We study the efficiency of statistical attacks on human authentication systems relying on personal knowledge questions. We adapt techniques from guessing theory to measure security against a trawling attacker attempting to compromise a large number of strangers' accounts. We then examine a diverse corpus of real-world statistical distributions for likely answer categories such as the names of people, pets, and places and find that personal knowledge questions are significantly less secure than graphical or textual passwords. We also demonstrate that statistics can be used to increase security by proactively shaping the answer distribution to lower the prevalence of common responses. © 2010 Springer-Verlag Berlin Heidelberg.
CITATION STYLE
Bonneau, J., Just, M., & Matthews, G. (2010). What’s in a name? Evaluating statistical attacks on personal knowledge questions. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6052 LNCS, pp. 98–113). https://doi.org/10.1007/978-3-642-14577-3_10
Mendeley helps you to discover research relevant for your work.