### Cryptanalysis of the Convex Hull Click Human Identification Protocol

Hassan Jameel Asghar, Shujun Li, Josef Pieprzyk, and Huaxiong Wang

##### Abstract

Recently a convex hull based human identification protocol was proposed by Sobrado and Birget, whose steps can be performed by humans without additional aid. The main part of the protocol involves the user mentally forming a convex hull of secret icons in a set of graphical icons and then clicking randomly within this convex hull. While some rudimentary security issues of this protocol have been discussed, a comprehensive security analysis has been lacking. In this paper we analyse the security of this convex hull based protocol. In particular, we show two probabilistic attacks which reveal the user's secret after the observation of only a handful of authentication sessions. These attacks can be efficiently implemented as their time and space complexities are considerably less than brute force attack. We show that while the first attack can be mitigated through appropriately chosen values of system parameters, the second attack succeeds with a non-negligible probability even with large system parameter values which cross the threshold of usability.

Available format(s)
Category
Cryptographic protocols
Publication info
Published elsewhere. A short paper with the same title is to appear in the proceedings of the Information Security Conference (ISC) 2010. This is the full version of the paper.
Keywords
Human Identification ProtocolsObserver AttackEntity Authentication
Contact author(s)
hassan jameel @ gmail com
History
Short URL
https://ia.cr/2010/478

CC BY

BibTeX

@misc{cryptoeprint:2010/478,
author = {Hassan Jameel Asghar and Shujun Li and Josef Pieprzyk and Huaxiong Wang},
title = {Cryptanalysis of the Convex Hull Click Human Identification Protocol},
howpublished = {Cryptology ePrint Archive, Paper 2010/478},
year = {2010},
note = {\url{https://eprint.iacr.org/2010/478}},
url = {https://eprint.iacr.org/2010/478}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.