The purpose of this study was to develop and test SCoP. Users find comparing long meaningless strings of alphanumeric characters difficult. While visual hashes – where users compare images rather than strings – have been proposed as an alternative, people are unable to sufficiently distinguish more than 30 bits, which does not provide adequate security against collision attacks. Our goal is to improve the situation.
A visual hash scheme was developed using shapes, colours, patterns and position parameters. It was evaluated in a series of pilot user studies and improved iteratively, leading to SCoP, which encodes 60 distinguishable bits. We tested SCoP further in two follow-up studies, simulating verifying in remote electronic voting and https certificate validation.
Participants attained an average accuracy rate of 97 per cent with SCoP when comparing two visual hash images, one placed above the other. From the follow-up studies, SCoP was seen to be more promising for the https certificate validation use case, with direct image comparison, while a low average accuracy rate in simulating verifiability in remote electronic voting limits its applicability in an image-recall use case.
Participants achieved high accuracy rates in unrealistic situations, where the images appeared on the screen at the same time and in the same size. Studies in more realistic situations are therefore necessary.
We identify a visual hash scheme encoding a higher number of distinguishable bits than previously reported in literature, and extend the testing to realistic scenarios.
This work was supported by CASED and Micromata. Andreas Hülsing was supported by grant no. BU 630/19-1 of the German Research Foundation (www.dfg.de).
Maina Olembo, M., Kilian, T., Stockhardt, S., Hülsing, A. and Volkamer, M. (2014), "Developing and testing SCoP – a visual hash scheme", Information Management & Computer Security, Vol. 22 No. 4, pp. 382-392. https://doi.org/10.1108/IMCS-11-2013-0082
Emerald Group Publishing Limited
Copyright © 2014, Emerald Group Publishing Limited