Graphical passwords are a promising research branch, but implementation of many proposed schemes often requires considerable resources (e.g., data storage, high quality displays) making difficult their usage on small devices, such as old-fashioned ATM terminals. Furthermore, most of the time, such schemes lack a careful security analysis. In this paper, we analyze the security and usability for an authentication mechanism that can be instantiated as a graphical password scheme. We model the information an adversary might extract by analyzing the transcripts of authentication sessions as a boolean formula. Our experiments show that the time needed by a passive adversary to extract the user secret in the last presented protocol grows exponentially in the system parameter, giving evidence of the security of the proposed scheme.
Analysis of a two-factor graphical password scheme
CATUOGNO, Luigi;
2014-01-01
Abstract
Graphical passwords are a promising research branch, but implementation of many proposed schemes often requires considerable resources (e.g., data storage, high quality displays) making difficult their usage on small devices, such as old-fashioned ATM terminals. Furthermore, most of the time, such schemes lack a careful security analysis. In this paper, we analyze the security and usability for an authentication mechanism that can be instantiated as a graphical password scheme. We model the information an adversary might extract by analyzing the transcripts of authentication sessions as a boolean formula. Our experiments show that the time needed by a passive adversary to extract the user secret in the last presented protocol grows exponentially in the system parameter, giving evidence of the security of the proposed scheme.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
