2/2016 - 10 |
Optimizing Decision Tree Attack on CAS SchemePERKOVIC, T. , BUGARIC, M. , CAGALJ, M. |
Extra paper information in |
Click to see author's profile in SCOPUS, IEEE Xplore, Web of Science |
Download PDF (1,372 KB) | Citation | Downloads: 997 | Views: 3,210 |
Author keywords
AC voltage regulator, buck-boost converter, PWM, THD
References keywords
security(15), human(10), authentication(10), systems(6), surfing(6), entry(6), secure(5), privacy(5), computing(5), attacks(5)
No common words between the references section and the paper title.
About this article
Date of Publication: 2016-05-31
Volume 16, Issue 2, Year 2016, On page(s): 69 - 74
ISSN: 1582-7445, e-ISSN: 1844-7600
Digital Object Identifier: 10.4316/AECE.2016.02010
Web of Science Accession Number: 000376996100010
SCOPUS ID: 84974806863
Abstract
In this paper we show a successful side-channel timing attack on a well-known high-complexity cognitive authentication (CAS) scheme. We exploit the weakness of CAS scheme that comes from the asymmetry of the virtual interface and graphical layout which results in nonuniform human behavior during the login procedure, leading to detectable variations in user's response times. We optimized a well-known probabilistic decision tree attack on CAS scheme by introducing this timing information into the attack. We show that the developed classifier could be used to significantly reduce the number of login sessions required to break the CAS scheme. |
References | | | Cited By «-- Click to see who has cited this paper |
[1] F. Tari, A. A. Ozok, and S. H. Holden, "A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords," in Proc. Symposium on Usable Privacy and Security, ser. SOUPS. ACM, 2006, pp. 56-66 [CrossRef] [SCOPUS Times Cited 173] [2] M. Backes, M. Durmuth, and D. Unruh, "Compromising reflections-or-how to read LCD monitors around the corner," in IEEE Symposium on Security and Privacy, 2008, pp. 158-169. [CrossRef] [Web of Science Times Cited 54] [SCOPUS Times Cited 87] [3] M. Cagalj, T. Perkovic, M. Bugaric, "Timing attacks on cognitive authentication schemes," in IEEE Transactions on Information Forensics and Security, Vol. 10(3), pp. 584 - 596, 2015. [CrossRef] [Web of Science Times Cited 16] [SCOPUS Times Cited 20] [4] L. Zhuang, F. Zhou, and J. D. Tygar, "Keyboard acoustic emanations revisited," in CCS: Proc. ACM Conf. Computer and Communications Security, 2005. [CrossRef] [SCOPUS Times Cited 116] [5] T. Perkovic, S. Li, A. Mumtaz, S. A. Khayam, Y. Javed, and M. Cagalj, "Breaking Undercover: exploiting design flaws and nonuniform human behavior," in SOUPS - Symposium On Usable Privacy and Security, 2011, p. 15. [CrossRef] [SCOPUS Times Cited 12] [6] D. Weinshall, "Cognitive authentication schemes safe against spyware (short paper)," in Proc. IEEE Symposium on Security and Privacy, ser. SP, 2006, pp. 295-300. [7] P. Golle and D. Wagner, "Cryptanalysis of a cognitive authentication scheme (extended abstract)," in Proc. IEEE Symposium on Security and Privacy, ser. S&P, 2007, pp. 66-70. [CrossRef] [Web of Science Times Cited 33] [SCOPUS Times Cited 58] [8] Q. Yan, J. Han, Y. LI, and R. Deng, H., "On limitations of designing usable leakage-resilient password systems: attacks, principles and usability," in Network & Distributed System Security Symposium (NDSS), Distinguisged Paper Award, 2012. [9] V. Roth, K. Richter, and R. Freidinger, "A PIN-entry method resilient against shoulder surfing," in Proc. ACM Conf. Computer and Communications Security, ser. CCS. ACM, 2004, pp. 236-245. [CrossRef] [SCOPUS Times Cited 232] [10] M.-K. Lee, "Security notions and advanced method for human shoulder-surfing resistant PIN-entry," in IEEE Trans. Inf. Forensics and Security, vol. 9, no. 4, 2014. [CrossRef] [Web of Science Times Cited 49] [SCOPUS Times Cited 65] [11] A. D. Luca, K. Hertzschuch, and H. Hussmann, "ColorPIN: securing PIN entry through indirect input." in CHI. ACM, 2010. [12] E. Zezschwitz, A. D. Luca, B. Brunkow and H. Hussmann, "SwiPIN: fast and secure PIN-entry on smartphones," in ACM Proceedings of the Conference on Human Factors in Computing Systems, CHI. pp. 1403-1406, 2015. [CrossRef] [Web of Science Times Cited 67] [SCOPUS Times Cited 86] [13] T. Kwon and J. Hong, "Analysis and improvement of a PIN-entry method resilient to shoulder-surfing and recording attacks", in IEEE Trans. Inf. Forensics and Security, vol. 10, no. 2, pp. 278-292, 2015. [CrossRef] [Web of Science Times Cited 30] [SCOPUS Times Cited 41] [14] A. Bianchi, I. Oakley, and D. S. Kwon, "The secure haptic keypad: a tactile password system," in Proc. SIGCHI Conf. Human Factors in Computing Systems, ser. CHI. ACM, 2010, pp. 1089-1092. [CrossRef] [SCOPUS Times Cited 59] [15] A. Bianchi, I. Oakley, and D.