Add to ORKGClassical password/PIN-based authentication methods have proven to be vulnerable to a broad range of observation attacks (such as key-logging, video-recording or shoulder surfing attacks). In order to mitigate these attacks, a number of solutions have been proposed, most of them being cognitive authentication schemes (challenge-response protocols that require users to perform some kind of cognitive operations). In this paper we show successful passive side-channel timing attacks on two cognitive authentication schemes, a well-known Hopper-Blum (HB) protocol and a US patent Mod10 method, previously believed to be secure against observation attacks. As we show, the main security weakness of these methods comes from detectable variations in th...
There are several vulnerabilities in computing systems hardware that can be exploited by attackers t...
Pinkas and Sander's (2002) login protocol protects against online guessing attacks by employing huma...
When the running time of a cryptographic algorithm is non-constant, timing measurements can leak inf...
We present attacks against two cognitive authentication schemes [9] proposed at the 2006 IEEE Sympos...
Observation Resilient Authentication Schemes (ORAS) are a class of shared secret challenge–response ...
We present attacks against two cognitive authentication schemes [3] recently proposed at the 2006 I...
Classical PIN-entry methods are vulnerable to a broad class of observation attacks (shoulder surfing...
In this work, we argue that the usage of computationally intensive mathematical operations in passwo...
This paper proposes the first user-independent inter-keystroke timing attacks on PINs. Our attack me...
The objective is not protected the authentication process against the shoulder surfing attacker who ...
In this work we consider two protocols for performing cryptanalysis and security enhancement. The fi...
The intent of this paper is to propose an efficient timestamp-based password authentication scheme u...
The intent of this letter is to propose an efficient timestamp based password authentication scheme ...
The intent of this letter is to propose an efficient timestamp based password authentication scheme ...
Abstract. In this work we consider two protocols for performing crypt-analysis and security enhancem...
There are several vulnerabilities in computing systems hardware that can be exploited by attackers t...
Pinkas and Sander's (2002) login protocol protects against online guessing attacks by employing huma...
When the running time of a cryptographic algorithm is non-constant, timing measurements can leak inf...
We present attacks against two cognitive authentication schemes [9] proposed at the 2006 IEEE Sympos...
Observation Resilient Authentication Schemes (ORAS) are a class of shared secret challenge–response ...
We present attacks against two cognitive authentication schemes [3] recently proposed at the 2006 I...
Classical PIN-entry methods are vulnerable to a broad class of observation attacks (shoulder surfing...
In this work, we argue that the usage of computationally intensive mathematical operations in passwo...
This paper proposes the first user-independent inter-keystroke timing attacks on PINs. Our attack me...
The objective is not protected the authentication process against the shoulder surfing attacker who ...
In this work we consider two protocols for performing cryptanalysis and security enhancement. The fi...
The intent of this paper is to propose an efficient timestamp-based password authentication scheme u...
The intent of this letter is to propose an efficient timestamp based password authentication scheme ...
The intent of this letter is to propose an efficient timestamp based password authentication scheme ...
Abstract. In this work we consider two protocols for performing crypt-analysis and security enhancem...
There are several vulnerabilities in computing systems hardware that can be exploited by attackers t...
Pinkas and Sander's (2002) login protocol protects against online guessing attacks by employing huma...
When the running time of a cryptographic algorithm is non-constant, timing measurements can leak inf...
