Enhanced password processing scheme based on visual cryptography and OCR

Traditional password conversion scheme for user authentication is to transform the passwords into hash values. These hash-based password schemes are comparatively simple and fast because those are based on text and famed cryptography. However, those can be exposed to cyber-attacks utilizing password by cracking tool or hash-cracking online sites. Attackers can thoroughly figure out an original password from hash value when that is relatively simple and plain. As a result, many hacking accidents have been happened predominantly in systems adopting those hash-based schemes. In this work, we suggest enhanced password processing scheme based on image using visual cryptography (VC). Different from the traditional scheme based on hash and text, our scheme transforms a user ID of text type to two images encrypted by VC. The user should make two images consisted of subpixels by random function with SEED which includes personal information. The server only has user's ID and one of the images instead of password. When the user logs in and sends another image, the server can extract ID by utilizing OCR (Optical Character Recognition). As a result, it can authenticate user by comparing extracted ID with the saved one. Our proposal has lower computation, prevents cyber-attack aimed at hash-cracking, and supports authentication not to expose personal information such as ID to attackers.

[1]  P. Gauravaram,et al.  Security Analysis of salt||password Hashes , 2012, 2012 International Conference on Advanced Computer Science Applications and Technologies (ACSAT).

[2]  Jason Wittenberg,et al.  Clarify: Software for Interpreting and Presenting Statistical Results , 2003 .

[3]  Edward W. Felten,et al.  Password management strategies for online accounts , 2006, SOUPS '06.

[4]  Ching Y. Suen,et al.  Historical review of OCR research and development , 1992, Proc. IEEE.

[5]  Rose Holley,et al.  How Good Can It Get? Analysing and Improving OCR Accuracy in Large Scale Historic Newspaper Digitisation Programs , 2009, D Lib Mag..

[6]  Yue Li,et al.  Amnesia: A Bilateral Generative Password Manager , 2016, 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS).

[7]  Dana Yang,et al.  Mutual authentication based on visual cryptography and OCR for secure IoT service , 2019 .

[8]  Quang Uy Nguyen,et al.  An analysis of Persuasive Text Passwords , 2015, 2015 2nd National Foundation for Science and Technology Development Conference on Information and Computer Science (NICS).

[9]  Moni Naor,et al.  Visual Cryptography , 1994, Encyclopedia of Multimedia.

[10]  Chirag I. Patel,et al.  Optical Character Recognition by Open source OCR Tool Tesseract: A Case Study , 2012 .

[11]  L. Tam,et al.  The psychology of password management: a tradeoff between security and convenience , 2010, Behav. Inf. Technol..