2016 Symposium Posters

Posters > 2016

Symbol-Based Visual Cryptographic Authentication Mechanisms: Attacks and New Constructions


Primary Investigator:
Ninghui Li

Project Members
Huangyi Ge, Tianhao Wang, Omar Chowdhury, Hemanta Maji, Ninghui Li
Visual cryptography (VC) can potentially create user-friendly second-factor authentication mechanisms without relying on any additional computing device. We study the security of Symbol-based VC Authentication Mechanisms (SVAM). In an SVAM scheme, the user and the server share a secret key in the form an image printed on a transparent card, which the user super- imposes on server-generated image challenges, and visually decodes symbols to obtain a valid response code during an authentication session. We develop generic attack against SVAM schemes. Security analysis of a commercial SVAM instance, PassWindow, reveals severe weaknesses that enable an adversary to guess the response of a server challenge with high success probability. Finally, based on insights gained through breaking and improving existing SVAM schemes, we propose improvements that provide substantial security over known attacks.

Our annual information security symposium will take place on April 3rd and 4th, 2018.
Purdue University, West Lafayette, IN