Visualizing your key for secure phone calls and language independence

Authors:
Michael Oehler;Dhananjay Phatak;John Krautheim
Affiliations:
University of Maryland Baltimore County, Baltimore, Maryland;University of Maryland Baltimore County, Baltimore, Maryland;University of Maryland Baltimore County, Baltimore, Maryland
Venue:
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Year:
2010

Citing 9
Cited 0

Authentication and authenticated key exchanges

Designs, Codes and Cryptography
Elliptic curves in cryptography

Elliptic curves in cryptography
How to expose an eavesdropper

Communications of the ACM
Handbook of Applied Cryptography

Handbook of Applied Cryptography
Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Loud and Clear: Human-Verifiable Authentication Based on Audio

ICDCS '06 Proceedings of the 26th IEEE International Conference on Distributed Computing Systems
Why Johnny can't encrypt: a usability evaluation of PGP 5.0

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A user-friendly approach to human authentication of messages

FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
SP 800-56A. Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised)

SP 800-56A. Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised)

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present a method to visualize and authenticate a cryptographically negotiated key for a secure phone call. That is, each caller is presented with a graphical representation of the key and through verbal interaction (i.e., side-channel authentication) they describe what they see. If they agree, the key is authenticated and the secure media session continues. The strength of the approach lies in the vocal recognition of the callers, and their ability to confirm the image displayed by their system. The necessary degree of visual recognition is achieved by using basic shapes, color and count. People, regardless of language or age, can easily identifying these images. Our experience shows that they can communicate what they see with little effort and terminate the call when they differ. We believe that this approach reverses the current trend in security to divest users from the underlying cryptographic principles supporting secure systems by abstracting these principles to a comprehensible and visual form. This paper demonstrates that visualization and the human factor can play a pivotal role in establishing a secure communication channel. This short paper discusses how a key is visualized and provides some initial user feedback. We have named this approach the Short Authentication SymbolS VisuallY (SASSY.)