Towards a framework for security analysis of multiple password schemes

Karaca, Kevser and Levi, Albert (2008) Towards a framework for security analysis of multiple password schemes. In: ACM EUROSEC 2008, 1st ACM European workshop on system security (part of ACM Eurosys 2008), Glasgow, Scotland

[img]PDF - Registered users only - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader

Official URL: http://dx.doi.org/10.1145/1355284.1355288


In this paper, we provide a security analysis for generic authentication systems in which users have multiple passwords (or personal questions) and the system asks some of them to grant access. We analyze two schemes. In the first one, only one password is asked out of the password set of the user in order to access the system. In the second scheme, two passwords are asked to gain access to the system. We assume existence of an attacker who is capable to eavesdrop on the authentication channel and crack passwords with a certain probability. We derive analytical formulations for impersonation probabilities and compare the security provided by both schemes. The results of our analysis imply that asking more passwords for authentication does not necessarily mean a strengthened security; in fact it may carry a higher risk of impersonation as compared to asking less passwords when the passwords are aged.

Item Type:Papers in Conference Proceedings
ID Code:10486
Deposited By:Albert Levi
Deposited On:11 Nov 2008 22:29
Last Modified:22 Jul 2019 10:02

Repository Staff Only: item control page