[Download postscript version]
next up previous
Next: Introduction

Hash Visualization: a New Technique
to Improve Real-World Security

Adrian Perriggif
Adrian_Perrig@cs.cmu.edu - Dawn Song
Dawn_Song@cs.cmu.edu -
Computer Science Department
Carnegie Mellon University
5000 Forbes Avenue
Pittsburgh, PA 15213


Current security systems suffer from the fact that they fail to account for human factors. This paper considers two human limitations: First, people are slow and unreliable when comparing meaningless strings; and second, people have difficulties in remembering secure passwords or PINs. We identify two applications where these human factors negatively affect security: Validation of root keys in public-key infrastructures, and user authentication. Our approach to improve the security of these systems is to use hash visualization, a technique which replaces meaningless strings with structured images. We examine the requirements of such a system and propose the prototypical solution Random Art. We also show how to apply hash visualization to improve the real-world security of root key validation and user authentication.
Keywords: Human factors in security, hash visualization, user authentication through image recognition, root key validation.

next up previous
Next: Introduction

Adrian Perrig
Wed Sep 15 15:31:30 PDT 1999