Abstract
In this paper we show a successful side-channel timing attack on a well-known high-complexity cognitive authentication (CAS) scheme. We exploit the weakness of CAS scheme that comes from the asymmetry of the virtual interface and graphical layout which results in nonuniform human behavior during the login procedure, leading to detectable variations in user’s response times. We optimized a well- known probabilistic decision tree attack on CAS scheme by introducing this timing information into the attack. We show that the developed classifier could be used to significantly reduce the number of login sessions required to break the CAS scheme.
Full Text 
Sign-in/Register to access full text options
Sign-in/Register to access full text options 
Paper version not known
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
