Date Added: Sep 2010
Recently a convex hull based human identification protocol was proposed by Sobrado and Birget, whose steps can be performed by humans without additional aid. The main part of the protocol involves the user mentally forming a convex hull of secret icons in a set of graphical icons and then clicking randomly within this convex hull. While some rudimentary security issues of this protocol have been discussed, a comprehensive security analysis has been lacking. In this paper the authors analyse the security of this convex hull based protocol. In particular, they show two probabilistic attacks which reveal the user's secret after the observation of only a handful of authentication sessions.