payas gupta
DESCRIPTION
Seeing-Is-Believing: using camera phones for human-verifiable authentication Jonathan M. McCune, Adrian Perrig and Michael K. Reiter Int . J. Security and Networks. Payas Gupta. Problem. How do we authenticate each other on daily basis? By seeing each other - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Payas Gupta](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816334550346895dd3bc7b/html5/thumbnails/1.jpg)
Seeing-Is-Believing: using camera phones for human-verifiable authentication
Jonathan M. McCune, Adrian Perrig and Michael K. Reiter
Int. J. Security and Networks
Payas Gupta
![Page 2: Payas Gupta](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816334550346895dd3bc7b/html5/thumbnails/2.jpg)
Problem
How do we authenticate each other on daily basis?By seeing each other
In real-life we do authenticate to various devices using
Physical connection such as cable Cumbersome to carry with you all the time Not feasible
Wireless communication Invisible to humans Open to MITM attacks
Infrared rays etc…
![Page 3: Payas Gupta](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816334550346895dd3bc7b/html5/thumbnails/3.jpg)
Problem
MITM attackAn out-of-band communication channel that provides authenticity suffices to defeat MITM attacks.
Diffie and Hellman key establishment
The challenge is to construct this kind of channelMany techniques provide key exchange but all require a shared secret password between the two entities, which may be cumbersome to establish in many mobile settings.
May be manual transmission or comparison.
![Page 4: Payas Gupta](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816334550346895dd3bc7b/html5/thumbnails/4.jpg)
Seeing-Is-Believing (SiB)
A visual channel to achieve demonstrating identification of communicating devices.
In SiB, one device uses its camera to take a snapshot of a barcode encoding cryptographic material identifying, e.g., the public key of another device.
We term this a visual channel.
![Page 5: Payas Gupta](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816334550346895dd3bc7b/html5/thumbnails/5.jpg)
Seeing-Is-Believing (SiB)
In SiB, a mobile phone’s integrated camera serves as a visual channel to provide demonstrative identification
Meaning the property that the user is sure her device is communicating with that other device.In SiB this is done visuallyDefeating MITM attacks and can authenticate and exchange keys.
What better way for a user to tell device A that it should communicate securely with device B than to take a picture of device B using device A’s integrated camera?
![Page 6: Payas Gupta](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816334550346895dd3bc7b/html5/thumbnails/6.jpg)
Find mode
Show mode In later sections we will discuss on using SiB with
devices that may be lacking a display or a camera or Both
AssumptionsMobile phone is not compromisedMobile phones are secure against active adversaries
![Page 7: Payas Gupta](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816334550346895dd3bc7b/html5/thumbnails/7.jpg)
2D barcodes as a visual channel
Bob use his camera in viewfinder mode Updating the image in real time Once barcode is recognized, stop Barcode recognition and error-correcting
algorithms
![Page 8: Payas Gupta](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816334550346895dd3bc7b/html5/thumbnails/8.jpg)
Pre-authentication
![Page 9: Payas Gupta](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816334550346895dd3bc7b/html5/thumbnails/9.jpg)
Can a device of type X authenticate a device of type Y?
Camera
Display
![Page 10: Payas Gupta](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816334550346895dd3bc7b/html5/thumbnails/10.jpg)
Bidirectional authentication
Both devices should have cameras
![Page 11: Payas Gupta](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816334550346895dd3bc7b/html5/thumbnails/11.jpg)
Privacy can be protected by avoiding the transmission of their public key on the wireless network.
Key can be encoded in a barcode directly , or in a sequence of barcodes if a single barcode has insufficient data capacity.
![Page 12: Payas Gupta](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816334550346895dd3bc7b/html5/thumbnails/12.jpg)
Unidirectional Authentication
Device X has a camera and device Y lacks a display and a camera.
