Seeing-Is-Believing: using camera phones for human-verifiable authentication

Authors:
Jonathan M. McCune;Adrian Perrig;Michael K. Reiter
Affiliations:
CyLab, Electrical and Computer Engineering Department, Carnegie Mellon University, Pittsburgh, PA, USA.;CyLab, Electrical and Computer Engineering Department, Carnegie Mellon University, Pittsburgh, PA, USA.;Department of Computer Science, University of North Carolina, Chapel Hill, NC, USA
Venue:
International Journal of Security and Networks
Year:
2009

Citing 17
Cited 16

Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks

Proceedings of the 7th International Workshop on Security Protocols
Mobility helps security in ad hoc networks

Proceedings of the 4th ACM international symposium on Mobile ad hoc networking & computing
Optical Time-Domain Eavesdropping Risks of CRT Displays

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Using visual tags to bypass Bluetooth device discovery

ACM SIGMOBILE Mobile Computing and Communications Review
Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Secure Device Pairing based on a Visual Channel (Short Paper)

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Loud and Clear: Human-Verifiable Authentication Based on Audio

ICDCS '06 Proceedings of the 26th IEEE International Conference on Distributed Computing Systems
Measurement and analysis of spywave in a university environment

NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Design and implementation of a TCG-based integrity measurement architecture

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Provably secure password-authenticated key exchange using Diffie-Hellman

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Usability analysis of secure pairing methods

FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Secure communications over insecure channels based on short authenticated strings

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Device-enabled authorization in the grey system

ISC'05 Proceedings of the 8th international conference on Information Security
Phoolproof phishing prevention

FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
Efficient mutual data authentication using manually authenticated strings

CANS'06 Proceedings of the 5th international conference on Cryptology and Network Security

PROTECT: proximity-based trust-advisor using encounters for mobile societies

Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
A systematic approach towards user-centric privacy and security for smart camera networks

Proceedings of the Fourth ACM/IEEE International Conference on Distributed Smart Cameras
Authentication protocols based on low-bandwidth unspoofable channels: A comparative survey

Journal of Computer Security
Wireless telemedicine and m-health: technologies, applications and research issues

International Journal of Sensor Networks
Fast track article: Looking ahead in pervasive computing: Challenges and opportunities in the era of cyber-physical convergence

Pervasive and Mobile Computing
Fast track article: Looking ahead in pervasive computing: Challenges and opportunities in the era of cyber-physical convergence

Pervasive and Mobile Computing
Mercury: recovering forgotten passwords using personal devices

FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
A survey of security visualization for computer network logs

Security and Communication Networks
A survey of cyber crimes

Security and Communication Networks
Local key management in opportunistic networks

International Journal of Communication Networks and Distributed Systems
Discovering trustworthy social spaces

Proceedings of the Third International Workshop on Sensing Applications on Mobile Phones
Pools, clubs and security: designing for a party not a person

Proceedings of the 2012 workshop on New security paradigms
Data-minimizing authentication goes mobile

CMS'12 Proceedings of the 13th IFIP TC 6/TC 11 international conference on Communications and Multimedia Security
Street-Level trust semantics for attribute authentication (transcript of discussion)

SP'12 Proceedings of the 20th international conference on Security Protocols
A review of GENI authentication and access control mechanisms

International Journal of Security and Networks
Go anywhere: user-verifiable authentication over distance-free channel for mobile devices

Personal and Ubiquitous Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Current mechanisms for authenticating communication between devices that share no prior context are inconvenient for ordinary users, without the assistance of a trusted authority. We present and analyse Seeing-Is-Believing (SiB), a system that utilises 2D barcodes and camera-phones to implement a visual channel for authentication and demonstrative identification of devices. We apply this visual channel to several problems in computer security, including authenticated key exchange between devices that share no prior context, establishment of the identity of a TCG-compliant computing platform, and secure device configuration in the context of a smart home.