Current security schemes fail to be secure in the real world, because they do not account for human factors. We show how human limitations degrade the security: the difficulty of people to compare or memorize meaningless strings or numbers.
By analyzing two real-world security problems, we show that we could improve their security by taking human factors into account in the system design. We propose to overcome human limitations by replacing strings by structured images.
The two security schemes we analyze are the validation of root keys, and user authentication. The current system to verify the validity of a root key is that users compare the fingerprint of the root key on their computer, with a reference fingerprint distributed over another channel, for example printed in a newspaper. Since this comparison bears many problems, we propose to transform the root key into an image. In this setting, a user needs to compare two images to verify the validity; one in the newspaper and the other on the computer monitor.
In user authentication, people have problems memorizing numbers or passwords. Therefore we propose to replace authentication through string memorization by authentication through image recognition, with the assumption that image recognition is easier than exact string recall. Our authentication procedure works in the following way. Every user knows a small number of images, the image portfolio. In the authentication process, the user is presented with a number of images, and he or she marks the ones that are from the portfolio. This scheme has additional advantages over other authentication schemes: due to the structure of the images, they can hardly be written down or ``explained'' to another person.
Since the results presented in this paper are our early findings, there is a lot of work to be done to deploy these methods in reality. First, we need to strengthen the Random Artalgorithm for this application, in the directions we have pointed out. We then need to evaluate in a user study, how many perceptually different images can be generated. We also need to analyze how people react to the images, and to verify how easy they are to remember for different people. Another interesting approach we are thinking about is to generate a recognizable image, such as a landscape or a city view. The rationale is to create images with a meaning, which might help with long-term recognition.