Seeing-Is-Believing: using camera phones for human-verifiable authentication

Jonathan M. McCune, Adrian Perrig and Michael K. Reiter

Int. J. Security and Networks

Payas Gupta

Problem

How do we authenticate each other on daily basis?By seeing each other

In real-life we do authenticate to various devices using

Physical connection such as cable Cumbersome to carry with you all the time Not feasible

Wireless communication Invisible to humans Open to MITM attacks

Infrared rays etc…

Problem

MITM attackAn out-of-band communication channel that provides authenticity suffices to defeat MITM attacks.

Diffie and Hellman key establishment

The challenge is to construct this kind of channelMany techniques provide key exchange but all require a shared secret password between the two entities, which may be cumbersome to establish in many mobile settings.

May be manual transmission or comparison.

Seeing-Is-Believing (SiB)

A visual channel to achieve demonstrating identification of communicating devices.

In SiB, one device uses its camera to take a snapshot of a barcode encoding cryptographic material identifying, e.g., the public key of another device.

We term this a visual channel.

Seeing-Is-Believing (SiB)

In SiB, a mobile phone’s integrated camera serves as a visual channel to provide demonstrative identification

Meaning the property that the user is sure her device is communicating with that other device.In SiB this is done visuallyDefeating MITM attacks and can authenticate and exchange keys.

What better way for a user to tell device A that it should communicate securely with device B than to take a picture of device B using device A’s integrated camera?

Find mode

Show mode In later sections we will discuss on using SiB with

devices that may be lacking a display or a camera or Both

AssumptionsMobile phone is not compromisedMobile phones are secure against active adversaries

2D barcodes as a visual channel

Bob use his camera in viewfinder mode Updating the image in real time Once barcode is recognized, stop Barcode recognition and error-correcting

algorithms

Pre-authentication

Can a device of type X authenticate a device of type Y?

Camera

Display

Bidirectional authentication

Both devices should have cameras

Privacy can be protected by avoiding the transmission of their public key on the wireless network.

Key can be encoded in a barcode directly , or in a sequence of barcodes if a single barcode has insufficient data capacity.

Unidirectional Authentication

Device X has a camera and device Y lacks a display and a camera.

Mobile phone with camera and802.11 Access Point (AP)

Device Y must be equipped with a long-term public/private keypair, and a sticker containing a barcode of a commitment to its public key must be affixed to its housing.

As device Y is displayless, so per-interaction public keys no longer applies.

Example – Printer in a public place

Presence Confirmation

A display-only device (cameraless, but display equipped) is unable to strongly authenticate other devices using SiB.

But they can obtain a property called ‘presence’.Meaning confirming the presence of some other device in line-of-sight with its display.

Presence confirmation

TV wants to authenticate DVD Player Both are cameraless devices, but equipped with

display. A user can use SiB to stringly authenticate the DVD

player to her phone through the barcode attached to the DVD player.

She can demonstrate the DVD player’s presence to the TV by sending it the public key of the DVD player, along with a MAC over the DVD player’s public key.

Presence property is quite weakThe display-only device has no way of knowing how many device can see its display.It can only compute MAC over the data receivedAnd can measure the time delay between the displaying the barcode and receiving the MAC on the wireless channel.

Implementation Details

Application was developed on Series 60 phones File size 52 KB

For a secure and usable Sib exchange, Show device needs to convey

48 bits of Bluetooth address160 bits of SHA-1 output

Visual Code barcode has a useful datacapacity of only 68 bits

So need 4 barcodes to accommodate all

Application of Seeing-Is-Believing

Seeing-Is-Believing and the Grey Project SiB has been in use at Carnegie Mellon for several

years (around 5-6)

Group Key establishmentIt is same as bidirectional authentication using SiBBut noticed few difficulties in using

User’s usually switch to other phones without completing the second half of authentication

Security Analysis

CryptographyImplementation uses cycling barcodes that provide sufficient bandwidth to convey a full 160-bit SHA-1 hash.

Barcodes need to be secure against active attacks, which can be achieved using SiB.

Selecting an authentication channel COTS – Commercial Off-The-Shelf products

Attacks against SiB

A sophisticated adversary may be able to measure emitted electromagnetic radiation (Kuhn and Anderson, 1998), or to assemble the contents of the CRT by looking at reflected light from the CRT (Kuhn, 2002).

An attacker can disrupt the lighting conditions in an attempt to disrupt SiB.

A more sophisticated, and subtle, attack is to use infrared radiation or a carefully aimed laser to overwhelm the CCD in a phone’s camera.

Concluding Remarks

Nice and interesting approach of authentication. Analysed the establishment of secure,

authenticated sessions between SiB-enabled devices and devices missing either a camera, a display, or both, and found that secure communication is possible in many situations.

The visual channel has the desirable property that it provides demonstrative identification of the communicating parties.