Seeing-Is-Believing: Using camera phones for human-verifiable authentication

International Journal of Security and Networks

Volumn 4, Issue 1-2, 2009, Pages 43-56

  McCune, Jonathan M ^a   Perrig, Adrian ^a   Reiter, Michael K ^b  

^a CARNEGIE MELLON UNIVERSITY   (United States)

^b Brooks Computer Science Building   (United States)

Author keywords

2D barcodes; Camera phones; Device pairing; Key establishment; Man in the middle attack; MITM; Wireless networks

Indexed keywords

AUTHENTICATION; AUTOMATION; BAR CODES; NETWORK SECURITY; TELEPHONE SETS; WIRELESS NETWORKS;

2-D BARCODES; CAMERA PHONE; DEVICE PAIRING; KEY ESTABLISHMENTS; MAN IN THE MIDDLE ATTACKS; MITM;

CAMERAS;

EID: 61849133288     PISSN: 17478405     EISSN: 17478413     Source Type: Journal    
DOI: 10.1504/IJSN.2009.023425     Document Type: Article

References (43)

1. Balfanz, D., Smetters, D., Stewart, P. and Wong, H.C. (2002) 'Talking to strangers: Authentication in ad-hoc wireless networks', Proceedings of the Symposium on Network and Distributed Systems Security (NDSS), pp.23-35.
2. Bauer, L., Garriss, S., McCune, J.M., Reiter, M.K., Rouse, J. and Rutenbar, P. (2005) 'Device-enabled authorization in the Grey system', Information Security: 8th International Conference, ISC 2005, Lecture Notes in Computer Science, Vol. 3650, pp.431-445.
3. Bellare, M., Boldyreva, A., Desai, A. and Pointcheval, D. (2001) 'Key-privacy in public-key encryption', Proceedings of Advances in Cryptology (ASIACRYPT), pp.568-584.
4. Bellovin, S. and Merrit, M. (1993) 'Augmented encrypted key exchange: A password-based protocol secure against dictionary atttacks and password file compromise', Proceedings of the ACM Conference on Computer and Communications Security (CCS), pp.244-250.
5. Bellovin, S.M. and Merrit, M. (1992) 'Encrypted key exchange: password-based protocols secure against dictionary attacks', Proceedings of the IEEE Symposium on Security and Privacy, pp.72-84.
6. Boyko, V., MacKenzie, P. and Patel, S. (2000) 'Provably secure password authentication and key exchange using Diffie-Hellman', Proceedings of Advances in Cryptology (EUROCRYPT), pp.156-171.
7. Čagalj, M., Čapkun, S. and Hubaux, J-P. (2006) 'Key agreement in peer-to-peer wireless networks', Proceedings of the IEEE (Special Issue on Cryptography and Security), Vol. 94, pp.467-478.
8. Čapkun, S., Hubaux, J. and Buttyán, L. (2003) 'Mobility helps security in ad hoc networks', Proceedings of the ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc), pp.46-56.
9. Dawson, F. and Howes, T. (1998) vCard MIME Directory Profile, RFC 2426.
10. Dierks, T. and Rescorla, E. (2006) The Transport Layer Security (TLS) Protocol: Version 1.1, RFC 4346.
11. Diffie, W. and Hellman, M.E. (1976) 'New directions in cryptography', IEEE Trans. Inform. Theory, IT-22:644-654.
12. Dohrmann, S. and Ellison, C. (2002) 'Public key support for collaborative groups', Proceedings of the PKI Research Workshop, pp.139-148.
13. Goldberg, I. (1996) Visual Key Fingerprint Code, http:// www.cs.berkeley.edu/iang/visprint.c.
14. Goodrich, M.T., Sirivianos, M., Solis, J., Tsudik, G. and Uzun, E. (2006) 'Loud and clear: Human-verifiable authentication based on audio', Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS), pp.1-10.
15. Haartsen, J.C. (2000) 'The Bluetooth radio system', IEEE Personal Communications Magazine, pp.28-36.
16. Hanna, S.R. (2002) Configuring Security Parameters in Small Devices draft-hanna-zeroconf-seccfg-00.txt.
17. Harkins, D. and Carrel, D. (1998) The Internet Key Exchange (IKE), RFC 2409.
18. Howes, T. and Smith, M. (1998) MIME Content-Type for Directory Information, RFC 2425.
19. ISO/IEC (2006) IS 16022:2006: Information Technology - Automatic Identification and Data Capture Techniques - Data Matrix Bar Code Symbology Specification, For review, International Organization for Standardization, Geneva, Switzerland.
