University of Surrey

Test tubes in the lab Research in the ATI Dance Research

Breaking Randomized Linear Generation Functions based Virtual Password System

Li, SJ, Khayam, SA, Sadeghi, AR and Schmitz, R (2010) Breaking Randomized Linear Generation Functions based Virtual Password System In: 2010 IEEE International Conference on Communications (ICC 2010), 2010-05-23 - 2010-05-27, Cape Town, South Africa.

[img] Text
ICC2010.pdf
Restricted to Repository staff only
Available under License : See the attached licence file.

Download (115kB)
[img] Text (licence)
SRI_deposit_agreement.pdf
Restricted to Repository staff only

Download (33kB)

Abstract

In ICC2008 and subsequent work, Lei et al. proposed a user authentication system (virtual password system), which is claimed to be secure against identity theft attacks, including phishing, keylogging and shoulder surfing. Their authentication system is a challenge-response protocol based on a randomized linear generation function, which uses a random integer in the responses of each login session to offer security against assorted attacks. In this paper we show that their virtual password system is insecure and vulnerable to multiple attacks. We show that with high probability an attacker can recover an equivalent password with only two (or a few more) observed login sessions. We also give a brief survey of the related work and discuss the main challenges in designing user authentication methods secure against identity theft.

Item Type: Conference or Workshop Item (Conference Paper)
Authors :
NameEmailORCID
Li, SJUNSPECIFIEDUNSPECIFIED
Khayam, SAUNSPECIFIEDUNSPECIFIED
Sadeghi, ARUNSPECIFIEDUNSPECIFIED
Schmitz, RUNSPECIFIEDUNSPECIFIED
Date : 2010
Identification Number : 10.1109/ICC.2010.5502416
Contributors :
ContributionNameEmailORCID
http://www.loc.gov/loc.terms/relators/PBLIEEE, UNSPECIFIEDUNSPECIFIED
Uncontrolled Keywords : HUMAN IDENTIFICATION
Related URLs :
Depositing User : Symplectic Elements
Date Deposited : 28 Mar 2017 14:42
Last Modified : 31 Oct 2017 14:35
URI: http://epubs.surrey.ac.uk/id/eprint/532435

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year


Information about this web site

© The University of Surrey, Guildford, Surrey, GU2 7XH, United Kingdom.
+44 (0)1483 300800