A second look at the usability of click-based graphical passwords
Proceedings of the 3rd symposium on Usable privacy and security
Undercover: authentication usable in front of prying eyes
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Use Your Illusion: secure authentication usable anywhere
Proceedings of the 4th symposium on Usable privacy and security
One-Time Password Access to Any Server without Changing the Server
ISC '08 Proceedings of the 11th international conference on Information Security
Can "Something You Know" Be Saved?
ISC '08 Proceedings of the 11th international conference on Information Security
Machine learning attacks against the Asirra CAPTCHA
Proceedings of the 15th ACM conference on Computer and communications security
SSSL: shoulder surfing safe login
SoftCOM'09 Proceedings of the 17th international conference on Software, Telecommunications and Computer Networks
A graphical PIN authentication mechanism with applications to smart cards and low-cost devices
WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
A closer look at recognition-based graphical passwords on mobile devices
Proceedings of the Sixth Symposium on Usable Privacy and Security
Authentication technologies for the blind or visually impaired
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
Cryptanalysis of the convex hull click human identification protocol
ISC'10 Proceedings of the 13th international conference on Information security
Breaking undercover: exploiting design flaws and nonuniform human behavior
Proceedings of the Seventh Symposium on Usable Privacy and Security
Shoulder surfing defence for recall-based graphical passwords
Proceedings of the Seventh Symposium on Usable Privacy and Security
Shoulder-Surfing safe login in a partially observable attacker model
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
On the security of a two-factor authentication scheme
WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices
Graphical passwords: Learning from the first twelve years
ACM Computing Surveys (CSUR)
Quantifying the security of graphical passwords: the case of android unlock patterns
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
WebCallerID: Leveraging cellular networks for Web authentication
Journal of Computer Security
| Hi-index | 0.00 |
We present attacks against two cognitive authentication schemes [9] proposed at the 2006 IEEE Symposium on Security and Privacy. These authentication schemes are designed to be secure against eavesdropping attacks while relying only on human cognitive skills. They achieve authentication via challenge response protocols based on a shared secret set of pictures. Our attacks use a SAT solver to recover a user's secret key in a few seconds, after observing only a small number of successful logins. These attacks demonstrate that the authentication schemes of [9] are not secure against an eavesdropping adversary.