SecHCI is a knowledge-based identification system. In SecHCI, the secret knowledge shared between you (prover) and the computer (verifier) is not yet textual password like "intel123", it is a set of K secret objects (pass-objects). Here, "objects" can be characters, words, names of your friends, and pictures (icons, cartoon figures, human faces, and even Chinese characters). In our demonstration system, 1405 different icons randomly collected from Internet are used as candidate objects.

To prove yourself to the SecHCI system, what you should do is just to enumerate how many pass-pictures occur in MT challenges, where each challenge contains L pictures. Assume the number of pass-pictures in one challenge is S then you should tell the SecHCI system S mod 4 is "0/1" or "2/3" as a binary response. As an example, see the following table for one challenge and its right response:

Password:
Challenge:
Response:	S=4, then S mod 4=0, so you should select "0/1"

Apparently, for MT challenges, the probability of successful guess is 2^-MT. If SecHCI is used in ATM machine of banks to withdraw money, MT>=20 is enough for 6-digit banking cards and MT>=14 is enough for 4-digit banking cards. Initial tests have shown that users can identify themselves within 5 minutes when MT=20, and can do so much more quickly if they have made such responses for many times (less than 2 minutes may be possible).

In each challenge, how should SecHCI generate decoy pictures (i.e., the ones that are not your pass-pictures)? If we randomly select decoy pictures from all available pictures, an attacker can find which pictures are pass-pictures by intersection of pictures in all challenge. This problem has also been mentioned in Deja Vu system (however, no essentially effective solutions have been suggested) [4]. In SecHCI, a practical solution is used as follows: users also select N' decoy pictures from all available pictures. All challenge-pictures are only generated from the current user's K pass-pictures and N' decoy pictures.

Furthermore, if the occurrence probability of each decoy-picture is different from the probability of each pass-picture, it will be still possible for an attacker to find pass-pictures by observing the occurrence of all pictures in challenges. That is to say, balance property should be satisfied for SecHCI. To do so, the following relation should hold: KL=3N, where N=N'+K. In addition, the generation of each challenge should yield some other rules, which will be analyzed in our submission to USENIX Security Symposium 2003.

Notice: Please note that you SecHCI CANNOT provide any security against peeping attacks, if you are eavesdropped when you set or change your password and/or decoy-pictures. You SHOULD only set and change your password and/or decoy-pictures when you can ensure the security of the setting procedure, for example, for the SecHCI passwords of your banking cards, you are strongly suggested setting and changing them in the reception desks of your banks, not at your home, your office or any public space.

Tips:
1. How to determine the values of Password Length (K) and Challenge Length (L)?
The two values are determined by the balance of the desired security and usability you want in practice. 1) Security: The complexity of exhaustive attack is C(N, K)=C(KL/3, K), for default values (K=14, L=30), it is about 2^62.5 (the security of a 8-character textual password). Thus, the larger C(KL/3, K) is, the better security will be. 2) Usability: The larger L is, the more challenge-pictures will be displayed in a web page, the more slowly you make right responses, and you will commit errors with the larger probability. The larger K is, the more slowly you set/change your password, and the more difficult it is for you to remember the password. Definitely, the smaller K and L are, the better usability will be. As a natural result, you MUST balance the security and usability by yourself. We think the default values should be OK for most applications.
2. How to remember your password with tens (or even more) pictures?
It has been well-known that widely-used fixed textual password is not secure enough to dictionary attack. In addition, forgetting passwords is also a very annoying problem in real world. Graphical (or visual) passwords are developed to relax this problem. Our online SecHCI system also adopts such an idea. However, it is still rather hard for humans to remember more than 8 pictures [18-20] and quickly make all responses without errors. How to solve this problem? We suggest using a secret Pass-Rule (which is similar to Pass-Algorithm [15]) to remember your pass-pictures. For example, you can select all flags with a symbol in their centers as your pass-pictures, and ensure no any flags with two major colors in your decoy-pictures. Here, your pass-rule is "flags with center symbols", which is much easiler to remember for you than those flags (do you think so?). We believe that everybody can successfully find a good pass-rule that is simple enough for him but VERY VERY difficult for others (of course, also VERY VERY difficult for robots to carry out dictionary attack). For more details, please refer to can be found in Sec. 4.4.2 of [1].
3. What about using local pictures in my computer as pass-pictures?
It is a good idea to enhance the above-mentioned pass-rule. It is obvious that you can much more easily find a good pass-rule if you can use pictures in your own computer. In future versions of our online SecHCI system, we will add this function. To avoid possible attacks, all decoy-pictures should be selected from local pictues, or SecHCI system MUST automatically update its picture database (more details will be given in our submission to USENIX Security Symposium 2003).
4. What about using CAPTCHAs to enhance SecHCI?
YES! CAPTCHAs are very useful to frustrate robots automatic attacking online secure services. For our SecHCI system, the identification time will be too large and unendurable for most humans if cryptographically strong security to online attacks is required (for 2⁶⁴ attack complexity, the time may be about ten to twenty minutes!). Obviously, we can use CAPTCHAs to disabel online attacks. For offline attacks made by humans, 2²⁰ to 2³⁰ attack complexity is acceptable for many applications. There (at least) are two kinds ways to incorporate CAPTCHA and SecHCI: 1) simply adding an extra CAPTCHA challenge picture (which can be the background picture of SecHCI web page) in each screen of SecHCI; 2) using CAPTCHA technology to postprocess each challenge-pictures shown in SecHCI. The latter is stronger, but requires more computation load. We will try to add CAPTCHA function to our online SecHCI system.

Free codes and documents: Once our submission is accepted for publication, both the source codes of this online SecHCI system and the electronic draft of the submission will be downloadable in our Online SecHCI system when you successfully log in with your a valid ID. If you would like to use the codes in your system, please keep our copyright claims and approve the following copyright claims.

Copyright Claims:
SecHCI is a free ASP web service; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You can see a copy of the GNU General Public License by click here; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

All icons used in our system are randomly collected from Internet, and their authors hold the copyrights. If you (author of some used icons) think I violated your rights, please inform me via e-mail (hooklee@hooklee.com or hooklee@mail.com) and I will immediately stop using your icons.

This site is maintained by Shujun Li, last updated on 13 August, 2011.