Developing and Testing a Visual Hash Scheme

AutorOlembo, Maina; Stockhardt, Simon; Hülsing, Andreas; Volkamer, Melanie
ArtConference Proceedings
AbstraktUsers find comparing long meaningless strings of alphanumeric characters difficult, yet they have to carry out this task when comparing cryptographic hash values for https certificates and PGP keys, or in the context of electronic voting. Visual hashes - where users compare images rather than strings - have been proposed as an alternative. With the visual hashes available in literature, however, people are unable to sufficiently distinguish more than 30 bits. Obviously, this does not provide adequate security against collision attacks. Our goal is to improve the situation: a visual hash scheme was developed, evaluated through pilot user studies and improved iteratively, leading to CLPS, which encodes 60 distinguishable bits using Colours, Patterns and Shapes. In the final user study, participants attained an average accuracy rate of 97% when comparing two visual hash images, with one placed above the other. CLPS was further tested in two follow-up studies, simulating https certificate validation and verifying in remote electronic voting. The results of this work and their implications for practical applications of visual hash schemes are discussed.
InEuropean Information Security Multi-Conference (EISMC 2013), p.91-100