Skip to Main content Skip to Navigation
Conference papers

On the Security of a Two-Factor Authentication Scheme

Abstract : In this paper we evaluate the security of a two-factor Graphical Password scheme proposed in [1]. As in the original paper, we model the attack of a passive adversary as a boolean formula whose truth assignment corresponds to the user secret. We show that there exist a small number of secrets that a passive adversary cannot extract, independently from the amount information she manages to eavesdrop. We then experimentally evaluate the security of the scheme. Our tests show that the number of sessions the adversary needs to gather in order to be able to extract the users secret is relatively small. However, the amount of time needed to actually extract the user secret from the collected information grows exponentially in the system parameters, making the secret extraction unfeasible. Finally we observe that the graphical password scheme can be easily restated in as a device-device authentication mechanism.
Document type :
Conference papers
Complete list of metadata

Cited literature [6 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Thursday, August 14, 2014 - 5:55:58 PM
Last modification on : Monday, October 19, 2020 - 8:02:03 PM
Long-term archiving on: : Thursday, November 27, 2014 - 1:36:39 AM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Luigi Catuogno, Clemente Galdi. On the Security of a Two-Factor Authentication Scheme. 4th IFIP WG 11.2 International Workshop on Information Security Theory and Practices: Security and Privacy of Pervasive Systems and Smart Devices (WISTP), Apr 2010, Passau, Germany. pp.245-252, ⟨10.1007/978-3-642-12368-9_19⟩. ⟨hal-01056082⟩



Record views


Files downloads