Recently a convex hull based human identification protocol was proposed by Sobrado and Birget, whose steps can be performed by humans without additional aid. The main part of the protocol involves the user mentally forming a convex hull of secret icons in a set of graphical icons and then clicking randomly within this convex hull. In this paper we show two efficient probabilistic attacks on this protocol which reveal the user's secret after the observation of only a handful of authentication sessions. We show that while the first attack can be mitigated through appropriately chosen values of system parameters, the second attack succeeds with a non-negligible probability even with large system parameter values which cross the threshold of usability.
展开▼
机译:最近,Sobrado和Birget提出了一种基于凸壳的人体识别协议,其步骤可以通过人类进行而无需额外援助。该协议的主要部分涉及用户在一组图形图标中精神形成秘密图标的凸壳,然后在该凸壳内随机单击。在本文中,我们对这一协议显示了两个有效的概率攻击,在观察少数验证会话后揭示了用户的秘密。 We show that while the first attack can be mitigated through appropriately chosen values of system parameters, the second attack succeeds with a non-negligible probability even with large system parameter values which cross the threshold of usability.
展开▼