Seeing-Is-Believing:Seeing-Is-Believing:Using Camera Phones for Human-Using Camera Phones for Human-

Verifiable AuthenticationVerifiable Authentication

Jonathan M. McCune Adrian Perrig Michael Jonathan M. McCune Adrian Perrig Michael K. ReiterK. Reiter

Carnegie Mellon UniversityCarnegie Mellon University20052005

報告人：張淯閎報告人：張淯閎

OutlineOutline

Related worksRelated worksAuthenticationAuthenticationBarcode Recognition with Camera PhonesBarcode Recognition with Camera Phones

Seeing-Is-BelievingSeeing-Is-Believing

AuthenticationAuthentication

Authentication between two co-located entAuthentication between two co-located entities with no prior trust relationships.ities with no prior trust relationships.

Public key infrastructure relies on trusted cPublic key infrastructure relies on trusted certifiers.ertifiers.

Diffie-Hellman keyDiffie-Hellman keyMan-in-the-middleMan-in-the-middleEncrypted key exchangeEncrypted key exchange

Barcode Recognition with Camera Barcode Recognition with Camera PhonesPhones

SiB depends on a camera phone and can SiB depends on a camera phone and can recognize 2D barcodes.recognize 2D barcodes.

2D code used in mobile phones can be re2D code used in mobile phones can be read from electronic screens and printed papad from electronic screens and printed paper(Rohs and Gfeller).er(Rohs and Gfeller).

Semacodes, which is a Data Matrix barcodSemacodes, which is a Data Matrix barcode standard(Woodside).e standard(Woodside).

HP Labs propose tagging electronics with HP Labs propose tagging electronics with barcode to be read by camera phones.barcode to be read by camera phones.

Seeing-Is-BelievingSeeing-Is-Believing

A mobile phone’s integrated camera A mobile phone’s integrated camera serves as a visual channel to provide serves as a visual channel to provide identification of communicating devices.identification of communicating devices.

User identifies that other device visually.User identifies that other device visually.With 2D barcodesWith 2D barcodes

Pre-Authentication and the Visual Pre-Authentication and the Visual channelchannel

SiB uses a visual channel instead of an invSiB uses a visual channel instead of an invisible channel, thus adding a direct human isible channel, thus adding a direct human factor.factor.

Pre-authentication data is used in both coPre-authentication data is used in both communicating parties in any standard publimmunicating parties in any standard public-key over the wireless link.(Figure1.)c-key over the wireless link.(Figure1.)

Figure1. Pre-authentication over the visual channel. Ka is A’s public key, which can be either long-term or ephemeral,

depending the protocol.

Bidirectional AuthenticationBidirectional Authentication

Without a trusted authorityWithout a trusted authorityDiffie-Hellman key exchange to establish a Diffie-Hellman key exchange to establish a

shared secretshared secretMutually authenticated one another’s publiMutually authenticated one another’s publi

c keysc keys

Unidirectional AuthenticationUnidirectional Authentication

Figure2. Can a device of type X authenticate a device of type Y? We consider devices with cameras and displays(CD), cameras only

(C), displays only(D), and neither(N).

SiB For Example SiB For Example

Security AnalysisSecurity Analysis

Assumption that an attacker is unable to Assumption that an attacker is unable to perform an active attack on the visual perform an active attack on the visual channel.channel.

Unable to compromise the mobile device Unable to compromise the mobile device itself.itself.CryptographyCryptographySelecting an Authentication ChannelSelecting an Authentication Channel

ConclusionConclusion

SiB is a system that uses barcodes and caSiB is a system that uses barcodes and camera phones as a visual channel for humamera phones as a visual channel for human-verifiable authentication.n-verifiable authentication.

Visual channel provides demonstrative ideVisual channel provides demonstrative identification of communicating parties,that usntification of communicating parties,that user assurance her device.er assurance her device.

SiB characteristic SiB characteristic

Diffie-Hellman key exchangeDiffie-Hellman key exchange

n, g public valuen, g public valueBoth sides have his own value like X and Both sides have his own value like X and

Y (must a large number ).Y (must a large number ).Count Secrete Key gCount Secrete Key gxyxy

AliceBob

Count:(gy mod n)x = gxy mod n

Count:(gx mod n)y = gxy mod n

n, g, gx mod n

gy mod n