On the Security of a Two-Factor Authentication Scheme

Luigi Catuogno 1 Clemente Galdi 2
1 Dipartimento di Informatica ed Applicazioni
2 Dipartimento di Scienze Fisiche
Abstract : In this paper we evaluate the security of a two-factor Graphical Password scheme proposed in [1]. As in the original paper, we model the attack of a passive adversary as a boolean formula whose truth assignment corresponds to the user secret. We show that there exist a small number of secrets that a passive adversary cannot extract, independently from the amount information she manages to eavesdrop. We then experimentally evaluate the security of the scheme. Our tests show that the number of sessions the adversary needs to gather in order to be able to extract the users secret is relatively small. However, the amount of time needed to actually extract the user secret from the collected information grows exponentially in the system parameters, making the secret extraction unfeasible. Finally we observe that the graphical password scheme can be easily restated in as a device-device authentication mechanism.
Type de document :
Communication dans un congrès
Pierangela Samarati; Michael Tunstall; Joachim Posegga; Konstantinos Markantonakis; Damien Sauveron. 4th IFIP WG 11.2 International Workshop on Information Security Theory and Practices: Security and Privacy of Pervasive Systems and Smart Devices (WISTP), Apr 2010, Passau, Germany. Springer, Lecture Notes in Computer Science, LNCS-6033, pp.245-252, 2010, Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices. 〈10.1007/978-3-642-12368-9_19〉
Liste complète des métadonnées

Littérature citée [6 références]  Voir  Masquer  Télécharger
https://hal.inria.fr/hal-01056082
Contributeur : Hal Ifip <>
Soumis le : jeudi 14 août 2014 - 17:55:58
Dernière modification le : vendredi 11 août 2017 - 15:12:56
Document(s) archivé(s) le : jeudi 27 novembre 2014 - 01:36:39

Fichier

60330247.pdf
Fichiers produits par l'(les) auteur(s)

Licence

Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Collections

IFIP-LNCS | IFIP | IFIP-LNCS-6033 | IFIP-TC | IFIP-TC11 | IFIP-WISTP | IFIP-WG11-2

Citation

Luigi Catuogno, Clemente Galdi. On the Security of a Two-Factor Authentication Scheme. Pierangela Samarati; Michael Tunstall; Joachim Posegga; Konstantinos Markantonakis; Damien Sauveron. 4th IFIP WG 11.2 International Workshop on Information Security Theory and Practices: Security and Privacy of Pervasive Systems and Smart Devices (WISTP), Apr 2010, Passau, Germany. Springer, Lecture Notes in Computer Science, LNCS-6033, pp.245-252, 2010, Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices. 〈10.1007/978-3-642-12368-9_19〉. 〈hal-01056082〉

Exporter

BibTeX TEI DC DCterms EndNote

Partager

Métriques

Consultations de la notice

65

Téléchargements de fichiers

84

Contact


archive-ouverte@inria.fr