Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication McCune, J.M., Perrig, A., Reiter, M.K.
Download
Report
Transcript Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication McCune, J.M., Perrig, A., Reiter, M.K.
Seeing-Is-Believing:
Using Camera Phones for
Human-Verifiable Authentication
McCune, J.M., Perrig, A., Reiter, M.K.
2005 IEEE Symposium on Security and Privacy
Presented by: Rui Peng
Outline
Public Key and Secret Key Cryptography
Motivation
Solution
Scenarios
Comments and conclusion
Public Key Cryptography
Public Key Cryptography
Secret Key Cryptography
Man-in-the-middle Attack
Motivation
Problem: a user wants to connect his
wireless device to that another device.
Challenges
No centralized authority
No prior context
How to do authentication between wireless
devices?
Solution
Use a side channel for key exchange
Visual channel: camera phones!
Requirements:
Camera (read barcodes)
Display (display barcodes)
Result: very strong authentication
Authenticating a public key with SiB
Bidirectional authentication
Both parties must have camera and display.
Users take turns displaying and taking
snapshots of their respective barcodes.
Alice gets a digest of Bob’s public key and vice
versa.
These digests serve as commitments to their
respective public keys.
Subsequent communication can begin with any
well-known public key protocol.
Unidirectional authentication
Camera-less devices cannot authenticate
other devices with SiB.
If equipped with display, they can still
generate barcodes so they can be
authenticated.
Unidirectional authentication
Advantages
The idea of using visual channel is novel
and interesting.
Provide strong authentication for wireless
devices
Enables the security of public key protocols
without dependence of a central authority.
Limitations
Not all devices have cameras and displays.
Still cumbersome to use the protocol.
Need to point the camera to a device and take
snapshots every time you want to communicate.
Thank you!
Questions?