Towards a framework for security analysis of multiple password schemes

Karaca, Kevser and Levi, Albert (2008) Towards a framework for security analysis of multiple password schemes. In: ACM EUROSEC 2008, 1st ACM European workshop on system security (part of ACM Eurosys 2008), Glasgow, Scotland

[thumbnail of p16-karaca.pdf] PDF
Restricted to Registered users only

Download (218kB) | Request a copy


In this paper, we provide a security analysis for generic authentication systems in which users have multiple passwords (or personal questions) and the system asks some of them to grant access. We analyze two schemes. In the first one, only one password is asked out of the password set of the user in order to access the system. In the second scheme, two passwords are asked to gain access to the system. We assume existence of an attacker who is capable to eavesdrop on the authentication channel and crack passwords with a certain probability. We derive analytical formulations for impersonation probabilities and compare the security provided by both schemes. The results of our analysis imply that asking more passwords for authentication does not necessarily mean a strengthened security; in fact it may carry a higher risk of impersonation as compared to asking less passwords when the passwords are aged.
Item Type: Papers in Conference Proceedings
Divisions: Faculty of Engineering and Natural Sciences > Academic programs > Computer Science & Eng.
Depositing User: Albert Levi
Date Deposited: 11 Nov 2008 22:29
Last Modified: 26 Apr 2022 08:48

Actions (login required)

View Item
View Item