ABSTRACT
Communication channel established from a display to a device's camera is known as visual channel, and is helpful in securing key exchange protocol [16]. In this paper, we study how visual channel can be exploited by a network terminal and mobile device to jointly verify information in an interactive session, and how such information can be jointly presented in a user-friendly manner, taking into account that the mobile device can only capture and display a small region. Motivated by applications in Kiosk computing and multi-factor authentication, we consider three security models: (1) the mobile device is trusted, (2) at most one of the terminal or the mobile device is dishonest, and (3) both the terminal and device are dishonest but they do not collude or communicate. We give a few protocols and investigate them under the abovementioned models. We point out a form of replay attack that renders some other straightforward implementations cumbersome to use. To enhance user-friendliness, we propose a solution using visual cues embedded into the 2D barcodes and incorporate the framework of "augmented reality" for easy verifications through visual inspection. We give a proof-of-concept implementation to show that our scheme is feasible in practice.
- QR Code (2000). International Organization for Standarization: Information Technology-Automatic Identification and Data Capture Techniques-Bar Code Symbology-QR Code. 2000.Google Scholar
- M. Bellare and C. Namprempre. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. Journal of Cryptology, pages 469--491, 2008. Google ScholarDigital Library
- R. C. Bose and D. K. Ray-Chaudhuri. On a class of error correcting binary group codes. Information and control, pages 68--79, 1960.Google Scholar
- C. H. Chu, D. N. Yang, and M. S. Chen. Image stablization for 2d barcode in handheld devices. In Proceedings of the 15th international conference on Multimedia, pages 706--715, 2007. Google ScholarDigital Library
- D. E. Clarke, B. Gassend, T. Kotwal, M. Burnside, M. Dijk, S. Devadas, and R. L. Rivest. The untrusted computer problem and camera-based authentication. In Proceedings of the First International Conference on Pervasive Computing, pages 114--124, 2002. Google ScholarDigital Library
- J. P. Collomosse and T. Kindberg. Screen codes: visual hyperlinks for displays. In workshop on Mobile computing systems and applications, pages 86--90, 2008. Google ScholarDigital Library
- E. Costanza and J. Huang. Designable visual markers. In Proceedings of the 27th international conference on Human factors in computing systems, pages 1879--1888, 2009. Google ScholarDigital Library
- E. Costanza and J. Robinson. A region adjacency tree approach to the detection and design of fiducials. Vision, Video and Graphics, pages 63--70, 2003.Google Scholar
- E. Costanza, S. B. Shelley, and J. Robinson. Introducing audio d-touch: A tangible user interface for music composition and performance. In Proceedings of the International Conference on Digital Audio Effects, pages 8--11, 2003.Google Scholar
- S. Garriss, R. Cáceres, S. Berger, R. Sailer, L. van Doorn, and X. Zhang. Trustworthy and personalized computing on public kiosks. In Proceeding of the 6th international conference on Mobile systems, applications, and services, pages 199--210, 2008. Google ScholarDigital Library
- S. Garriss, R. Sailer, R. Caceres, L. van Doorn, S. Berger, and X. Zhang. Towards trustworthy kiosk computing. In Workshop on Mobile Computing Systems and Applications, pages 41--45, 2007. Google ScholarDigital Library
- M. A. Jacobs and M. A. Insero. Method and apparatus for downloading information from a controllable light source to a portable information device, 1996. US Patent 5,535,147.Google Scholar
- B. Kauer. OSLO: Improving the security of Trusted Computing. In Proceedings of 16th USENIX security symposium on usenix security symposium, pages 1--9, 2007. Google ScholarDigital Library
- E. Klopfer and K. Squire. Environmental detectivesął the development of an augmented reality platform for environmental simulations. Educational Technology Research and Development, pages 203--228, 2008.Google Scholar
- C. Y. Lin and S. F. Chang. Semi-fragile watermarking for authenticating JPEG visual content. In Proceedings of SPIE, volume 3971, pages 140--151, 2000.Google Scholar
- J. M. McCune, A. Perrig, and M. K. Reiter. Seeing-is-believing: using camera phones for human-verifiable authentication. In IEEE Symposium on Security and Privacy, pages 110--124, 2005. Google ScholarDigital Library
- E. M. Or and D. Pundik. Hand motion and image stabilization in hand-held devices. IEEE Transactions on Consumer Electronics, pages 1508--1512, 2007. Google ScholarDigital Library
- D. Parikh and G. Jancke. Localization and segmentation of a 2d high capacity color barcode. In IEEE Workshop on Applications of Computer Vision, pages 1--6, 2008. Google ScholarDigital Library
- J. Rekimoto and Y. Ayatsuka. Cybercode: designing augmented reality environments with visual tags. In Proceedings of DARE 2000 on Designing augmented reality environments, pages 1--10, 2000. Google ScholarDigital Library
- R. Sharp, J. Scott, and A. R. Beresford. Secure mobile computing via public terminals. Pervasive Computing, pages 238--253, 2006. Google ScholarDigital Library
- M. Sorel and J. Flusser. Blind restoration of images blurred by complex camera motion and simultaneous recovery of 3d scene structure. In Signal Processing and Information Technology, pages 737--742, 2005.Google Scholar
- K. Squire and M. Jan. Mad city mystery: Developing scientific argumentation skills with a place-based augmented reality game on handheld computers. Journal of Science Education and Technology, pages 5--29, 2007.Google Scholar
- G. Takacs, V. Chandrasekhar, N. Gelfand, Y. Xiong, W. C. Chen, T. Bismpigiannis, R. Grzeszczuk, K. Pulli, and B. Girod. Outdoors augmented reality on mobile phone using loxel-based visual feature organization. pages 427--434, 2008. Google ScholarDigital Library
- F. L. Wong and F. Stajano. Multi-channel protocols. In Security protocols: 13th international workshop, pages 112--127, 2007. Google ScholarDigital Library
Index Terms
- Securing interactive sessions using mobile device through visual channel and visual inspection
Recommendations
Secure Device Pairing Based on a Visual Channel: Design and Usability Study
“Pairing” is the establishment of authenticated key agreement between two devices over a wireless channel. Such devices are ad hoc in nature as they lack any common preshared secrets or trusted authority. Fortunately, these devices can be connected via ...
Seeing-Is-Believing: using camera phones for human-verifiable authentication
Current mechanisms for authenticating communication between devices that share no prior context are inconvenient for ordinary users, without the assistance of a trusted authority. We present and analyse Seeing-Is-Believing (SiB), a system that utilises ...
Testing visual notification cues on a mobile device
CHI EA '04: CHI '04 Extended Abstracts on Human Factors in Computing SystemsThis paper discusses field-testing of visual notification cues on a mobile handheld device. Each cue consisted of three multicolored lights preceded by a tactile signal (vibration). After being customized, the cues were sent periodically to the device ...
Comments