Human Identification Through Image Evaluation Using Secret Predicates
The task of developing protocols for humans to securely authenticate themselves to a remote server has been an interesting topic in cryptography as a replacement for the traditional, less secure, password based systems. The protocols proposed in literature are based on some underlying difficult mathematical problem, which are tuned so as to make them easily computable by humans. As a result these protocols are easily broken when desired to be efficiently executable. We present a Human Identification Protocol based on the ability of humans to efficiently process an image given a secret predicate. It is a challenge-response protocol in which a subset of images presented satisfies a secret predicate shared by the challenger and the user. We conjecture that it is hard to guess this secret predicate for adversaries, both humans and programs. It can be efficiently executed by humans with the knowledge of the secret which in turn is easily memorable and replaceable. We prove the security of the protocol separately for human adversaries and programs based on two separate assumptions and justify these assumptions with the help of an example implementation.
KeywordsSecret Image Function Family Auxiliary Input Oracle Query Passive Adversary
Unable to display preview. Download preview PDF.
- 1.Matsumoto, T., Imai, H.: Human Identification through Insecure Channel. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 409–421. Springer, Heidelberg (1991)Google Scholar
- 2.Wang, C.H., Hwang, T., Tsai, J.J.: On the Matsumoto and Imai’s Human Identification Scheme. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 382–392. Springer, Heidelberg (1995)Google Scholar
- 7.Li, S., Shum, H.-Y.: Secure Human-computer identification against Peeping Attacks (SecHCI): A Survey. Unpublished report, available at Elsevier’s Computer Science Preprint Server (2002)Google Scholar
- 8.Dhamija, R., Perrig, A.: Deja Vu: A user study using images for authentication. In: Proc. of the 9th USENIX Security Symposium, pp. 45–58 (2000)Google Scholar
- 9.ID Arts Inc: Passfaces - the Art of Identification. Visit: http://www.idarts.com
- 10.Sorensen, V.: PassPic - Visual Password Management. Visit: http://www.authord.com/
- 11.The CAPTCHA project: ESP-PIX. Visit, http://www.captcha.net/
- 12.Weinshall, D.: Cognitive Authentication Schemes Safe Against Spyware (Short Paper). In: 2006 IEEE Symposium on Security and Privacy, pp. 295–300 (2006)Google Scholar
- 13.Golle, P., Wagner, D.: Cryptanalysis of a Cognitive Authentication Scheme. Cryptology ePrint Archive, Report 2006/258, http://eprint.iacr.org/