Breaking randomized linear generation functions based virtual password system

IEEE International Conference on Communications

Volumn , Issue , 2010, Pages

  Li, Shujun ^a   Khayam, Syed Ali ^b   Sadeghi, Ahmad Reza ^c   Schmitz, Roland ^d  

^a UNIVERSITY OF KONSTANZ   (Germany)

^b NATIONAL UNIVERSITY OF SCIENCES AND TECHNOLOGY NUST   (Pakistan)

^c RUHR UNIVERSITY BOCHUM   (Germany)

^d STUTTGART MEDIA UNIVERSITY   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

AUTHENTICATION SYSTEMS; CHALLENGE RESPONSE PROTOCOLS; HIGH PROBABILITY; IDENTITY THEFT; PASSWORD SYSTEMS; PHISHING; SHOULDER SURFING; USER AUTHENTICATION; USER AUTHENTICATION SYSTEMS;

NETWORK PROTOCOLS; NETWORK SECURITY;

AUTHENTICATION;

EID: 77955388623     PISSN: 05361486     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICC.2010.5502416     Document Type: Conference Paper

References (37)

1. A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography. CRC Press, 1996.
2. M. Jakobsson and S. Myers, Eds., Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft. John Wiley & Sons, Inc., January 2007. [Online]. Available: http://phishing-and- countermeasures.com
3. J. Aycock, Computer Viruses and Malware. Springer, 2006.
4. Wikipedia, "Shoulder surfing (computer security)," http://en.wikipedia.org/wiki/Shoulder-surfing-(computer-security), 2009.
5. T. Matsumoto and H. Imai, "Human identification through insecure channel," in Advances in Cryptology - EUROCRYPT'91, ser. Lecture Notes in Computer Science, D. Davies, Ed., vol. 547. Berlin: Springer-Verlag, 1991, pp. 409-421.
6. S. Li and H.-Y. Shum, "Secure human-computer identification against peeping attacks (SecHCI): A survey," Technical report, 2003. [Online]. Available: http://www.hooklee.com/Papers/SecHCI.pdf
7. M. Lei, Y. Xiao, S. V. Vrbsky, C.-C. Li, and L. Liu, "A virtual password scheme to protect passwords," in Proceedings of IEEE International Conference on Communications (ICC'2008). IEEE, 2008, pp. 1536-1540.
8. M. Lei, Y. Xiao, S. V. Vrbsky, and C.-C. Li, "Virtual password using random linear functions for on-line services, ATM machines, and pervasive computing," Computer Communications, vol. 31, no. 18, pp. 4367-4375, 2008.
9. Y. Xiao, C.-C. Li, M. Lei, and S. V. Vrbsky, "Secret little functions and codebook for protecting users from password theft," in Proceedings of IEEE International Conference on Communications (ICC'2008). IEEE, 2008, pp. 1525-1529.
10. J. A. Haskett, "Pass-algorithms: A user validation scheme based on knowledge of secret algorithms," Communications of the ACM, vol. 27, no. 8, pp. 777-781, 1984.
11. M. Szydlowski, C. Kruegel, and E. Kirda, "Secure input for web applications," in Proceedings of 23rd Annual Computer Security Applications Conference (ACSAC'2007), 2007, pp. 375-384.
12. B. Coskun and C. Herley, "Can 'something you know' be saved?" in Information Security (Proceedings of ISC 2008), ser. Lecture Notes in Computer Science, T.-C. Wu, Ed., vol. 5222. Berlin / Heidelberg: Springer, 2008, pp. 421-440.
13. S. Li and H.-Y. Shum, "Secure human-computer identification (interface) systems against peeping attacks: SecHCI," IACR's Cryptology ePrint Archive: Report 2005/268, http://eprint.iacr.org/2005/268, August 2005. [Online]. Available: http://www.hooklee.com/Papers/SecHCI-Survey.pdf
14. X.-Y. Li and S.-H. Teng, "Practical human-machine identification over insecure channels," Journal of Combinatorial Optimization, vol. 3, no. 4, pp. 347-361, 1999.
15. D. Weinshall, "Cognitive authentication schemes safe against spyware (short paper)," in Proceedings of IEEE Symposium on Security and Privacy (S&P'2006). IEEE Computer Society, 2006, pp. 295-300.
16. S. Wiedenbeck, J. Waters, L. Sobrado, and J.-C. Birget, "Design and evaluation of a shoulder-surfing resistant graphical password scheme," in Proceedings of Working Conference on Advanced Visual Interfaces (AVI'2006). Venezia, Italy: ACM, 2006, pp. 177-184.
17. H. Zhao and X. Li, "S3PAS: A scalable shoulder-surfing resistant textual-graphical password authentication scheme," in Proceedings of 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'2007), vol. 2. IEEE Computer Society, 2007, pp. 467-472.
18. H. Jameel, R. Shaikh, H. Lee, and S. Lee, "Human identification through image evaluation using secret predicates," in Topics in Cryptology - CTRSA 2007, ser. Lecture Notes in Computer Science, vol. 4377. Berlin / Heidelberg: Springer, 2007, pp. 67-84.
