University of Surrey

Test tubes in the lab Research in the ATI Dance Research

Breaking Randomized Linear Generation Functions based Virtual Password System

Li, SJ, Khayam, SA, Sadeghi, AR and Schmitz, R (2010) Breaking Randomized Linear Generation Functions based Virtual Password System In: 2010 IEEE International Conference on Communications (ICC 2010), 2010-05-23 - 2010-05-27, Cape Town, South Africa.

[img] Text
Restricted to Repository staff only
Available under License : See the attached licence file.

Download (115kB)
[img] Text (licence)
Restricted to Repository staff only

Download (33kB)


In ICC2008 and subsequent work, Lei et al. proposed a user authentication system (virtual password system), which is claimed to be secure against identity theft attacks, including phishing, keylogging and shoulder surfing. Their authentication system is a challenge-response protocol based on a randomized linear generation function, which uses a random integer in the responses of each login session to offer security against assorted attacks. In this paper we show that their virtual password system is insecure and vulnerable to multiple attacks. We show that with high probability an attacker can recover an equivalent password with only two (or a few more) observed login sessions. We also give a brief survey of the related work and discuss the main challenges in designing user authentication methods secure against identity theft.

Item Type: Conference or Workshop Item (Conference Paper)
Authors :
Li, SJ
Khayam, SA
Sadeghi, AR
Schmitz, R
Date : 2010
DOI : 10.1109/ICC.2010.5502416
Contributors :
Uncontrolled Keywords : HUMAN IDENTIFICATION
Related URLs :
Depositing User : Symplectic Elements
Date Deposited : 28 Mar 2017 14:42
Last Modified : 31 Oct 2017 14:35

Actions (login required)

View Item View Item


Downloads per month over past year

Information about this web site

© The University of Surrey, Guildford, Surrey, GU2 7XH, United Kingdom.
+44 (0)1483 300800