Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Secure Human Identification Protocols
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Cognitive Authentication Schemes Safe Against Spyware (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Cryptanalysis of a Cognitive Authentication Scheme (Extended Abstract)
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Undercover: authentication usable in front of prying eyes
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Compromising Reflections-or-How to Read LCD Monitors around the Corner
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
A step-by-step approach to using sas® for univariate & multivariate statistics, second edition
A step-by-step approach to using sas® for univariate & multivariate statistics, second edition
Usability of display-equipped RFID tags for security purposes
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Breaking undercover: exploiting design flaws and nonuniform human behavior
Proceedings of the Seventh Symposium on Usable Privacy and Security
Can Jannie verify? Usability of display-equipped RFID tags for security purposes
Journal of Computer Security - Research in Computer Security and Privacy: Emerging Trends
| Hi-index | 0.00 |
Secure login methods based on human cognitive skills can be classified into two categories based on information available to a passive attacker: (i) the attacker fully observes the entire input and output of a login procedure, (ii) the attacker only partially observes the input and output. Login methods secure in the fully observable model imply very long secrets and/or complex calculations. In this paper, we study three simple PIN-entry methods designed for the partially observable attacker model. A notable feature of the first method is that the user needs to perform a very simple mathematical operation, whereas, in the other two methods, the user performs a simple table lookup. Our usability study shows that all the methods have reasonably low login times and minimal error rates. These results, coupled with low-cost hardware requirements (only earphones), are a significant improvement over existing approaches for this model [9,10]. We also show that side-channel timing attacks present a real threat to the security of login schemes based on human cognitive skills.