Even or Odd: A Simple Graphical Authentication System

Many portable devices need a simple authentication system to protect them from being used by an unauthenticated person such as a thief. The security of traditional methods such as pin codes or passwords is limited by shoulder surfing where a casual or intentional observer observes an authentication session and derives all information necessary for authentication. Graphical authentication systems have been developed to forestall this attack. We present here an especially simple variant of a graphical authentication system based on the capacity of humans to recognize faces well. In our challenge-response scheme, a user is presented with a row of typically three faces and needs to decide whether the number of “friends” is even or odd. We present here an analysis of security and usability of this scheme.

[1]  C. Carbon,et al.  Neural and genetic foundations of face recognition and prosopagnosia. , 2008, Journal of neuropsychology.

[2]  T. Hwang,et al.  On the Matsumoto and Imai human identification scheme , 1995 .

[3]  Manuel Blum,et al.  Secure Human Identification Protocols , 2001, ASIACRYPT.

[4]  Daniele D. Giusto,et al.  An Association-Based Graphical Password Design Resistant to Shoulder-Surfing Attack , 2005, 2005 IEEE International Conference on Multimedia and Expo.

[5]  Susan Wiedenbeck,et al.  Design and evaluation of a shoulder-surfing resistant graphical password scheme , 2006, AVI '06.

[6]  Daphna Weinshall,et al.  Cognitive authentication schemes safe against spyware , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[7]  Tzonelih Hwang,et al.  On the Matsumoto and Imai's Human Identification Scheme , 1995, EUROCRYPT.

[8]  Tsutomu Matsumoto,et al.  Human-computer cryptography: an attempt , 1998, CCS '96.

[9]  Harry Shum,et al.  Secure Human-Computer Identification (Interface) Systems against Peeping Attacks: SecHCI , 2005, IACR Cryptol. ePrint Arch..

[10]  Patrick Olivier,et al.  Multi-touch authentication on tabletops , 2010, CHI.

[11]  Xiang-Yang Li,et al.  Practical Human-Machine Identification over Insecure Channels , 1999, J. Comb. Optim..

[12]  Volker Roth,et al.  A PIN-entry method resilient against shoulder surfing , 2004, CCS '04.

[13]  Hideki Imai,et al.  Human Identification Through Insecure Channel , 1991, EUROCRYPT.

[14]  David A. Wagner,et al.  Cryptanalysis of a Cognitive Authentication Scheme , 2006, IACR Cryptol. ePrint Arch..