Explore BrainMass

Security Engineering Password Protocol

An increasingly common mechanism is to ask for several pieces of security information rather than one. A call center might ask not just for your mother's maiden name, a password, and the amount of your last purchase, but also your dog's nickname and your favorite color. Such schemes need careful evaluation of their usability and effectiveness using the tools of applied psychology. Design such a password protocol and evaluate its usability and effectiveness. (A verbal text description is enough.)

Solution Preview

Below is a FULL draft of your assignment and you should now have the tools to do great. I hope that you are happy with my dedication to your work! :-)

Please be advised that the text of this work may be copy-protected©, but may be used as a good comprehensive sample or guide to aid you in customizing your assignment. Multiple links have been provided to assist you. Please be sure to cite the references listed herein.

Thanks and Good luck!

NOTE [As stated on]: "We cannot do assignments for students. If it appears that this is what is requested, Postings may be Suspended."


Designing a password protocol involves asking for several pieces of security information rather than one via a unique psychological scheme. CS at Stanford references that, "Password authentication protocols come in many flavors, but they all solve the same problem: One party must somehow prove to another party that it knows some password P, usually set in advance.

To design such protocols, your questions would range from the trivial to the incredibly complex; and should offer some form of protection from various attacks mounted by malicious or excessively curious third parties.

All your methods or questions of human authentication would fall into these three broad categories:

* Something the user is (voiceprint identification, retinal scanners)
* Something the user has (ID cards, smartcards)
* Something the user knows (passwords, PINs)

Designing a verifier-based protocol is considerably more difficult than designing a conventional shared-secret authentication protocol, because the verifier and password are by definition not equivalent (though the former may be derived from the latter), forcing the computational structure of the protocol to be inherently asymmetric." Link:

The next ...

Solution Summary

The solution designs a password protocol and evaluates its usability and effectiveness.