Optimizing Decision Tree Attack on CAS Scheme
In this paper we show a successful side-channel timing attack on a well-known high-complexity cognitive authentication (CAS) scheme. We exploit the weakness of CAS scheme that comes from the asymmetry of the virtual interface and graphical layout which results in nonuniform human behavior during t...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Stefan cel Mare University of Suceava
2016-05-01
|
| Series: | Advances in Electrical and Computer Engineering |
| Subjects: | |
| Online Access: | http://dx.doi.org/10.4316/AECE.2016.02010 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | In this paper we show a successful side-channel timing attack on a well-known high-complexity cognitive
authentication (CAS) scheme. We exploit the weakness of CAS scheme that comes from the asymmetry of the
virtual interface and graphical layout which results in nonuniform human behavior during the login
procedure, leading to detectable variations in user's response times. We optimized a well-known
probabilistic decision tree attack on CAS scheme by introducing this timing information into the
attack. We show that the developed classifier could be used to significantly reduce the number of
login sessions required to break the CAS scheme. |
|---|---|
| ISSN: | 1582-7445 1844-7600 |