Sciweavers

HICSS
2009
IEEE

A Theoretical Framework for Assessing Eavesdropping-Resistant Authentication Interfaces

14 years 6 months ago
A Theoretical Framework for Assessing Eavesdropping-Resistant Authentication Interfaces
A simple theoretical framework is developed to evaluate the security and usability of eavesdroppingresistant authentication schemes. Such schemes strive to allow users to authenticate without disclosing the user’s credentials to an eavesdropper, while using only standard computer hardware (monitor, keyboard and mouse). We find that schemes based on shared secrets and standard computer hardware are unable to deliver real security advantages. For all the schemes reported to date, an attacker can collect all the needed information within ten observations of successful authentications. Shared secret schemes can provide security only if the space of possible shared secrets is extensive enough to prevent an exhaustive search. In turn, this complexity of the shared secrets space is already limited by usability considerations, and cannot be increased further. Thus, for truly user-friendly interfaces resistant to eavesdropping attacks, shared secrets must be combined with other authentication...
Bogdan Hoanca, Kenrick J. Mock
Added 19 May 2010
Updated 19 May 2010
Type Conference
Year 2009
Where HICSS
Authors Bogdan Hoanca, Kenrick J. Mock
Comments (0)