loading
Papers

Research.Publish.Connect.

Paper

Authors: Hélène Le Bouder 1 ; Gaël Thomas 2 ; Edwin Bourget 1 ; Mariem Graa 1 ; Nora Cuppens 1 and Jean-Louis Lanet 3

Affiliations: 1 IMT-Atlantique SRCD, Cesson-Sévigné and France ; 2 DGA Maitrise de l’Information, Bruz and France ; 3 High Security Laboratory - INRIA, Rennes and France

ISBN: 978-989-758-319-3

Keyword(s): PIN Code, Human Semantic Authentication Protocol, Graphical Password, Shoulder Surfing Attack, Dynamic Password, Authentication.

Related Ontology Subjects/Areas/Topics: Identification, Authentication and Non-Repudiation ; Information and Systems Security ; Security and Privacy in Mobile Systems ; Security Protocols ; Software Security

Abstract: Using a secret password or a PIN (Personal Identification Number) code is a common way to authenticate a user. Unfortunately this protection does not resist an attacker that can eavesdrop on the user (shoulder surfing attack). The Human Semantic Authentication (HSA) protocol proposes a solution against this attack. The main idea is to have concept passwords and to propose images that the user must correctly select in order to authenticate. A concept can be represented by different pictures, so one observation is not enough to retrieve the secret. In this paper, the security/efficiency trade-off in the HSA protocol is evaluated. A probabilistic approach is used. Under the assumption that the picture/concept database is known to the attacker, we show that HSA is barely more resistant to shoulder surfing attacks than a PIN code. More precisely we show that the probability to retrieve the secret concept password increases rapidly with the number of observations. Moreover the constraints o n the size of the picture/concept database are very difficult to satisfy in practice. (More)

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 100.25.43.188

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Le Bouder, H.; Thomas, G.; Bourget, E.; Graa, M.; Cuppens, N. and Lanet, J. (2018). Theoretical Security Evaluation of the Human Semantic Authentication Protocol.In Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - Volume 2 SECRYPT: SECRYPT, ISBN 978-989-758-319-3, pages 332-339. DOI: 10.5220/0006841704980505

@conference{secrypt18,
author={Hélène Le Bouder. and Gaël Thomas. and Edwin Bourget. and Mariem Graa. and Nora Cuppens. and Jean{-}Louis Lanet.},
title={Theoretical Security Evaluation of the Human Semantic Authentication Protocol},
booktitle={Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - Volume 2 SECRYPT: SECRYPT,},
year={2018},
pages={332-339},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006841704980505},
isbn={978-989-758-319-3},
}

TY - CONF

JO - Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - Volume 2 SECRYPT: SECRYPT,
TI - Theoretical Security Evaluation of the Human Semantic Authentication Protocol
SN - 978-989-758-319-3
AU - Le Bouder, H.
AU - Thomas, G.
AU - Bourget, E.
AU - Graa, M.
AU - Cuppens, N.
AU - Lanet, J.
PY - 2018
SP - 332
EP - 339
DO - 10.5220/0006841704980505

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.