Transcript Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication McCune, J.M., Perrig, A., Reiter, M.K.

Seeing-Is-Believing:
Using Camera Phones for
Human-Verifiable Authentication
McCune, J.M., Perrig, A., Reiter, M.K.
2005 IEEE Symposium on Security and Privacy
Presented by: Rui Peng
Outline
Public Key and Secret Key Cryptography
Motivation
Solution
Scenarios
Comments and conclusion
Public Key Cryptography
Public Key Cryptography
Secret Key Cryptography
Man-in-the-middle Attack
Motivation
Problem: a user wants to connect his
wireless device to that another device.
Challenges
No centralized authority
No prior context
How to do authentication between wireless
devices?
Solution
Use a side channel for key exchange
Visual channel: camera phones!
Requirements:
Camera (read barcodes)
Display (display barcodes)
Result: very strong authentication
Authenticating a public key with SiB
Bidirectional authentication
 Both parties must have camera and display.
 Users take turns displaying and taking
snapshots of their respective barcodes.
 Alice gets a digest of Bob’s public key and vice
versa.
 These digests serve as commitments to their
respective public keys.
 Subsequent communication can begin with any
well-known public key protocol.
Unidirectional authentication
Camera-less devices cannot authenticate
other devices with SiB.
If equipped with display, they can still
generate barcodes so they can be
authenticated.
Unidirectional authentication
Advantages
The idea of using visual channel is novel
and interesting.
Provide strong authentication for wireless
devices
Enables the security of public key protocols
without dependence of a central authority.
Limitations
Not all devices have cameras and displays.
Still cumbersome to use the protocol.
Need to point the camera to a device and take
snapshots every time you want to communicate.
Thank you!
Questions?