University of Surrey

Test tubes in the lab Research in the ATI Dance Research

Secure Human-Computer Identification (Interface) Systems against Peeping Attacks: SecHCI

Li, SJ and Shum, HY (2005) Secure Human-Computer Identification (Interface) Systems against Peeping Attacks: SecHCI . (Unpublished)

Available under License : See the attached licence file.

Download (3MB)
Text (licence)

Download (33kB)


It is an interesting problem how a human can prove its identity to a trustworthy (local or remote) computer with untrustworthy input devices and via an insecure channel controlled by adversaries. Any input devices and auxiliary devices are untrustworthy under the following assumptions: the adversaries can record humans' operations on the devices, and can access the devices to replay the recorded operations. Strictly, only the common brain intelligence is available for the human. In this paper, such an identi cation system is called SecHCI as the abbreviation - Secure Human-Computer Identi cation (or Interface). In the real world, SecHCI means the peeping attacks to widely-used xed passwords: an adversary can observe your password via his own eyes or some hidden device (such as mini-camera) when your input them on your keyboard or with your mouse. Compared with human-computer identi cations with the aid of trustworthy hardware devices, only a few contributions have devoted to the design and analysis of SecHCI. The most systematic works are made by N. J. Hopper & M. Blum recently: some formal de nitions are given and the feasibility is shown by several SecHCI protocols with acceptable security (but usability is not very good because of their inherent limitations). In this paper, we give comprehensive investigations on SecHCI, from both theoretical and practical viewpoint, and with both system-oriented and user-centered methods. A user study is made to show problems of xed passwords, the signi cance of peeping attack and some design principles of human-computer identi cations. All currently known SecHCI protocols and some related works (such as visual/graphical passwords and CAPTCHAs) are surveyed in detail. In addition, we also give our opinions on future research and suggest a new prototype protocol as a possible solution to this problem.

Item Type: Other
Divisions : Faculty of Engineering and Physical Sciences > Computing Science
Authors :
Li, SJ
Shum, HY
Date : 12 August 2005
Related URLs :
Depositing User : Symplectic Elements
Date Deposited : 26 Aug 2015 13:39
Last Modified : 31 Oct 2017 14:35

Actions (login required)

View Item View Item


Downloads per month over past year

Information about this web site

© The University of Surrey, Guildford, Surrey, GU2 7XH, United Kingdom.
+44 (0)1483 300800