Go to CCS 2016 homepageOn the Security and Usability of Segment-based Visual Cryptographic Authentication Protocols
Abstract: Visual cryptography has been applied to design human computable authentication protocols. In such a protocol, the user and the server share a secret key in the form of an image printed on a transparent medium, which the user superimposes on server-generated image challenges, and visually decodes a response code from the image. An example of such protocols is PassWindow, an award-winning commercial product. We study the security and usability of segment-based visual cryptographic authentication protocols (SVAPs), which include PassWindow as a special case. In SVAP, the images consist of segments and are thus structured. Our overall findings are negative. We introduce two attacks that together are able to break all SVAPs we considered in the paper. Furthermore, our attacks exploit fundamental weaknesses of SVAPs that appear difficult to fix. We have also evaluated the usability of different SVAPs, and found that the protocol that offers the best security has the poorest usability.
0 Replies
Loading