Cryptanalysis of a Cognitive Authentication Scheme
P. Golle and D. Wagner.
We present attacks against two cognitive authentication schemes [W06]
recently proposed at the 2006 IEEE Symposium on Security and Privacy.
These authentication schemes are designed to be secure against
eavesdropping attacks while relying only on human cognitive skills. They
achieve authentication via challenge response protocols based on a shared
secret set of pictures. Our attacks use a SAT solver to recover a user's
key in a few seconds, after observing only a small number of successful
logins. These attacks demonstrate that the authentication schemes of [W06]
are not secure against an eavesdropping adversary.