Adrian Perrig
Adrian_Perrig@cs.cmu.edu
-
Dawn Song
Dawn_Song@cs.cmu.edu
-
Current security systems suffer from the fact that they fail to account for
human factors. This paper considers two human limitations: First, people are
slow and unreliable when comparing meaningless strings; and second, people
have difficulties in remembering secure passwords or PINs. We identify two
applications where these human factors negatively affect security: Validation
of root keys in public-key infrastructures, and user authentication. Our
approach to improve the security of these systems is to use hash
visualization, a technique which replaces meaningless strings with structured
images. We examine the requirements of such a system and propose the
prototypical solution Random Art. We also show how to apply hash visualization
to improve the real-world security of root key validation and user
authentication.
Keywords: Human factors in security, hash
visualization, user authentication through image recognition, root key
validation.