-S. Kwon, "Counting clicks and beeps: exploring numerosity based haptic and audio PIN entry." Interacting with Computers, vol. 24, no. 5, pp. 409-422, 2012. [CrossRef] [Web of Science Times Cited 37] [SCOPUS Times Cited 51] [16] A. Bianchi, "Spinlock: a single-cue haptic and audio PIN input technique for authentication." in Haptic and Audio Interaction Design, vol. 6851. Springer, 2011, pp. 81-90. [CrossRef] [SCOPUS Times Cited 36] [17] N. Hopper and M. Blum, "Secure human identification protocols," in Proc. Int. Conf. on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, ser. ASIACRYPT, 2001. [CrossRef] [SCOPUS Times Cited 411] [18] S. Li and H.-Y. Shum, "Secure human-computer identification (interface) systems against peeping attacks: SecHCI. Cryptology ePrint Archive, Report 2005/268," 2005. [19] H. J. Asghar, J. Pieprzyk, and H. Wang, "A new human identification protocol and coppersmith's baby-step giant-step algorithm." in Applied Cryptography and Network Security. Springer, 2010. [CrossRef] [SCOPUS Times Cited 22] [20] S. Wiedenbeck, J. Waters, L. Sobrado, and J.-C. Birget, "Design and evaluation of a shoulder-surfing resistant graphical password scheme," in Proc. Working Conf. Advanced Visual Interfaces, ser. AVI '06. ACM, 2006, pp. 177-184. [CrossRef] [SCOPUS Times Cited 287] [21] H. Zhao and X. Li, "S3PAS: A scalable shoulder-surfing resistant textual-graphical password authentication scheme," in Proc. Int. Conf. Advanced Information Networking and Applications Workshops - Volume 02, ser. AINAW, 2007. [CrossRef] [SCOPUS Times Cited 120] [22] R. Kuber and W. Yu, "Authentication using tactile feedback," in Interactive Experiences, HCI, London, UK, 2006. [23] H. Sasamoto, N. Christin, and E. Hayashi, "Undercover: authentication usable in front of prying eyes," in Proc. Conf. Human Factors in Computing Systems, ser. CHI '08, 2008. [CrossRef] [SCOPUS Times Cited 80] [24] A. De Luca, E. von Zezschwitz, and H. Hussmann, "VibraPass: secure authentication based on shared lies," in Proc. SIGCHI Conf. Human Factors in Computing Systems, ser. CHI. ACM, 2009, pp. 913-916. [CrossRef] [SCOPUS Times Cited 87] [25] M. Hasegawa, N. Christin, and E. Hayashi, "New directions in multisensory authentication," in Proc. Int. Conf. Pervasive Computing (Pervasive), 2009. [CrossRef] [26] H. J. Asghar, R. Steinfeld, S. Li, M. Ali Kaafar and J. Pieprzyk, "On the linearization of human identification protocols: attacks based on linear algebra, coding theory and lattices," in IEEE Transactions on Information Forensics and Security, Vol. 10, no. 8, pp. 1643-1655, 2015. [CrossRef] [Web of Science Times Cited 8] [SCOPUS Times Cited 11] [27] L. Catuogno and C. Galdi, "A graphical PIN authentication mechanism with applications to smart cards and low-cost devices," in WISTP, Lecture Notes in Computer Science, 2008. [CrossRef] [SCOPUS Times Cited 13] [28] R. Whelan, "Effective analysis of reaction time data," The Psychological Record, vol. 58, pp. 475-482, 2008. Web of Science® Citations for all references: 294 TCR SCOPUS® Citations for all references: 2,067 TCR Web of Science® Average Citations per reference: 10 ACR SCOPUS® Average Citations per reference: 71 ACR TCR = Total Citations for References / ACR = Average Citations per Reference We introduced in 2010 - for the first time in scientific publishing, the term "References Weight", as a quantitative indication of the quality ... Read more Citations for references updated on 2024-11-21 22:34 in 151 seconds. Note1: Web of Science® is a registered trademark of Clarivate Analytics. Note2: SCOPUS® is a registered trademark of Elsevier B.V. Disclaimer: All queries to the respective databases were made by using the DOI record of every reference (where available). Due to technical problems beyond our control, the information is not always accurate. Please use the CrossRef link to visit the respective publisher site. |
Faculty of Electrical Engineering and Computer Science
Stefan cel Mare University of Suceava, Romania
All rights reserved: Advances in Electrical and Computer Engineering is a registered trademark of the Stefan cel Mare University of Suceava. No part of this publication may be reproduced, stored in a retrieval system, photocopied, recorded or archived, without the written permission from the Editor. When authors submit their papers for publication, they agree that the copyright for their article be transferred to the Faculty of Electrical Engineering and Computer Science, Stefan cel Mare University of Suceava, Romania, if and only if the articles are accepted for publication. The copyright covers the exclusive rights to reproduce and distribute the article, including reprints and translations.
Permission for other use: The copyright owner's consent does not extend to copying for general distribution, for promotion, for creating new works, or for resale. Specific written permission must be obtained from the Editor for such copying. Direct linking to files hosted on this website is strictly prohibited.
Disclaimer: Whilst every effort is made by the publishers and editorial board to see that no inaccurate or misleading data, opinions or statements appear in this journal, they wish to make it clear that all information and opinions formulated in the articles, as well as linguistic accuracy, are the sole responsibility of the author.