Skip to main content
Springer Nature Link
Log in

Cryptanalysis of the Convex Hull Click Human Identification Protocol

  • Conference paper
Information Security (ISC 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6531))

Included in the following conference series:

Abstract

Recently a convex hull based human identification protocol was proposed by Sobrado and Birget, whose steps can be performed by humans without additional aid. The main part of the protocol involves the user mentally forming a convex hull of secret icons in a set of graphical icons and then clicking randomly within this convex hull. In this paper we show two efficient probabilistic attacks on this protocol which reveal the user’s secret after the observation of only a handful of authentication sessions. We show that while the first attack can be mitigated through appropriately chosen values of system parameters, the second attack succeeds with a non-negligible probability even with large system parameter values which cross the threshold of usability.

The full edition of this paper is available at http://eprint.iacr.org/2010/478 .

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Sobrado, L., Birget, J.C.: Graphical Passwords. The Rutgers Scholar 4 (2002)

    Google Scholar 

  2. Zhao, H., Li, X.: S3PAS: A Scalable Shoulder-Surfing Resistant Textual-Graphical. In: AINAW 2007, pp. 467–472. IEEE Computer Society, Los Alamitos (2007)

    Google Scholar 

  3. Wiedenbeck, S., Waters, J., Sobrado, L., Birget, J.C.: Design and Evaluation of a Shoulder-Surfing Resistant Graphical Password Scheme. In: AVI 2006, pp. 177–184. ACM, New York (2006)

    Google Scholar 

  4. Matsumoto, T., Imai, H.: Human Identification through Insecure Channel. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 409–421. Springer, Heidelberg (1991)

    Chapter  Google Scholar 

  5. Wang, C.H., Hwang, T., Tsai, J.J.: On the Matsumoto and Imai’s Human Identification Scheme. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 382–392. Springer, Heidelberg (1995)

    Chapter  Google Scholar 

  6. Matsumoto, T.: Human-Computer Cryptography: An Attempt. In: CCS 1996, pp. 68–75. ACM, New York (1996)

    Google Scholar 

  7. Li, S., Shum, H.Y.: Secure Human-Computer Identification against Peeping Attacks (SecHCI): A Survey. Technical report (2003)

    Google Scholar 

  8. Hopper, N.J., Blum, M.: Secure Human Identification Protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 52–66. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  9. Weinshall, D.: Cognitive Authentication Schemes Safe Against Spyware (Short Paper). In: SP 2006, pp. 295–300. IEEE Computer Society, Los Alamitos (2006)

    Google Scholar 

  10. Bai, X., Gu, W., Chellappan, S., Wang, X., Xuan, D., Ma, B.: PAS: Predicate-based Authentication Services against Powerful Passive Adversaries. In: ACSAC 2008, pp. 433–442. IEEE Computer Society, Los Alamitos (2008)

    Google Scholar 

  11. Lei, M., Xiao, Y., Vrbsky, S.V., Li, C.C.: Virtual password using random linear functions for on-line services, ATM machines, and pervasive computing. Computer Communications 31, 4367–4375 (2008)

    Article  Google Scholar 

  12. Golle, P., Wagner, D.: Cryptanalysis of a Cognitive Authentication Scheme (Extended Abstract). In: SP 2007, pp. 66–70. IEEE Computer Society, Los Alamitos (2007)

    Google Scholar 

  13. Li, S., Asghar, H.J., Pieprzyk, J., Sadeghi, A.R., Schmitz, R., Wang, H.: On the Security of PAS (Predicate-based Authentication Service). In: ACSAC 2009, pp. 209–218. IEEE Computer Society, Los Alamitos (2009)

    Google Scholar 

  14. Li, S., Khayam, S.A., Sadeghi, A.R., Schmitz, R.: Breaking Randomized Linear Generation Functions based Virtual Password System. To appear in ICC 2010 (2010)

    Google Scholar 

  15. Li, X.Y., Teng, S.H.: Practical Human-Machine Identification over Insecure Channels. Journal of Combinatorial Optimization 3, 347–361 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  16. Jameel, H., Shaikh, R., Lee, H., Lee, S.: Human Identification Through Image Evaluation Using Secret Predicates. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 67–84. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  17. Jameel, H., Shaikh, R.A., Hung, L.X., Wei Wei, Y., Raazi, S.M.K., Canh, N.T., Lee, S., Lee, H., Son, Y., Fernandes, M.: Image-Feature Based Human Identification Protocols on Limited Display Devices. In: Chung, K.-I., Sohn, K., Yung, M. (eds.) WISA 2008. LNCS, vol. 5379, pp. 211–224. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  18. Asghar, H.J., Pieprzyk, J., Wang, H.: A New Human Identification Protocol and Coppersmith’s Baby-Step Giant-Step Algorithm. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 349–366. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Center for Advanced Computing, Algorithms and Cryptography, Department of Computing, Faculty of Science, Macquarie University, Sydney, NSW, 2109, Australia

    Hassan Jameel Asghar, Josef Pieprzyk & Huaxiong Wang

  2. Department of Computer and Information Science, University of Konstanz, Mailbox 697, Universitätsstraße 10, Konstanz, 78457, Germany

    Shujun Li

  3. Division of Mathematical Sciences, School of Physical & Mathematical Sciences, Nanyang Technological University, 50 Nanyang Avenue, 639798, Singapore

    Huaxiong Wang

Authors
  1. Hassan Jameel Asghar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shujun Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Josef Pieprzyk
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Huaxiong Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Center for Security and Assurance in IT (C-SAIT), Department of Computer Science, Florida State University, 32306-4530, Tallahassee, FL, USA

    Mike Burmester

  2. Department of Computer Science, University of California, Irvine, 92697-3425, CA, USA

    Gene Tsudik

  3. Center for Cryptology and Information Security (CCIS), Department of Mathematical Sciences, Florida Atlantic University, 33431-0991, Boca Raton, FL, USA

    Spyros Magliveras

  4. Mathematical Sciences Department, Florida Atlantic University, 33431-0991, Boca Raton, FL, USA

    Ivana Ilić

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Asghar, H.J., Li, S., Pieprzyk, J., Wang, H. (2011). Cryptanalysis of the Convex Hull Click Human Identification Protocol. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds) Information Security. ISC 2010. Lecture Notes in Computer Science, vol 6531. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-18178-8_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-18178-8_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-18177-1

  • Online ISBN: 978-3-642-18178-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics