a graphical pin authentication mechanism with applications to smart cards and low-cost devices...
TRANSCRIPT
![Page 1: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/1.jpg)
A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices
Clemente GaldiUniversità di Napoli “Federico
II”
Luigi CatuognoUniversità di Salerno
![Page 2: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/2.jpg)
Outline
• Problem overview– User authentication – Graphical passwords– Shoulder surfing attacks
• Our proposal– Deterministic and user randomized schemes– Security evaluation
• Application to device-device authentication
![Page 3: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/3.jpg)
User authentication
• U.A. is a well established area in security
• Different types of services require different levels of security– Checking email– Withdrawing money at ATMs– On-line banking– …– Access to military bases– Nuke activation procedures
![Page 4: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/4.jpg)
Human authentication
• If the required level of security is not high– “Text-based” authentication is still
the mostly used one• Username-password• Strip/smart-card + PIN• One Time Password Tokens
![Page 5: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/5.jpg)
One time password Authentication through insecure channels
• In order to be authenticated, the user has to prove that she knows the secret x – The system issues a challenge C– The user compute the proof P=F(x,C)
• Often the user compute F() by means a personal crypto-device
– The user sends P to the system– The system verifies the proof…etc.
![Page 6: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/6.jpg)
Graphical password
• A one-time password mechanism where:– The system issues a graphical
challenge • Often called “scene”
– The user computes the proof by means a cognitive function of what she sees on the screen • whithout the effort of any external device
![Page 7: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/7.jpg)
Cognitive functions
• Image recognition• Image position recognition• Answering simple queries about
the scene• Repeating a sequence of actions in
a scene
![Page 8: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/8.jpg)
PassFaces(www.realusers.com)
• The system choses three passfaces for the user
![Page 9: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/9.jpg)
PassFaces/2
• During the logon, the system shows to the user three scenes each one containig one of user’s passfaces
• The user has to recognize her passfaces in each scene
• The user select the passfaces by– Mouse clicks,– Tapping by the stylus
![Page 10: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/10.jpg)
A useful application…
• Everybody uses ATM and POS terminals everyday. – PINs and passwords are frequently
subject to attacks and frauds– PINs are not user-friendly
• Graphical PINs could be a good improvement
![Page 11: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/11.jpg)
The Problem
![Page 12: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/12.jpg)
The Problem
![Page 13: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/13.jpg)
But…
![Page 14: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/14.jpg)
But..
• Many G.P. schemes requires non trivial visualization and pointing devices
• ATM machines, POS terminals, Cellular phones….– Small sized and low resolution displays– No pointing devices (mouse, touch screen…)– Poor computational resources (slow
processors, small memory…)
![Page 15: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/15.jpg)
Requirements
• The authentication scheme should be independent from the specific set of objects– Improves (human) usability– Allow the adaptation to device-device
authentication
• (Very) Low computational overhead• The “user” should only “recognize” objects
– No need of crypto-devices
• Resiliency to eavesdropping
![Page 16: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/16.jpg)
Basic Idea
• Objects:– Let k,a be two integers and q=ka– O={o1,o2,…,oq} be a set of q objects
• Secret:– A secret is an object in O
• Challenge:– Partition the objects in O into a distinct sets, each
containing k objects– “Visualize” the challenge on a matrix with a rows and
k columns
• Response:– The row number containing the secret object.
![Page 17: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/17.jpg)
Naïve Protocol
• Secret:– Let m be an integer
– Let s=(s1,s2,…,sm) be a sequence of m objects
• There exist qm possible secrets
• Response:– The sequence of m indices of the rows containing the
m objects
![Page 18: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/18.jpg)
http://www.dia.unisa.it/GRAPE
A prototype
![Page 19: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/19.jpg)
GRAPE/2
• Handles authentication by means of a numerical one-time PIN
• The graphical challange is composed of low-resolution objects
• Challange generation and proof validation require poor computational resources
![Page 20: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/20.jpg)
GRAPE/3
• The user’s secret is a sequence of queries formed like:– “On which row is the object x?”