Mobile phone with camera and802.11 Access Point (AP)
![Page 13: Payas Gupta](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816334550346895dd3bc7b/html5/thumbnails/13.jpg)
Device Y must be equipped with a long-term public/private keypair, and a sticker containing a barcode of a commitment to its public key must be affixed to its housing.
As device Y is displayless, so per-interaction public keys no longer applies.
Example – Printer in a public place
![Page 14: Payas Gupta](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816334550346895dd3bc7b/html5/thumbnails/14.jpg)
Presence Confirmation
A display-only device (cameraless, but display equipped) is unable to strongly authenticate other devices using SiB.
But they can obtain a property called ‘presence’.Meaning confirming the presence of some other device in line-of-sight with its display.
![Page 15: Payas Gupta](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816334550346895dd3bc7b/html5/thumbnails/15.jpg)
Presence confirmation
TV wants to authenticate DVD Player Both are cameraless devices, but equipped with
display. A user can use SiB to stringly authenticate the DVD
player to her phone through the barcode attached to the DVD player.
She can demonstrate the DVD player’s presence to the TV by sending it the public key of the DVD player, along with a MAC over the DVD player’s public key.
![Page 16: Payas Gupta](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816334550346895dd3bc7b/html5/thumbnails/16.jpg)
Presence property is quite weakThe display-only device has no way of knowing how many device can see its display.It can only compute MAC over the data receivedAnd can measure the time delay between the displaying the barcode and receiving the MAC on the wireless channel.
![Page 17: Payas Gupta](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816334550346895dd3bc7b/html5/thumbnails/17.jpg)
Implementation Details
Application was developed on Series 60 phones File size 52 KB
For a secure and usable Sib exchange, Show device needs to convey
48 bits of Bluetooth address160 bits of SHA-1 output
Visual Code barcode has a useful datacapacity of only 68 bits
So need 4 barcodes to accommodate all
![Page 18: Payas Gupta](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816334550346895dd3bc7b/html5/thumbnails/18.jpg)
![Page 19: Payas Gupta](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816334550346895dd3bc7b/html5/thumbnails/19.jpg)
Application of Seeing-Is-Believing
Seeing-Is-Believing and the Grey Project SiB has been in use at Carnegie Mellon for several
years (around 5-6)
![Page 20: Payas Gupta](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816334550346895dd3bc7b/html5/thumbnails/20.jpg)
Group Key establishmentIt is same as bidirectional authentication using SiBBut noticed few difficulties in using
User’s usually switch to other phones without completing the second half of authentication
![Page 21: Payas Gupta](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816334550346895dd3bc7b/html5/thumbnails/21.jpg)
Security Analysis
CryptographyImplementation uses cycling barcodes that provide sufficient bandwidth to convey a full 160-bit SHA-1 hash.
Barcodes need to be secure against active attacks, which can be achieved using SiB.
![Page 22: Payas Gupta](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816334550346895dd3bc7b/html5/thumbnails/22.jpg)
Selecting an authentication channel COTS – Commercial Off-The-Shelf products
![Page 23: Payas Gupta](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816334550346895dd3bc7b/html5/thumbnails/23.jpg)
Attacks against SiB
A sophisticated adversary may be able to measure emitted electromagnetic radiation (Kuhn and Anderson, 1998), or to assemble the contents of the CRT by looking at reflected light from the CRT (Kuhn, 2002).
An attacker can disrupt the lighting conditions in an attempt to disrupt SiB.
A more sophisticated, and subtle, attack is to use infrared radiation or a carefully aimed laser to overwhelm the CCD in a phone’s camera.
![Page 24: Payas Gupta](https://reader035.vdocuments.us/reader035/viewer/2022062310/56816334550346895dd3bc7b/html5/thumbnails/24.jpg)
Concluding Remarks
Nice and interesting approach of authentication. Analysed the establishment of secure,
authenticated sessions between SiB-enabled devices and devices missing either a camera, a display, or both, and found that secure communication is possible in many situations.
The visual channel has the desirable property that it provides demonstrative identification of the communicating parties.