SeeingIsBelieving: Using Camera Phones for HumanVerifiable Authentication

1
Seeing-Is-Believing Using Camera Phones for
Human-Verifiable Authentication

• McCune, J.M., Perrig, A., Reiter, M.K.
• 2005 IEEE Symposium on Security and Privacy
• Presented by Rui Peng

2
Outline

• Public Key and Secret Key Cryptography
• Motivation
• Solution
• Scenarios
• Comments and conclusion

3
Public Key Cryptography
4
Public Key Cryptography
5
Secret Key Cryptography
6
Man-in-the-middle Attack
7
Motivation

• Problem a user wants to connect his wireless
  device to that another device.
• Challenges
• No centralized authority
• No prior context
• How to do authentication between wireless devices?

8
Solution

• Use a side channel for key exchange
• Visual channel camera phones!
• Requirements
• Camera (read barcodes)
• Display (display barcodes)
• Result very strong authentication

9
(No Transcript)
10
Authenticating a public key with SiB
11
Bidirectional authentication

• Both parties must have camera and display.
• Users take turns displaying and taking snapshots
  of their respective barcodes.
• Alice gets a digest of Bobs public key and vice
  versa.
• These digests serve as commitments to their
  respective public keys.
• Subsequent communication can begin with any
  well-known public key protocol.

12
Unidirectional authentication

• Camera-less devices cannot authenticate other
  devices with SiB.
• If equipped with display, they can still generate
  barcodes so they can be authenticated.

13
Unidirectional authentication
14
Advantages

• The idea of using visual channel is novel and
  interesting.
• Provide strong authentication for wireless
  devices
• Enables the security of public key protocols
  without dependence of a central authority.

15
Limitations

• Not all devices have cameras and displays.
• Still cumbersome to use the protocol.
• Need to point the camera to a device and take
  snapshots every time you want to communicate.

16
Thank you!

• Questions?