• Home

  • Documents

  • Cryptanalysis of a Cognitive Authentication Scheme Philippe Golle, PARC David Wagner, UC Berkeley
6
Cryptanalysis of a Cryptanalysis of a Cognitive Authentication Cognitive Authentication Scheme Scheme Philippe Golle, PARC David Wagner, UC Berkeley

Cryptanalysis of a Cognitive Authentication Scheme Philippe Golle, PARC David Wagner, UC Berkeley

  • View
    216

  • Download
    3

Tags:

Embed Size (px)

Citation preview

Page 1: Cryptanalysis of a Cognitive Authentication Scheme Philippe Golle, PARC David Wagner, UC Berkeley

Cryptanalysis of a Cognitive Cryptanalysis of a Cognitive Authentication SchemeAuthentication Scheme

Philippe Golle, PARC

David Wagner, UC Berkeley

Page 2: Cryptanalysis of a Cognitive Authentication Scheme Philippe Golle, PARC David Wagner, UC Berkeley

Problem StatementProblem Statement

How can I log into my bank without keyloggers/eavesdroppers stealing my credentials?

Page 3: Cryptanalysis of a Cognitive Authentication Scheme Philippe Golle, PARC David Wagner, UC Berkeley

A recent proposal [Weinshall]A recent proposal [Weinshall]

Server has a set of 80 images My secret is a subset of 30 images I recognize Protocol performs 10 rounds of challenge-

response authentication– Server asks question about the shared secret– Human responds

Page 4: Cryptanalysis of a Cognitive Authentication Scheme Philippe Golle, PARC David Wagner, UC Berkeley

1 2 1 0 3 0 3 0 3 1

2

0

1

1

2

3

0

2

A Round of Challenge/ResponseA Round of Challenge/Response

Response: 3

Page 5: Cryptanalysis of a Cognitive Authentication Scheme Philippe Golle, PARC David Wagner, UC Berkeley

CryptanalysisCryptanalysis

Associate a boolean variable xi to each image

– 80 boolean variables x1, …, x80

For each known challenge-response pair, write a SAT formula expressing that x1, …, x80 are consistent with this pair

Apply an off-the-shelf SAT solver

Result: Reveals the secret after observing 10 authentications and 7 seconds of CPU time

Page 6: Cryptanalysis of a Cognitive Authentication Scheme Philippe Golle, PARC David Wagner, UC Berkeley

Parting ThoughtsParting Thoughts

Advice to cryptanalysts:For schemes that have small circuits, try applying a SAT solver

More details: eprint.iacr.org/2006/258/


Cryptanalysis of Lightweight Block Ciphers - Šibenik, …summerschool-croatia.cs.ru.nl/2014/slides/Cryptanalysis of... · Cryptanalysis of Lightweight Block Ciphers Mar a Naya-Plasencia

Cryptanalysis of Lightweight Block Ciphers - Šibenik, …summerschool-croatia.cs.ru.nl/2014/slides/Cryptanalysis of... · Cryptanalysis of Lightweight Block Ciphers Mar a Naya-Plasencia

Documents
Recent Achievements at J-PARC and Future Prospects of ... · J-PARC E07 J-PARC E05 J-PARC E40 J-PARC E15 J-PARC E10 J-PARC E13 J-PARC E63 J-PARC E10/ HIHR J-PARC K1.1 15-008 Mainz

Recent Achievements at J-PARC and Future Prospects of ... · J-PARC E07 J-PARC E05 J-PARC E40 J-PARC E15 J-PARC E10 J-PARC E13 J-PARC E63 J-PARC E10/ HIHR J-PARC K1.1 15-008 Mainz

Documents
Differential Cryptanalysis and Boomerang...fftial Cryptanalysis and Boomerang Cryptanalysis of LBlock Jiageng Chen and Atsuko Miyaji⋆ School of Information Science, Japan Advanced

Differential Cryptanalysis and Boomerang...fftial Cryptanalysis and Boomerang Cryptanalysis of LBlock Jiageng Chen and Atsuko Miyaji⋆ School of Information Science, Japan Advanced

Documents
Enigma Cryptanalysis

Enigma Cryptanalysis

Documents
Session 6: Introduction to cryptanalysis part 1. Contents Problem definition Symmetric systems cryptanalysis Particularities of block ciphers cryptanalysis

