loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Hélène Le Bouder 1 ; Gaël Thomas 2 ; Edwin Bourget 1 ; Mariem Graa 1 ; Nora Cuppens 1 and Jean-Louis Lanet 3

Affiliations: 1 IMT-Atlantique SRCD, Cesson-Sévigné and France ; 2 DGA Maitrise de l’Information, Bruz and France ; 3 High Security Laboratory - INRIA, Rennes and France

Keyword(s): PIN Code, Human Semantic Authentication Protocol, Graphical Password, Shoulder Surfing Attack, Dynamic Password, Authentication.

Related Ontology Subjects/Areas/Topics: Identification, Authentication and Non-Repudiation ; Information and Systems Security ; Security and Privacy in Mobile Systems ; Security Protocols ; Software Security

Abstract: Using a secret password or a PIN (Personal Identification Number) code is a common way to authenticate a user. Unfortunately this protection does not resist an attacker that can eavesdrop on the user (shoulder surfing attack). The Human Semantic Authentication (HSA) protocol proposes a solution against this attack. The main idea is to have concept passwords and to propose images that the user must correctly select in order to authenticate. A concept can be represented by different pictures, so one observation is not enough to retrieve the secret. In this paper, the security/efficiency trade-off in the HSA protocol is evaluated. A probabilistic approach is used. Under the assumption that the picture/concept database is known to the attacker, we show that HSA is barely more resistant to shoulder surfing attacks than a PIN code. More precisely we show that the probability to retrieve the secret concept password increases rapidly with the number of observations. Moreover the constraints on the size of the picture/concept database are very difficult to satisfy in practice. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.87.11.93

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Le Bouder, H.; Thomas, G.; Bourget, E.; Graa, M.; Cuppens, N. and Lanet, J. (2018). Theoretical Security Evaluation of the Human Semantic Authentication Protocol. In Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - SECRYPT; ISBN 978-989-758-319-3; ISSN 2184-3236, SciTePress, pages 332-339. DOI: 10.5220/0006841704980505

@conference{secrypt18,
author={Hélène {Le Bouder}. and Gaël Thomas. and Edwin Bourget. and Mariem Graa. and Nora Cuppens. and Jean{-}Louis Lanet.},
title={Theoretical Security Evaluation of the Human Semantic Authentication Protocol},
booktitle={Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - SECRYPT},
year={2018},
pages={332-339},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006841704980505},
isbn={978-989-758-319-3},
issn={2184-3236},
}

TY - CONF

JO - Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - SECRYPT
TI - Theoretical Security Evaluation of the Human Semantic Authentication Protocol
SN - 978-989-758-319-3
IS - 2184-3236
AU - Le Bouder, H.
AU - Thomas, G.
AU - Bourget, E.
AU - Graa, M.
AU - Cuppens, N.
AU - Lanet, J.
PY - 2018
SP - 332
EP - 339
DO - 10.5220/0006841704980505
PB - SciTePress