Trustee-based social authentication has attracted increasing attentions and has been shown to be a promising backup authentication mechanism . Specifically, a user’s security in trustee-based social authentications relies on the security of his or her trustees; if all trustees of a user are already compromised, then the attacker can also compromise him or her because the attacker can easily obtain the verification codes from the compromised trustees. In this abstract, we provide the first systematic study about the security of trustee-based social authentications. In particular, we first introduce a novel framework of attacks, which we call forest fire attacks. In these attacks, an attacker initially obtains a small number of compromised users, and then the attacker iteratively attacks the rest of users by exploiting trustee-based social authentications. Then, we construct a probabilistic model to formalize the threats of forest fire attacks and their costs for attackers. Moreover, we introduce various defense strategies. Finally, we apply our framework to extensively evaluate various concrete attack and defense strategies using three real-world social network datasets. Our results have strong implications for the design of more secure trustee-based social authentications.
You are here: / / SECURITY OF TRUSTEE-BASED SOCIAL AUTHENTICATIONS AGAINST FOREST FIRE ATTACK