This paper investigates a mutual authentication scheme by making use of the visual secret sharing (VSS) scheme. The main concern of the investigated scheme is that it is easy for novice users to use the system. Novice users are seriously threatened by recently increasing phishing fraud. There are many technical countermeasures against phishing attacks,but those traditional cryptographic solutions often require users to perform complex operations to prevent the leakage of confidential information. Those means are often too difficult for novice users to understand, set-up and utilize. In this paper, a scheme is investigated which does not require special hardware, software, plug-ins and so on. Naor and Shamir first proposed visual secret sharing scheme in 1995.
The main characteristic on visual secret sharing scheme is to decode confidential information by human's visual system, without utilizing any other computation mechanism. Thanks to the characteristics of the VSS scheme, users are able to obtain minimum but practical security by using their accustomed web browsers only. This paper discusses protocols which allow novice users protect themselves from phishing attacks. A prototype implementation of the proposed scheme is also introduced briefly.