Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Part 2: Picture-based password system Alice wants to evaluate a picture-based password system. The system has a database of 100 different pictures. To select a

Part 2: Picture-based password system Alice wants to evaluate a picture-based password system.

The system has a database of 100 different pictures. To select a password, the user is allowed to browse through the database of pictures and select 20 pictures as their password. To authenticate, the user is presented with 20 challenges. Each challenge consists of 2 pictures displayed to the user: one is randomly chosen from the user's password set, and the other is randomly chosen from the remaining 80 pictures. The user is asked to identify which of the two pictures is from their password set. If the user correctly answers all 20 challenges, the user is authenticated.

To analyze the security of this system, Alice will use two different methods:

Method 1: Alice will find the number of possible passwords, and use that to calculate the probability that an adversary could guess a user's password.

Method 2: Alice will calculate the probability of impersonating the user by correctly responding to the set of 20 challenges presented by the system.

After analyzing the system with the above methods, Alice will determine the level of security as the highest success chance of the two methods.

Q2.1 Outline the calculations by Alice for both methods, and comment on her final verdict regarding the security of the system.

Q2.2 Compare both the usability and security of this system with a Passfaces based system described in Question 1. Assume that both systems would lock an account after 3 invalid attempts. In particular, (i) compare the success chance of an adversary in an online attack, and (ii) comment on the security and usability of password selection method of the two systems. (in Passfaces, passwords are randomly selected by the system; in the picture-based system a user selects their favorite set).

Q2.3 Bonus question: Suppose an adversary has an unlimited access to a verification terminal, which will not block any accounts regardless of the number of unsuccessful attempts. Describe an effective algorithm that would allow the attacker to fully learn a user's password. Include an estimate of how many guesses the attacker would need. (5 bonus points)

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

More Books

Students also viewed these Databases questions

Question

Justify 3 for the case h Answered: 1 week ago

Answered: 1 week ago

Question

Please help me evaluate this integral. 8 2 2 v - v

Answered: 1 week ago

Question

explain what is meant by experiential learning

Answered: 1 week ago

Question

identify the main ways in which you learn

Answered: 1 week ago