice broj: 732628

Timing Attacks on Cognitive Authentication Schemes

Čagalj, Mario; Perković, Toni; Bugarić, Marin
Timing Attacks on Cognitive Authentication Schemes // IEEE transactions on information forensics and security, 10 (2015), 3; 584-596 doi:10.1109/TIFS.2014.2376177 (međunarodna recenzija, članak, znanstveni)

Timing Attacks on Cognitive Authentication Schemes

Čagalj, Mario ; Perković, Toni ; Bugarić, Marin

IEEE transactions on information forensics and security (1556-6013) 10 (2015), 3; 584-596

Vrsta, podvrsta i kategorija rada
Radovi u časopisima, članak, znanstveni

Ključne riječi
Authentication; cognitive authentication schemes; human factors; observation attack; side-channel timing attack

Classical password/PIN-based authentication methods have proven to be vulnerable to a broad range of observation attacks (such as key- logging, video-recording or shoulder surfing attacks). In order to mitigate these attacks, a number of solutions have been proposed, most of them being cognitive authentication schemes (challenge-response protocols that require users to perform some kind of cognitive operations). In this paper we show successful passive side- channel timing attacks on two cognitive authentication schemes, a well-known Hopper- Blum (HB) protocol and a US patent Mod10 method, previously believed to be secure against observation attacks. As we show, the main security weakness of these methods comes from detectable variations in the user’s cognitive load that results from cognitive operations during the authentication procedure. We carried out theoretical analysis of both Mod10 and HB methods, as well as an experimental user study of Mod10 method with 58 participants to validate the results of our timing attacks. We also propose security enhancements of these schemes aimed to mitigate the timing side- channel attacks. The proposed enhancements show the existence of a strong tradeoff between security and usability, indicating that the security of cognitive authentication schemes comes at a non- negligible usability cost (e.g., increased overall login time). For this reason, the designers of new cognitive authentication schemes should not ignore possible threats induced by side-channel timing attacks.

Izvorni jezik

Znanstvena područja
Elektrotehnika, Računarstvo


Fakultet elektrotehnike, strojarstva i brodogradnje, Split

Časopis indeksira:

  • Current Contents Connect (CCC)
  • Web of Science Core Collection (WoSCC)
    • Science Citation Index Expanded (SCI-EXP)
    • SCI-EXP, SSCI i/ili A&HCI
  • Scopus