Paper 2006/258

Cryptanalysis of a Cognitive Authentication Scheme

Philippe Golle and David Wagner

Abstract

We present attacks against two cognitive authentication schemes [W06] recently proposed at the 2006 IEEE Symposium on Security and Privacy. These authentication schemes are designed to be secure against eavesdropping attacks while relying only on human cognitive skills. They achieve authentication via challenge response protocols based on a shared secret set of pictures. Our attacks use a SAT solver to recover a user's key in a few seconds, after observing only a small number of successful logins. These attacks demonstrate that the authentication schemes of [W06] are not secure against an eavesdropping adversary.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. N/A
Keywords
cryptanalysisauthentication protocol
Contact author(s)
pgolle @ cs stanford edu
History
2006-08-02: received
Short URL
https://ia.cr/2006/258
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2006/258,
      author = {Philippe Golle and David Wagner},
      title = {Cryptanalysis of a Cognitive Authentication Scheme},
      howpublished = {Cryptology {ePrint} Archive, Paper 2006/258},
      year = {2006},
      url = {https://eprint.iacr.org/2006/258}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.