• Where the object x is a geometrical shape like:– Purple full rectangle– Red empty rectangle– White empty exagon– …
![Page 21: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/21.jpg)
GRAPE/4The user types the PIN here, each digit is the row number of the corresponding object
34643
![Page 22: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/22.jpg)
GRAPE/5
• The graphical challenge can be effectively visualized both through cheap and small-sized displays and through hi-res monitors
• The user response can be composed through a numeric keypad as well as through other sophisticated pointing devices
• Challenge generation and proof validation are affordable for small devices (e.g. smart-cards and old-fashioned cell phones)
• The user is simply required to recognize the position of some objects on the screen
![Page 23: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/23.jpg)
GRAPE/6
• Naive protocol– The user correctly answers to all the m
queries
• Randomized protocol: Correct or random– The user correctly answers to at least m-r
queries– The user randomly answers to r queries
• Randomized protocol: Correct or Wrong– The user correctly answers to exactly m-w
queries– The user wrongly aswers to w queries
![Page 24: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/24.jpg)
Security Evaluation
• Basic assumption: – Three unsuccessful trials lead to block of the
account
• Blind attacks: – Prob. of guessing an “authentication” secret– Needs to be reasonably low
• Recording attacks (eavesdropping): – Gaining access to a service after analyzing a
number of transcripts
![Page 25: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/25.jpg)
Naïve protocol
• Blind attack success probability – a=number of rows in the matrix– m=secret lenght– p=1/am
• The value of a cannot be to high!• If a=4 and m=7, success prob < 10-5
– The number of rows in the matrix should be low
![Page 26: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/26.jpg)
Naïve protocol
• Attack goal:– Secret extraction.– The user needs to answer correctly to
all the queries– Assuming three unsuccessful trials
block the system
![Page 27: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/27.jpg)
Naïve protocol
• Attack description: The adversary– is provided with as many transcripts she wants– associates to each object m counters
• one for each component in the secret
– For each transcript (challenge, response), increases the counter for all the objects in the row corresponding to the user answer
– Stops when, for each component of the secret, there exist one object with maximum counter
• This attack always recover the user secret!
![Page 28: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/28.jpg)
Naïve Protocol
• Average number of transcripts m=15
![Page 29: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/29.jpg)
Naïve Protocol
• Average number of transcripts (a=2)
![Page 30: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/30.jpg)
Naïve Protocol
• We can derive that the average number of transcripts needed to recover the secret increases if: – The number of rows (a) in the
challenge decreases– The length of the secret (m) increases– The number of objects (q) increases
![Page 31: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/31.jpg)
Correct-randon: blind attack
• In the following– c=number of correct answers– m=secret length
€
m
h
⎛
⎝ ⎜
⎞
⎠ ⎟1
ah1−
1
a
⎛
⎝ ⎜
⎞
⎠ ⎟m−h
h= c
m
∑
![Page 32: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/32.jpg)
Correct-randon: blind attack
• The number c of correct answers must be greater than m/a– Otherwise blind attack is easy!
• Example:– Let a=2 and c=m/3.
• Authentication is granted if the users correcty guesses at least m/3 components of the secret
– The adversary can randomly guess with high probability m/2 correct answers
![Page 33: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/33.jpg)
User-randomized protocols
• In user-randomized protocols the “counting attack” does not work anymore.– Due to randomization, objects
with high frequency might not belong to the secret
• We need to modify attack strategy
![Page 34: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/34.jpg)
User-randomized protocols
• Attack description: The adversary– is provided with t transcripts– associates to each object m counters
• one for each component in the secret – For each transcript, increases the counter for the
objects in the row corresponding to the user answer– Outputs the objects with maximum value for the
counters.
• Output classification:– Good: Contains all the m objects in the secret– Valid: Contains at least c objects from the secret– Wrong: Contains less than c objects from the secret
![Page 35: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/35.jpg)
Correct-random
Percentage of good and valid secrets
![Page 36: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/36.jpg)
Correct-wrong: blind attack
• In the following– c=number of correct answers– m=secret length
€
m
c
⎛
⎝ ⎜
⎞
⎠ ⎟1
ac1−
1
a
⎛
⎝ ⎜
⎞
⎠ ⎟m−c
![Page 37: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/37.jpg)
Correct-wrong
• In the correct-wrong case, there is no “trivial” limit on the number of wrong answers– The users needs to
• answer correctly to exactly c queries and• give wrong answers to exactly m-c queries.
