Abstract

Standard means of authentication use PINs over secure terminals or secure networks. However there are many applications where proper authentication would be valuable, but the user may be connected to an insecure network, particularly the internet. In such circumstances, use of a PIN is inappropriate because of the ease of eavesdropping.

The work reported arose from an FP5 project to create a new 32-bit USB smart card and associated applets. The requirements are discussed and an image-based authentication method is described. Experimental work showed that the method was usable, but it has the potential disadvantage that no proof exists for its security. Moreover, it requires connection to an online database of images.

As an alternative, a method of provable security is put forward, which is potentially very suitable for implementation on a smart card. However the usability of the method is in question. There is also a potential active attack against this method, even though no strategy for the attack has yet been designed.

Speaker: Peter Sweeney is a Reader in the Centre for Communication Systems Research at the University of Surrey. His main interests have always been in error-control coding, but as a side line he has also pursued research in other aspects of information theory, particularly cryptology and steganography.