Abstract : In this paper we evaluate the security of a
two-factor Graphical Password scheme proposed in [1]. As in the original
paper, we model the attack of a passive adversary as a boolean formula
whose truth assignment corresponds to the user secret. We show that
there exist a small number of secrets that a passive adversary cannot
extract, independently from the amount information she manages to
eavesdrop. We then experimentally evaluate the security of the scheme.
Our tests show that the number of sessions the adversary needs to gather
in order to be able to extract the users secret is relatively small.
However, the amount of time needed to actually extract the user secret
from the collected information grows exponentially in the system
parameters, making the secret extraction unfeasible. Finally we observe
that the graphical password scheme can be easily restated in as a
device-device authentication mechanism.
https://hal.inria.fr/hal-01056082 Contributor : Hal IfipConnect in order to contact the contributor Submitted on : Thursday, August 14, 2014 - 5:55:58 PM Last modification on : Monday, October 19, 2020 - 8:02:03 PM Long-term archiving on: : Thursday, November 27, 2014 - 1:36:39 AM
Luigi Catuogno, Clemente Galdi. On the Security of a Two-Factor Authentication
Scheme. 4th IFIP WG 11.2 International Workshop on Information Security Theory and Practices: Security and Privacy of Pervasive Systems and Smart Devices (WISTP), Apr 2010, Passau, Germany. pp.245-252, ⟨10.1007/978-3-642-12368-9_19⟩. ⟨hal-01056082⟩