|2/2016 - 10|
Optimizing Decision Tree Attack on CAS SchemePERKOVIC, T. , BUGARIC, M. , CAGALJ, M.
|Click to see author's profile in SCOPUS, IEEE Xplore, Web of Science|
|Download PDF (1,372 KB) | Citation | Downloads: 311 | Views: 1,821|
AC voltage regulator, buck-boost converter, PWM, THD
security(15), human(10), authentication(10), systems(6), surfing(6), entry(6), secure(5), privacy(5), computing(5), attacks(5)
No common words between the references section and the paper title.
About this article
Date of Publication: 2016-05-31
Volume 16, Issue 2, Year 2016, On page(s): 69 - 74
ISSN: 1582-7445, e-ISSN: 1844-7600
Digital Object Identifier: 10.4316/AECE.2016.02010
Web of Science Accession Number: 000376996100010
SCOPUS ID: 84974806863
In this paper we show a successful side-channel timing attack on a well-known high-complexity cognitive authentication (CAS) scheme. We exploit the weakness of CAS scheme that comes from the asymmetry of the virtual interface and graphical layout which results in nonuniform human behavior during the login procedure, leading to detectable variations in user's response times. We optimized a well-known probabilistic decision tree attack on CAS scheme by introducing this timing information into the attack. We show that the developed classifier could be used to significantly reduce the number of login sessions required to break the CAS scheme.
|References|||||Cited By «-- Click to see who has cited this paper|
| F. Tari, A. A. Ozok, and S. H. Holden, "A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords," in Proc. Symposium on Usable Privacy and Security, ser. SOUPS. ACM, 2006, pp. 56-66 |
[CrossRef] [SCOPUS Times Cited 122]
 M. Backes, M. Durmuth, and D. Unruh, "Compromising reflections-or-how to read LCD monitors around the corner," in IEEE Symposium on Security and Privacy, 2008, pp. 158-169.
[CrossRef] [Web of Science Times Cited 27] [SCOPUS Times Cited 56]
 M. Cagalj, T. Perkovic, M. Bugaric, "Timing attacks on cognitive authentication schemes," in IEEE Transactions on Information Forensics and Security, Vol. 10(3), pp. 584 - 596, 2015.
[CrossRef] [Web of Science Times Cited 10] [SCOPUS Times Cited 13]
 L. Zhuang, F. Zhou, and J. D. Tygar, "Keyboard acoustic emanations revisited," in CCS: Proc. ACM Conf. Computer and Communications Security, 2005.
[CrossRef] [SCOPUS Times Cited 88]
 T. Perkovic, S. Li, A. Mumtaz, S. A. Khayam, Y. Javed, and M. Cagalj, "Breaking Undercover: exploiting design flaws and nonuniform human behavior," in SOUPS - Symposium On Usable Privacy and Security, 2011, p. 15.
[CrossRef] [SCOPUS Times Cited 8]
 D. Weinshall, "Cognitive authentication schemes safe against spyware (short paper)," in Proc. IEEE Symposium on Security and Privacy, ser. SP, 2006, pp. 295-300.
 P. Golle and D. Wagner, "Cryptanalysis of a cognitive authentication scheme (extended abstract)," in Proc. IEEE Symposium on Security and Privacy, ser. S&P, 2007, pp. 66-70.
[CrossRef] [Web of Science Times Cited 28] [SCOPUS Times Cited 54]
 Q. Yan, J. Han, Y. LI, and R. Deng, H., "On limitations of designing usable leakage-resilient password systems: attacks, principles and usability," in Network & Distributed System Security Symposium (NDSS), Distinguisged Paper Award, 2012.
 V. Roth, K. Richter, and R. Freidinger, "A PIN-entry method resilient against shoulder surfing," in Proc. ACM Conf. Computer and Communications Security, ser. CCS. ACM, 2004, pp. 236-245.
[CrossRef] [SCOPUS Times Cited 178]
 M.-K. Lee, "Security notions and advanced method for human shoulder-surfing resistant PIN-entry," in IEEE Trans. Inf. Forensics and Security, vol. 9, no. 4, 2014.
[CrossRef] [Web of Science Times Cited 29] [SCOPUS Times Cited 43]
 A. D. Luca, K. Hertzschuch, and H. Hussmann, "ColorPIN: securing PIN entry through indirect input." in CHI. ACM, 2010.
 E. Zezschwitz, A. D. Luca, B. Brunkow and H. Hussmann, "SwiPIN: fast and secure PIN-entry on smartphones," in ACM Proceedings of the Conference on Human Factors in Computing Systems, CHI. pp. 1403-1406, 2015.
[CrossRef] [Web of Science Times Cited 22] [SCOPUS Times Cited 40]
 T. Kwon and J. Hong, "Analysis and improvement of a PIN-entry method resilient to shoulder-surfing and recording attacks", in IEEE Trans. Inf. Forensics and Security, vol. 10, no. 2, pp. 278-292, 2015.
[CrossRef] [Web of Science Times Cited 13] [SCOPUS Times Cited 23]
 A. Bianchi, I. Oakley, and D. S. Kwon, "The secure haptic keypad: a tactile password system," in Proc. SIGCHI Conf. Human Factors in Computing Systems, ser. CHI. ACM, 2010, pp. 1089-1092.
