Abstract
A simple theoretical framework is developed to evaluate the security and usability of eavesdropping-resistant authentication schemes. Such schemes strive to allow users to authenticate without disclosing the user's credentials to an eavesdropper, while using only standard computer hardware (monitor, keyboard and mouse). We find that schemes based on shared secrets and standard computer hardware are unable to deliver real security advantages. For all the schemes reported to date, an attacker can collect all the needed information within ten observations of successful authentications. Shared secret schemes can provide security only if the space of possible shared secrets is extensive enough to prevent an exhaustive search. In turn, this complexity of the shared secrets space is already limited by usability considerations, and cannot be increased further. Thus, for truly user-friendly interfaces resistant to eavesdropping attacks, shared secrets must be combined with other authentication factors: biometrics or special hardware.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
