Cryptology ePrint Archive: Report 2006/258

Cryptanalysis of a Cognitive Authentication Scheme

Philippe Golle and David Wagner

Abstract: We present attacks against two cognitive authentication schemes [W06] recently proposed at the 2006 IEEE Symposium on Security and Privacy. These authentication schemes are designed to be secure against eavesdropping attacks while relying only on human cognitive skills. They achieve authentication via challenge response protocols based on a shared secret set of pictures. Our attacks use a SAT solver to recover a user's key in a few seconds, after observing only a small number of successful logins. These attacks demonstrate that the authentication schemes of [W06] are not secure against an eavesdropping adversary.

Category / Keywords: cryptographic protocols / cryptanalysis, authentication protocol

Publication Info: N/A

Date: received 31 Jul 2006

Contact author: pgolle at cs stanford edu

Available format(s): PDF | BibTeX Citation

Version: 20060802:184957 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]