PAS: Predicate-Based Authentication Services Against Powerful Passive Adversaries

“…For more practical sizes of the secret, the number of allowable sessions is even lower. Similarly, Bai et al's scheme can be used for 10 authentication sessions only [12]. For these reasons, we have restricted our comparison to the two protocols in [1].…”

“…al. in [12], but their protocol can only be used for a small number of authentications; precisely 10, using the default parameters. A different line of research is to develop special purpose hardware that utilizes other human senses (such as the sense of touch).…”

“…This bound severely lessens accomplishable security for small values of k. A smaller value of k is necessary to ensure that human memory and computational requirements are low. Despite their findings, some of the recent proposals have ignored security evaluation against time-memory tradeoff attacks [10,12].…”

“…The rest of the protocols only treat security against a known set of active attacks. Due to the difficulty of constructing usable protocols secure against active attacks, recently the focus of the research community has been on security against passive (eavesdropping) adversaries [2,3,10,12,13]. Despite this being a weaker threat model, there is still no widely accepted human identification protocol secure against passive adversaries and this remains an open problem.…”

A New Human Identification Protocol and Coppersmith’s Baby-Step Giant-Step Algorithm

“…For more practical sizes of the secret, the number of allowable sessions is even lower. Similarly, Bai et al's scheme can be used for 10 authentication sessions only [12]. For these reasons, we have restricted our comparison to the two protocols in [1].…”

“…al. in [12], but their protocol can only be used for a small number of authentications; precisely 10, using the default parameters. A different line of research is to develop special purpose hardware that utilizes other human senses (such as the sense of touch).…”

“…This bound severely lessens accomplishable security for small values of k. A smaller value of k is necessary to ensure that human memory and computational requirements are low. Despite their findings, some of the recent proposals have ignored security evaluation against time-memory tradeoff attacks [10,12].…”

“…The rest of the protocols only treat security against a known set of active attacks. Due to the difficulty of constructing usable protocols secure against active attacks, recently the focus of the research community has been on security against passive (eavesdropping) adversaries [2,3,10,12,13]. Despite this being a weaker threat model, there is still no widely accepted human identification protocol secure against passive adversaries and this remains an open problem.…”

A New Human Identification Protocol and Coppersmith’s Baby-Step Giant-Step Algorithm

“…However, the security of these protocols can be compromised after a few authentication sessions [7,8]. Some other proposals for human identification protocols that have been shown to be insecure were proposed by the authors in [9,10,11]. These protocols were cryptanalysed in [12,13,14].…”

Cryptanalysis of the convex hull click human identification protocol

A Textual Password Entry Method Resistant to Human Shoulder-Surfing Attack