2016 Symposium Posters

Posters > 2016

Symbol-Based Visual Cryptographic Authentication Mechanisms: Attacks and New Constructions


PDF

Primary Investigator:
Ninghui Li

Project Members
Huangyi Ge, Tianhao Wang, Omar Chowdhury, Hemanta Maji, Ninghui Li
Abstract
Visual cryptography (VC) can potentially create user-friendly second-factor authentication mechanisms without relying on any additional computing device. We study the security of Symbol-based VC Authentication Mechanisms (SVAM). In an SVAM scheme, the user and the server share a secret key in the form an image printed on a transparent card, which the user super- imposes on server-generated image challenges, and visually decodes symbols to obtain a valid response code during an authentication session. We develop generic attack against SVAM schemes. Security analysis of a commercial SVAM instance, PassWindow, reveals severe weaknesses that enable an adversary to guess the response of a server challenge with high success probability. Finally, based on insights gained through breaking and improving existing SVAM schemes, we propose improvements that provide substantial security over known attacks.