19. H. Jameel, R. Shaikh, L. Hung, Y. Wei, S. Raazi, N. Canh, S. Lee, H. Lee, Y. Son, and M. Fernandes, "Image-feature based human identification protocols on limited display devices," in Information Security Applications (Revised Selected Papers of WISA 2008), ser. Lecture Notes in Computer Science, vol. 5379. Berlin / Heidelberg: Springer, 2009, pp. 211-224.
20. H. Sasamoto, N. Christin, and E. Hayashi, "Undercover: Authentication usable in front of prying eyes," in Proceeding of 26th Annual SIGCHI Conference on Human Factors in Computing Systems (CHI'2008). ACM, 2008, pp. 183-192.
21. X. Bai, W. Gu, S. Chellappan, X. Wang, D. Xuan, and B. Ma, "PAS: predicate-based authentication services against powerful passive adversaries," in Proceedings of Annual Computer Security Applications Conference (ACSAC'2008). IEEE Computer Society, 2008, pp. 433-442.
22. K. Dunham, Mobile Malware Attacks and Defense. Syngress Publishing, Inc., 2008.
23. T. Matsumoto, "Human-computer cryptography: An attempt," in Proceedings of 3rd ACM Conference on Computer and Communications Security (CCS'96). ACM, 1996, pp. 68-75.
24. C.-H. Wang, T. Hwang, and J.-J. Tsai, "On the Matsumoto and Imai's human identification scheme," in Advances in Cryptology - EUROCRYPT' 95, ser. Lecture Notes in Computer Science, vol. 921. Berlin / Heidelberg: Springer, 1995, pp. 382-392.
25. P. Golle and D. Wagner, "Cryptanalysis of a cognitive authentication scheme (extended abstract)," in Proceedings of IEEE Symposium on Security and Privacy (S&P'2007). IEEE Computer Society, 2007, pp. 66-70.
26. S. Li, H. J. Asghar, J. Pieprzyk, A.-R. Sadeghi, R. Schmitz, and H.Wang, "On the security of PAS (predicate-based authentication service)," in Proceedings of 25th Annual Computer Security Applications Conference (ACSAC'2009). IEEE Computer Society, 2009, pp. 209-218.
27. N. J. Hopper and M. Blum, "Secure human identification protocols," in Advances in Cryptology - ASIACRYPT 2001, ser. Lecture Notes in Computer Science, C. Boyd, Ed., vol. 2248. Springer-Verlag, Berlin, 2001, pp. 52-66.
28. R. Dhamija and A. Perrig, "Déjà Vu: A user study using images for authentication," in Proceedings of 9th USENIX Security Symposium. USENIX Association, 2000, pp. 45-58.
29. V. Roth, K. Richter, and R. Freidinger, "A PIN-entry method resilient against shoulder surfing," in Proceedings of 11th ACM Conference on Computer and Communications Security (CCS'2004). ACM, 2004, pp. 236-245.
30. Z. Li, Q. Sun, Y. Lian, and D. D. Giusto, "An association-based graphical password design resistant to shoulder-surfing attack," in Proceedings of the 2005 IEEE International Conference on Multimedia and Expo (ICME'2005). IEEE, 2005, pp. 245-248.
31. F. Tari, A. A. Ozok, and S. H. Holden, "A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords," in Proceedings of 2nd Symposium on Usable Privacy and Security (SOUPS'2006). Pittsburgh, Pennsylvania: ACM, 2006, pp. 56-66.
32. A. Harada, T. Isarida, T. Mizuno, and M. Nishigaki, "A user authentication system using schema of visual memory," in Biologically Inspired Approaches to Advanced Information Technology (Proceedings of BioADIT 2006), ser. Lecture Notes in Computer Science, A. J. Ijspeert, T. Masuzawa, and S. Kusumoto, Eds., vol. 3853. Berlin / Heidelberg: Springer, 2006, pp. 338-345.
33. D. Lin, P. Dunphy, P. Olivier, and J. Yan, "Graphical passwords & qualitative spatial relations," in Proceedings of 3rd Symposium on Usable Privacy and Security (SOUPS'2007). Pittsburgh, Pennsylvania: ACM, 2007, pp. 161-162.
34. E. Hayashi, R. Dhamija, N. Christin, and A. Perrig, "Use Your Illusion: Secure authentication usable anywhere," in Proceedings of 4th Symposium on Usable Privacy and Security (SOUPS'2008). Pittsburgh, Pennsylvania: ACM, 2008, pp. 35-45.
35. A. D. Luca and B. Frauendienst, "A privacy-respectful input method for public terminals," in Proceedings of 5th Nordic Conference on Human-Computer Interaction: Building Bridges (NordiCHI'2008). Lund, Sweden: ACM, 2008, pp. 455-458.
36. M. Hasegawa, N. Christin, and E. Hayashi, "New directions in multisensory authentication," in Adjunct Proceedings of the 7th International Conference on Pervasive Computing (Pervasive'2009). ACM, 2009, pp. 103-106.
37. A. D. Luca, E. von Zezschwitz, and H. Hußmann, "VibraPass - secure authentication based on shared lies," in Proceedings of 27th International Conference on Human Factors in Computing Systems (CHI'2009). ACM, 2009, pp. 913-916.