Answered step by step
Verified Expert Solution
Question
00
1 Approved Answer
The Passfaces based password system was described during lectures. Consider a Passfaces system with a database of faces containing 100 entries in total. A user
The Passfaces based password system was described during lectures. Consider a Passfaces system with a database of faces containing 100 entries in total. A user of this system is given a set of 5 randomly chosen passfaces from the database to memorize as their password. During verification, a user is presented with 5 challenges. In each challenge the user is shown a 3 x 3 matrix of faces. Each matrix includes one passface from the user's password set, and also 8 decoy faces chosen randomly from the remaining 95 entries in the database. In each challenge the user is asked to identify the passface from their password set. If the user passes each challenge, the user is authenticated. Q1.1 Assuming the face database is public, what is the entropy of the passwords? Q1.2 What is the probability of an adversary guessing the password of a selected user? Q1.3 Would the security increase if the database was not public? Justify your answer Q1.4 What is the probability of an adversary guessing the password if the system allows one incorrectly answered challenge? Q1.5 Describe two attacks that are more effective in Passfaces compared to traditional password systems. You may assume the attacker has access to a verification terminal (Passfaces, or password system) that blocks an account after 3 unsuccessful attempts. The Passfaces based password system was described during lectures. Consider a Passfaces system with a database of faces containing 100 entries in total. A user of this system is given a set of 5 randomly chosen passfaces from the database to memorize as their password. During verification, a user is presented with 5 challenges. In each challenge the user is shown a 3 x 3 matrix of faces. Each matrix includes one passface from the user's password set, and also 8 decoy faces chosen randomly from the remaining 95 entries in the database. In each challenge the user is asked to identify the passface from their password set. If the user passes each challenge, the user is authenticated. Q1.1 Assuming the face database is public, what is the entropy of the passwords? Q1.2 What is the probability of an adversary guessing the password of a selected user? Q1.3 Would the security increase if the database was not public? Justify your answer Q1.4 What is the probability of an adversary guessing the password if the system allows one incorrectly answered challenge? Q1.5 Describe two attacks that are more effective in Passfaces compared to traditional password systems. You may assume the attacker has access to a verification terminal (Passfaces, or password system) that blocks an account after 3 unsuccessful attempts
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access with AI-Powered Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started