On the Security of PAS (Predicate-Based Authentication Service)

Li, Shujun; Asghar, Hassan Jameel; Pieprzyk, Josef; Sadeghi, Ahmad-Reza; Schmitz, Roland; Wang, Huaxiong

doi:10.1109/acsac.2009.27

Cited by 16 publications

(15 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…(0, 0), (13, 0), (0, 13), (13,13) We used Turk's method to compute a random point within a triangle [23]. Our simulation results suggest that increasing k makes the probability of success lower.…”

Section: Simulation Results For Attackmentioning

confidence: 99%

Cryptanalysis of the Convex Hull Click Human Identification Protocol

Asghar

Pieprzyk

et al. 2011

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Recently a convex hull based human identification protocol was proposed by Sobrado and Birget, whose steps can be performed by humans without additional aid. The main part of the protocol involves the user mentally forming a convex hull of secret icons in a set of graphical icons and then clicking randomly within this convex hull. While some rudimentary security issues of this protocol have been discussed, a comprehensive security analysis has been lacking. In this paper we analyse the security of this convex hull based protocol. In particular, we show two probabilistic attacks which reveal the user's secret after the observation of only a handful of authentication sessions. These attacks can be efficiently implemented as their time and space complexities are considerably less than brute force attack. We show that while the first attack can be mitigated through appropriately chosen values of system parameters, the second attack succeeds with a non-negligible probability even with large system parameter values which cross the threshold of usability.

show abstract

Section: Simulation Results For Attackmentioning

confidence: 99%

Cryptanalysis of the Convex Hull Click Human Identification Protocol

Asghar

Pieprzyk

et al. 2011

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…PAS uses different parts of the password for different login sessions and the user's responses are obfuscated by randomized challenge and response tables. In [31], Li et al show that part of the password can be revealed with a number of observations, thus leading to a degradation of the PAS scheme to a common OTP (one-timepassword) system but with worse usability.…”

Section: C(1125)≈2mentioning

confidence: 99%

Breaking undercover

Perković

Mumtaz

et al. 2011

Proceedings of the Seventh Symposium on Usable Privacy and Security

Self Cite

View full text Add to dashboard Cite

This paper reports two attacks on Undercover, a human authentication scheme against passive observers proposed at CHI 2008. The first attack exploits nonuniform human behavior in responding to authentication challenges and the second one is based on information leaked from authentication challenges or responses visible to the attacker. The second attack can be generalized to break two alternative Undercover designs presented at Pervasive 2009. All the attacks exploit design flaws of the Undercover implementations.Theoretical and experimental analyses show that both attacks can reveal the user's password with high probability with O(10) observed login sessions. Both attacks were verified by using the login data collected in a user study with 28 participants. We also propose some enhancements to make Undercover secure against the attacks reported in this paper.Our research in breaking and improving Undercover leads to two broader implications. First, it reemphasizes the principle of "devil is in details" for the design of security-related human-computer interface. Secondly, it reveals a subtle relationship between security and usability: human users may behave in an insecure way to compromise the security of a system. To design a secure human-computer interface, designers should pay special attention to possible negative influence of any detail of the interface including how human users interact with the system.

show abstract

“…In [47], the authors have re-examined the security claims of Predicate-based Authentication Service (PAS) and successfully indicated PAS was insecure against probabilistic attack and brute force attack. The PAS system claims security against three attacks: random guess, SAT (satisfiability solver) and brute force attacks that is highly over-estimated.…”

Section: B Review Of Non-otp Based Schemesmentioning

confidence: 99%

Contemplation of Effective Security Measures in Access Management from Adoptability Perspective

Mehraj¹,

Rasool²,

Khan³

et al. 2015

ijacsa

View full text Add to dashboard Cite

Abstract-With the extension in computer networks, there has been a drastic change in the disposition of network security. Security has always been a major concern of any organization as it involves mechanisms to ensure reliable access. In the present era of global electronic connectivity where hackers, eavesdroppers, electronic frauds, viruses are growing in number, security has proved to be indispensable. Although numerous solutions have been put forth in literature to guarantee security, they have botched with related traits like efficiency and scalability. Despite the range of security solutions that have been presented by experts, not a single approach has been wholly agreed upon to provide absolute security or standardized upon unanimously. Furthermore, these approaches lack adoptable user implementation. In this paper, various approaches and techniques that were introduced in the past for the purpose of enhancing the authentication and authorization of the user while performing sensitive and confidential transaction are discussed. Each of works performed by the researchers is taken singlehandedly for debate followed by analysis. Finally, the open issues in the current domain of study are formulated from the review conducted.

show abstract

On the Security of PAS (Predicate-Based Authentication Service)

Cited by 16 publications

References 18 publications

Cryptanalysis of the Convex Hull Click Human Identification Protocol

Cryptanalysis of the Convex Hull Click Human Identification Protocol

Breaking undercover

Contemplation of Effective Security Measures in Access Management from Adoptability Perspective

Contact Info

Product

Resources

About