Session 6: Introduction to cryptanalysis part 1. Contents Problem definition Symmetric systems cryptanalysis Particularities of block ciphers cryptanalysis

Documents
Privacy and Anonymity Using Mix Networks* Slides borrowed from Philippe Golle, Markus Jacobson

Privacy and Anonymity Using Mix Networks* Slides borrowed from Philippe Golle, Markus Jacobson

Documents
Linear Cryptanalysis of DES

Linear Cryptanalysis of DES

Documents
Block ciphers 2 Session 4. Contents Linear cryptanalysis Differential cryptanalysis 2/48

Block ciphers 2 Session 4. Contents Linear cryptanalysis Differential cryptanalysis 2/48

Documents
Cryptanalysis Lecture

Cryptanalysis Lecture

Education
Cryptography & Cryptanalysis

Cryptography & Cryptanalysis

Documents
Differential Cryptanalysis

Differential Cryptanalysis

Documents
Chris Golle Generation 10 PDF

Chris Golle Generation 10 PDF

Documents
Cryptanalysis of GOST - CCC Event Blog · GOST, Self-Similarity and Cryptanalysis of Block Ciphers ... • Linear-Algebraic or Bi-Linear-Algebraic Cryptanalysis • Differential-Algebraic

Cryptanalysis of GOST - CCC Event Blog · GOST, Self-Similarity and Cryptanalysis of Block Ciphers ... • Linear-Algebraic or Bi-Linear-Algebraic Cryptanalysis • Differential-Algebraic

Documents
Cryptanalysis of LASH

Cryptanalysis of LASH

Documents
L03 Cryptanalysis Overview

L03 Cryptanalysis Overview

Documents
vigenere cryptanalysis

vigenere cryptanalysis

Documents
LINEAR CRYPTANALYSIS

LINEAR CRYPTANALYSIS

Documents
Fault-based Cryptanalysis on Block Ciphers · 1/ 62 Fault Injection Means Cryptanalysis methods Countermeasures Conclusion Fault-based Cryptanalysis on Block Ciphers Victor LOMNE

Fault-based Cryptanalysis on Block Ciphers · 1/ 62 Fault Injection Means Cryptanalysis methods Countermeasures Conclusion Fault-based Cryptanalysis on Block Ciphers Victor LOMNE

Documents
Cryptography and Cryptanalysis

Cryptography and Cryptanalysis

Documents
Algebraic--Differential Cryptanalysis of DES Algebraic cryptanalysis of DES using Minisat Algebraic di erential cryptanalysis of DES Algebraic Di erential Cryptanalysis of …

Algebraic--Differential Cryptanalysis of DES Algebraic cryptanalysis of DES using Minisat Algebraic di erential cryptanalysis of DES Algebraic Di erential Cryptanalysis of …

Documents
Cryptanalysis of AES cipher

Cryptanalysis of AES cipher

Documents
Linear Cryptanalysis of DES M. Matsui. 1.Linear Cryptanalysis Method for DES Cipher. EUROCRYPT 93, 1994.Linear Cryptanalysis Method for DES Cipher 2.The

Linear Cryptanalysis of DES M. Matsui. 1.Linear Cryptanalysis Method for DES Cipher. EUROCRYPT 93, 1994.Linear Cryptanalysis Method for DES Cipher 2.The

Documents
Differential and Linear Cryptanalysis - Radboud … and...Differential cryptanalysis Linear cryptanalysis Differential and Linear Cryptanalysis Lars R. Knudsen June 2014 L.R. Knudsen

Differential and Linear Cryptanalysis - Radboud … and...Differential cryptanalysis Linear cryptanalysis Differential and Linear Cryptanalysis Lars R. Knudsen June 2014 L.R. Knudsen

Documents
Basic Cryptanalysis

Basic Cryptanalysis

Documents
Cryptanalysis Lab 07

Cryptanalysis Lab 07

Documents
Week 7: Cryptanalysis

Week 7: Cryptanalysis

Documents
Cryptanalysis Cryptarithmetic problem

Cryptanalysis Cryptarithmetic problem

Documents
CRYPTOGRAPHY v/s CRYPTANALYSIS

CRYPTOGRAPHY v/s CRYPTANALYSIS

Documents
Cryptanalysis of Hummingbird-1

Cryptanalysis of Hummingbird-1

Documents
Differential Cryptanalysis of DES

Differential Cryptanalysis of DES

Documents