Tianhao Wang, Huangyi Ge, Omar Chowdhury, H. K. Maji, Ninghui Li
{"title":"On the Security and Usability of Segment-based Visual Cryptographic Authentication Protocols","authors":"Tianhao Wang, Huangyi Ge, Omar Chowdhury, H. K. Maji, Ninghui Li","doi":"10.1145/2976749.2978417","DOIUrl":null,"url":null,"abstract":"Visual cryptography has been applied to design human computable authentication protocols. In such a protocol, the user and the server share a secret key in the form of an image printed on a transparent medium, which the user superimposes on server-generated image challenges, and visually decodes a response code from the image. An example of such protocols is PassWindow, an award-winning commercial product. We study the security and usability of segment-based visual cryptographic authentication protocols (SVAPs), which include PassWindow as a special case. In SVAP, the images consist of segments and are thus structured. Our overall findings are negative. We introduce two attacks that together are able to break all SVAPs we considered in the paper. Furthermore, our attacks exploit fundamental weaknesses of SVAPs that appear difficult to fix. We have also evaluated the usability of different SVAPs, and found that the protocol that offers the best security has the poorest usability.","PeriodicalId":432261,"journal":{"name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","volume":"211 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2976749.2978417","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
Abstract
Visual cryptography has been applied to design human computable authentication protocols. In such a protocol, the user and the server share a secret key in the form of an image printed on a transparent medium, which the user superimposes on server-generated image challenges, and visually decodes a response code from the image. An example of such protocols is PassWindow, an award-winning commercial product. We study the security and usability of segment-based visual cryptographic authentication protocols (SVAPs), which include PassWindow as a special case. In SVAP, the images consist of segments and are thus structured. Our overall findings are negative. We introduce two attacks that together are able to break all SVAPs we considered in the paper. Furthermore, our attacks exploit fundamental weaknesses of SVAPs that appear difficult to fix. We have also evaluated the usability of different SVAPs, and found that the protocol that offers the best security has the poorest usability.