[CrossRef] [SCOPUS Times Cited 46]
 A. Bianchi, I. Oakley, and D.-S. Kwon, "Counting clicks and beeps: exploring numerosity based haptic and audio PIN entry." Interacting with Computers, vol. 24, no. 5, pp. 409-422, 2012.
[CrossRef] [Web of Science Times Cited 22] [SCOPUS Times Cited 36]
 A. Bianchi, "Spinlock: a single-cue haptic and audio PIN input technique for authentication." in Haptic and Audio Interaction Design, vol. 6851. Springer, 2011, pp. 81-90.
[CrossRef] [SCOPUS Times Cited 25]
 N. Hopper and M. Blum, "Secure human identification protocols," in Proc. Int. Conf. on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, ser. ASIACRYPT, 2001.
[CrossRef] [SCOPUS Times Cited 348]
 S. Li and H.-Y. Shum, "Secure human-computer identification (interface) systems against peeping attacks: SecHCI. Cryptology ePrint Archive, Report 2005/268," 2005.
 H. J. Asghar, J. Pieprzyk, and H. Wang, "A new human identification protocol and coppersmith's baby-step giant-step algorithm." in Applied Cryptography and Network Security. Springer, 2010.
[CrossRef] [SCOPUS Times Cited 15]
 S. Wiedenbeck, J. Waters, L. Sobrado, and J.-C. Birget, "Design and evaluation of a shoulder-surfing resistant graphical password scheme," in Proc. Working Conf. Advanced Visual Interfaces, ser. AVI '06. ACM, 2006, pp. 177-184.
[CrossRef] [SCOPUS Times Cited 222]
 H. Zhao and X. Li, "S3PAS: A scalable shoulder-surfing resistant textual-graphical password authentication scheme," in Proc. Int. Conf. Advanced Information Networking and Applications Workshops - Volume 02, ser. AINAW, 2007.
[CrossRef] [SCOPUS Times Cited 95]
 R. Kuber and W. Yu, "Authentication using tactile feedback," in Interactive Experiences, HCI, London, UK, 2006.
 H. Sasamoto, N. Christin, and E. Hayashi, "Undercover: authentication usable in front of prying eyes," in Proc. Conf. Human Factors in Computing Systems, ser. CHI 08, 2008.
[CrossRef] [SCOPUS Times Cited 65]
 A. De Luca, E. von Zezschwitz, and H. Hussmann, "VibraPass: secure authentication based on shared lies," in Proc. SIGCHI Conf. Human Factors in Computing Systems, ser. CHI. ACM, 2009, pp. 913-916.
[CrossRef] [SCOPUS Times Cited 66]
 M. Hasegawa, N. Christin, and E. Hayashi, "New directions in multisensory authentication," in Proc. Int. Conf. Pervasive Computing (Pervasive), 2009.
 H. J. Asghar, R. Steinfeld, S. Li, M. Ali Kaafar and J. Pieprzyk, "On the linearization of human identification protocols: attacks based on linear algebra, coding theory and lattices," in IEEE Transactions on Information Forensics and Security, Vol. 10, no. 8, pp. 1643-1655, 2015.
[CrossRef] [Web of Science Times Cited 4] [SCOPUS Times Cited 6]
 L. Catuogno and C. Galdi, "A graphical PIN authentication mechanism with applications to smart cards and low-cost devices," in WISTP, Lecture Notes in Computer Science, 2008.
[CrossRef] [SCOPUS Times Cited 11]
 R. Whelan, "Effective analysis of reaction time data," The Psychological Record, vol. 58, pp. 475-482, 2008.
Web of Science® Citations for all references: 155 TCR
SCOPUS® Citations for all references: 1,560 TCR
Web of Science® Average Citations per reference: 5 ACR
SCOPUS® Average Citations per reference: 54 ACR
TCR = Total Citations for References / ACR = Average Citations per Reference
We introduced in 2010 - for the first time in scientific publishing, the term "References Weight", as a quantitative indication of the quality ... Read more
Citations for references updated on 2020-05-26 17:58 in 156 seconds.
Note1: Web of Science® is a registered trademark of Clarivate Analytics.
Note2: SCOPUS® is a registered trademark of Elsevier B.V.
Disclaimer: All queries to the respective databases were made by using the DOI record of every reference (where available). Due to technical problems beyond our control, the information is not always accurate. Please use the CrossRef link to visit the respective publisher site.
Faculty of Electrical Engineering and Computer Science
Stefan cel Mare University of Suceava, Romania
All rights reserved: Advances in Electrical and Computer Engineering is a registered trademark of the Stefan cel Mare University of Suceava. No part of this publication may be reproduced, stored in a retrieval system, photocopied, recorded or archived, without the written permission from the Editor. When authors submit their papers for publication, they agree that the copyright for their article be transferred to the Faculty of Electrical Engineering and Computer Science, Stefan cel Mare University of Suceava, Romania, if and only if the articles are accepted for publication. The copyright covers the exclusive rights to reproduce and distribute the article, including reprints and translations.
Permission for other use: The copyright owner's consent does not extend to copying for general distribution, for promotion, for creating new works, or for resale. Specific written permission must be obtained from the Editor for such copying. Direct linking to files hosted on this website is strictly prohibited.
Disclaimer: Whilst every effort is made by the publishers and editorial board to see that no inaccurate or misleading data, opinions or statements appear in this journal, they wish to make it clear that all information and opinions formulated in the articles, as well as linguistic accuracy, are the sole responsibility of the author.