20. Jones, P. (2001) US Secure Hash Algorithm 1 (SHA-1), RFC 3174.
21. JSR-257 (2006) JSR-257: Contactless Communication API, Java Community Process.
22. Karn, P. (2002) Reed-Solomon Encoding/Decoding, http:// www.ka9q.net/code/fec/
23. Kuhn, M.G. (2002) 'Optical time-domain eavesdropping risks of CRT displays', Proceedings of the IEEE Symposium on Security and Privacy pp.3-18.
24. Kuhn, M.G. and Anderson, R.J. (1998) 'Soft tempest: Hidden data transmission using electromagnetic emanations', Proceedings of the Information Hiding Workshop (IHW), pp.124-142.
25. Laur, S. and Nyberg, K. (2006) 'Efficient mutual data authentication using manually authenticated strings', Proceedings of Cryptology and Network Security (CANS), pp.90-107.
26. Levien, R. (1996) PGP Snowflake, Personal communication.
27. MacKenzie, P., Patel, S. and Swaminathan, R. (2000) 'Password authenticated key exchange based on RSA', Proceedings of Advances in Cryptology (ASIACRYPT), pp.599-613.
28. Madhavapeddy, A., Scott, D., Sharp, R. and Upton, E. (2004) 'Using camera-phones to enhance human-computer interaction', Proceedings of Ubiquitous Computing (Adjunct Proceedings: Demos), pp.1-2.
29. Madhavapeddy, A., Scott, D., Sharp, R. and Upton, E. (2005) 'Using visual tags to bypass Bluetooth device discovery', Proceedings of the ACM Mobile Computing and Communications Review (MC2R), pp.41-53.
30. McCune, J.M., Perrig, A. and Reiter, M.K. (2004) Seeing-is-Believing: Using Camera Phones for Human-Verifiable Authentication, Technical Report CMU-CS-04-174, Carnegie Mellon University, pp.1-22.
31. McCune, J.M., Perrig, A. and Reiter, M.K. (2005) 'Seeing-is-believing: using camera phones for human-verifiable authentication', Proceedings of the IEEE Symposium on Security and Privacy, pp.110-124.
32. Parno, B., Kuo, C. and Perrig, A. (2006). 'Phoolproof phishing prevention', Proceedings of the Financial Cryptography and Data Security 10th International Conference, pp.1-19.
33. Perrig, A. and Song, D. (1999) 'Hash visualization: A new technique to improve real-world security', Proceedings of the Workshop on Cryptographic Techniques and E-Commerce (CrypTEC), pp.131-138.
34. Reed, I.S. and Solomon, G. (1960) 'Polynomial codes over certain finite fields', J. Society for Industrial and Applied Mathematics, pp.300-304.
35. Rohs, M. and Gfeller, B. (2004) 'Using camera-equipped mobile phones for interacting with real-world objects', Proceedings of Advances in Pervasive Computing, pp.265-271.
36. Sailer, R., Zhang, X., Jaeger, T. and van Doorn, L. (2004) 'Design and implementation of a TCG-based integrity measurement architecture', Proceedings of the USENIX Security Symposium, pp.223-238.
37. Saroiu, S., Gribble, S.D. and Levy, H.M. (2004). 'Measurement and analysis of spyware in a university environment', Proceedings of the Symposium on Networked Systems Design and Implementation (NSDI), pp.141-153.
38. Saxena, N., Ekberg, J-E., Kostiainen, K. and Asokan, N. (2006) 'Secure device pairing based on a visual channel (short paper)', Proceedings of the IEEE Symposium on Security and Privacy, pp.306-313.
39. Stajano, F. and Anderson, R. (1999) 'The resurrecting duckling: Security issues for ad-hoc wireless networks', Proceedings of the Security Protocols Workshop, pp.172-194.
40. Trusted Computing Group (2007) Trusted Platform Module Main Specification, Parts 1-3, Version 1.2, Revision 103.
41. Uzun, E., Karvonen, K. and Asokan, N. (2007) 'Usability analysis of secure pairing methods', Proceedings of the Usable Security Workshop pp.307-324.
42. Vaudenay, S. (2005) 'Secure communications over insecure channels based on short authenticated strings', Advances in Cryptology (CRYPTO), Lecture Notes in Computer Science, Vol. 3621.
43. Wu, T. (1999) 'The secure remote password protocol', Proceedings of the Network and Distributed System Security Symposium (NDSS), pp.97-111.