Pinkas and Sander's (2002) login protocol protects against online guessing attacks by employing human-in-the-loop techniques (also known as Reverse Turing Tests or RTTs). We first note that this, and other protocols involving RTTs, are susceptible to minor variations of well-known middle-person attacks, and suggest techniques to address such attacks. We then present complementary modifications in what we call a history-based protocol with RTT's. Preliminary analysis indicates that the new protocol offer opportunities for improved security, improved user-friendliness (fewer RTTs to legitimate users), and greater flexibility (e.g. in customizing protocol parameters to particular situations). © IFCA/Springer-Verlag 2004.
CITATION STYLE
Stubblebine, S., & Van Oorschot, P. C. (2004). Addressing online dictionary attacks with login histories and humans-in-the-loop (extended abstract). Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 3110, 39–53. https://doi.org/10.1007/978-3-540-27809-2_5
Mendeley helps you to discover research relevant for your work.