Cryptanalysis of a cognitive authentication scheme
We present attacks against two recently proposed cognitive authentication schemes [W06]. These authentication schemes are designed to be secure against eavesdropping attacks while relying only on human cognitive skills. They achieve authentication via challenge response protocols based on a shared secret set of pictures. Our attacks use a SAT solver to recover a user's key in a few seconds, after observing only a small number of successful logins. These attacks demonstrate that the authentication schemes of [W06] are not secure against an eavesdropping adversary.
- download PDF (129K)
Golle, P. ; Wagner, D. Cryptanalysis of a cognitive authentication scheme. IEEE Symposium on Security and Privacy 2007; 2007 May 20-23; Oakland, CA; USA.
Copyright © IEEE, 2007. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.