• If c is too low, blind attack has still high success probability, but strictly less than 1.– E.g., m=15, r=8, a=2 -> p(succ)=0.19
![Page 38: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/38.jpg)
Correct-wrongPercentage of good and valid secrets
does not strongly depend on q
QuickTime™ and a decompressor
are needed to see this picture.
![Page 39: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/39.jpg)
Correct-wrongPercentage of good and valid secrets strongly
depends on a– If a=2 the adversary might not be able to extract a
valid secret
QuickTime™ and a decompressor
are needed to see this picture.
![Page 40: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/40.jpg)
Correct-wrongPercentage of good and valid secrets
strongly depends on r
QuickTime™ and a decompressor
are needed to see this picture.
![Page 41: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/41.jpg)
A variation
• Assume the user needs to answer a specific set of queries correctly– User and terminal share also a common
sequence, e.g., generated by a PRNG.
• Let a=2• Blind attack success probability
becomes 1/2c(1-1/2)(m-c)=1/2m
• In this case it is possible to use r=m/2– The adversary does not manage to extract
even a valid sequence.
![Page 42: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/42.jpg)
A variation
• Why?– Intuitively:
• P(counter increased)=1/2 for every object independently from the fact that it belongs to the secret or not!
– The counting attack fails. • It focuses on the single secret’s component
– Does not consider that:• “In every transcript there exist exactly c correct
answers”
![Page 43: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/43.jpg)
A SAT-based attack
• Write a boolean formula whose truth assignment corresponds to the user secret
• Associate to each object oiO m boolean variables xi,1,…, xi,m
• Let C be a challenge consisting of a=2 rows – Let (i1,…,ip) be the indices of the objects on the
first row
– Let (ip+1,…,iq) be the indices of the objects on the second row
![Page 44: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/44.jpg)
A SAT-based attack
• The j-th component of the secret belongs to one of the two rows of the challenge.
€
φ0, j = x i1 , j ∨x i2 , j ∨...∨x ip , j
€
φ1, j = x ip+1 , j ∨x ip+2 , j ∨...∨x iq , j
![Page 45: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/45.jpg)
A SAT-based attack
• Let: =(1,…, m) be a single user reply– Am={a=(a1,…,am){0,1}m| w(a)=m/2}
• ai=0 -> I-th answer is correct.
• The following formula is satisfiable:
• There exists one aAm such that the j-th component of the secret is in row jaj for j=1,…m
€
ψ = ∨(a1 ,...,am )∈Am
∧j=1
m
(φβ j ⊕a j ∧¬φ(1−β j )⊕a j)
![Page 46: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/46.jpg)
A SAT-based attack
• Extending the formula to k transcripts, it is possible to show that the following formula is satisfiable
• Note: ψ(k) are formulae over the same literals
€
γ=∧k=1
t
ψ (k )
![Page 47: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/47.jpg)
A SAT-based attack
• Finally, since for each component, there exists exactly one object
• So = is satisfiable and its truth assignment corresponds to the user secret.€
ε =∧j=1
m
∨i=1
q
(¬ x1, j ∧...∧¬ x i−1, j ∧x i, j ∧¬ x i+1, j ∧...∧¬ xq, j )
![Page 48: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/48.jpg)
What about “devices”
• The proposed scheme is not limited to human authentication.– Simply modify the set of objects to a list of
numbers/strings. – The device needs to recognize binary strings– If a device (smart card/RFID) is able to run a
PRNG:• The device can authenticate the reader
– Need to generate the challenge– Instead of being authenticated by a reader.
• It can implement the “variant” of our scheme– Or store a list of sequences…
![Page 49: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/49.jpg)
Usability evaluation
• Average login time
• Error rate
![Page 50: A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi](https://reader035.vdocuments.net/reader035/viewer/2022062515/56649ce65503460f949b48f1/html5/thumbnails/50.jpg)
Conclusions
• Presented an authentication mechanism “implementable” by humans and devices
• Counting attacks lead to (valid) secret extraction in reasonable time – 10-12 sessions for naïve protocol– Up to 36 for correct wrong
• To be done. – Implement the SAT based attack
• The size of the formula is exponential in the secret length…