Signin
Feeds
RSS
Atom
Categories
General
Technology
Korea
Archives
2007
2006
2005
2004
2003
2002
Secure UI: 9-Block Phishmarks
by Don Park at 2004/05/03 03:01:43

When I originally came up with the idea of phishmarking, I was thinking of using fractal patterns.  Unfortunately, fractual patterns are rarely simple symmetrical designs so they are more difficult to remember.  So while I was looking for a different approach, I remembered Jared Tarbell's 9-Block Pattern Generator at Levitated.net which basically does what quilt makers have been doing for ages but with simple shapes that can be used to build a shape that is easy to recognize even at small size.

It uses following 16 shapes, rotations, colors, inversion, and some rule for symmetry to generate astonishing number of designs.

Below is my implementation of 9-block phishmarks being used in browser toolbars.  Note that phishmarks are anti-aliased because the display area on the toolbar was too small.  Cool, eh?

Pretty and Safe!

BTW, Jared told me that 9-block pattern generation algorithm can be used without a license although his Flash code is under GPL.  Jared also has other interesting graphics generators that could be used for phishmarking although I am not sure about licensing.  For example, Bone Piles and Combinatorial Critters are pretty interesting although they will require more real estate and more complex coloring schemes.

9-block quilts are very interesting although not enough to make me want to take up the sewing needle.  Heh.  Anyway, if you want to find out more, here are some links to get you staretd:

Update:

To be more precise about how many unique patterns can be generated, above implementation uses 17 bits for the pattern (3 bits for the middle shape and 7 bits each for corner and side shapes) plus foreground and background colors.  Taking limits of human vision and color restrictions, I would say this implementation of 9-block phishmarks can generate around a billion easily recognizable unique patterns.  That's enough, I think, against phishing.

If not, adding a few more shapes will be enough to assign a unique design for every single person on earth.  Hmm.  Wouldn't it be interesting to assign one to each last names so they can be used as 'house' symbols?

Update #2:

Please read the post about PassMark patent that could affect this and other phishmarks.

Comments
Alexander   at 2004/05/03 06:11:39 PM
Ah, I finally understand why you're so worried about this phising stuff and how human cognition of patterns and colors come to the rescue. Yes, a simple solution to a complex problem where suckers everywhere is affected. I'd like to see this implemented somewherre and tested. Any takers?

Don Park   at 2004/05/03 07:11:02 PM
Actually, 9-block phishmark is already being used in a product I am building for a client. I hope this and other types of phishmarks are used by others as well.

Prasanna   at 2004/05/06 07:17:10 AM
I believe this is to address the 'toolbar' replacement problem. Do you think the users would be able to remember the pattern they choose because they do not seem to be all that intuitive. Or do they?

Don Park   at 2004/05/07 04:16:32 PM
Prasanna, based on my informal experiments, users not only remember, they develop an emotional attachment to the seemingly random symbols. It's another one of those odd aspects of the human mind I think.

Comment has been disabled for this post.