Seeing-Is-Believing: Using Camera Phones for Human- Verifiable Authentication Jonathan M. McCune Adrian Perrig Michael K. Reiter Carnegie Mellon University.

Slides:

Advertisements

Similar presentations

The Diffie-Hellman Algorithm

Advertisements

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.

Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig Carnegie Mellon University Message-In-a-Bottle: User-Friendly and Secure Cryptographic Key Deployment.

KAIS T Message-In-a-Bottle: User-Friendly and Secure Key Deployment for Sensor Nodes Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig(CMU), Sensys

1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

Friendly Authentication and Communication Experience (Face) for Ubiquitous Authentication on Mobile Devices Author: Benjamin Halpert Presented by: 魏聲尊.

Inter-Domain Identity-Based Authenticated Key Agreement Protocols from Weil Pairing Authors: Hong-bin Tasi, Yun-Peng Chiu and Chin-Laung Lei From:ISC2006.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人：陳昱升.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.

Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

Security Management.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

Diffie-Hellman Key Exchange

Computer Science Public Key Management Lecture 5.

Seeing-Is-Believing: using camera phones for human-verifiable authentication Jonathan M. McCune, Adrian Perrig and Michael K. Reiter Int. J. Security and.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

SafeSlinger Easy-to-Use and Secure Public-Key Exchange Michael Farb (CMU), Yue-Hsun Lin (CMU), Tiffany Hyun-Jin Kim (CMU), Jonathan McCune (Google), Adrian.

Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.

Public-key Cryptography Strengths and Weaknesses Matt Blumenthal.

Brian Padalino Sammy Lin Arnold Perez Helen Chen

Cyrtographic Security Identity-based Encryption 1Dennis Kafura – CS5204 – Operating Systems.

Cryptography, Authentication and Digital Signatures

CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1

Chapter 31 Cryptography And Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Chapter 21 Public-Key Cryptography and Message Authentication.

Security protocols  Authentication protocols (this lecture)  Electronic voting protocols  Fair exchange protocols  Digital cash protocols.

Cryptography and Network Security (CS435) Part Eight (Key Management)

Compliance Defects in Public- key Cryptography “ A public-key security system trusts its users to validate each others’s public keys rigorously and to.

Fall 2010/Lecture 321 CS 426 (Fall 2010) Key Distribution & Agreement.

KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT DIFFIE-HELLMAN KEY.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.

PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.

Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Topic 14: Secure Communication1 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.

Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication McCune, J.M., Perrig, A., Reiter, M.K IEEE Symposium on Security and.

Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.

Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.

Dan Boneh Basic key exchange Trusted 3 rd parties Online Cryptography Course Dan Boneh.

1 Authenticated Key Exchange Rocky K. C. Chang 20 March 2007.

1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.

Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:

Key Management and Distribution Anand Seetharam CST 312.

1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.

A Novel Cryptography for Ad Hoc Network Security ► Pi Jian-yong; Liu Xin-song; Wu Ai; Liu Dan; ► 2006 International Conference on Communications, Circuits.

Security. Cryptography (1) Intruders and eavesdroppers in communication.

Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

1/18 Talking to Strangers: Authentication in Ad-Hoc Wireless Networks Dirk Balfanz 외 2 명 in Xerox Palo Alto Research Center Presentation: Lee Youn-ho.

Practical Aspects of Modern Cryptography

Presentation transcript:

Seeing-Is-Believing: Using Camera Phones for Human- Verifiable Authentication Jonathan M. McCune Adrian Perrig Michael K. Reiter Carnegie Mellon University 2005報告人：張淯閎

Outline Related works Related works Authentication Authentication Barcode Recognition with Camera Phones Barcode Recognition with Camera Phones Seeing-Is-Believing Seeing-Is-Believing

Authentication Authentication between two co-located entities with no prior trust relationships. Authentication between two co-located entities with no prior trust relationships. Public key infrastructure relies on trusted certifiers. Public key infrastructure relies on trusted certifiers. Diffie-Hellman key Diffie-Hellman key Man-in-the-middle Man-in-the-middle Encrypted key exchange Encrypted key exchange

Barcode Recognition with Camera Phones SiB depends on a camera phone and can recognize 2D barcodes. SiB depends on a camera phone and can recognize 2D barcodes. 2D code used in mobile phones can be read from electronic screens and printed paper(Rohs and Gfeller). 2D code used in mobile phones can be read from electronic screens and printed paper(Rohs and Gfeller). Semacodes, which is a Data Matrix barcode standard(Woodside). Semacodes, which is a Data Matrix barcode standard(Woodside). HP Labs propose tagging electronics with barcode to be read by camera phones. HP Labs propose tagging electronics with barcode to be read by camera phones.

Seeing-Is-Believing A mobile phone’s integrated camera serves as a visual channel to provide identification of communicating devices. A mobile phone’s integrated camera serves as a visual channel to provide identification of communicating devices. User identifies that other device visually. User identifies that other device visually. With 2D barcodes With 2D barcodes

Pre-Authentication and the Visual channel SiB uses a visual channel instead of an invisible channel, thus adding a direct human factor. SiB uses a visual channel instead of an invisible channel, thus adding a direct human factor. Pre-authentication data is used in both communicating parties in any standard public-key over the wireless link.(Figure1.) Pre-authentication data is used in both communicating parties in any standard public-key over the wireless link.(Figure1.)

Figure1. Pre-authentication over the visual channel. Ka is A’s public key, which can be either long-term or ephemeral, depending the protocol.

Bidirectional Authentication Without a trusted authority Without a trusted authority Diffie-Hellman key exchange to establish a shared secret Diffie-Hellman key exchange to establish a shared secret Mutually authenticated one another’s public keys Mutually authenticated one another’s public keys

Unidirectional Authentication Figure2. Can a device of type X authenticate a device of type Y? We consider devices with cameras and displays(CD), cameras only(C), displays only(D), and neither(N).

SiB For Example

Security Analysis Assumption that an attacker is unable to perform an active attack on the visual channel. Assumption that an attacker is unable to perform an active attack on the visual channel. Unable to compromise the mobile device itself. Unable to compromise the mobile device itself. Cryptography Cryptography Selecting an Authentication Channel Selecting an Authentication Channel

Conclusion SiB is a system that uses barcodes and camera phones as a visual channel for human-verifiable authentication. SiB is a system that uses barcodes and camera phones as a visual channel for human-verifiable authentication. Visual channel provides demonstrative identification of communicating parties,that user assurance her device. Visual channel provides demonstrative identification of communicating parties,that user assurance her device. SiB characteristic SiB characteristic

Diffie-Hellman key exchange n, g public value n, g public value Both sides have his own value like X and Y (must a large number ). Both sides have his own value like X and Y (must a large number ). Count Secrete Key g xy Count Secrete Key g xy Alice Bob Count: (g y mod n) x = g xy mod n Count: (g x mod n) y = g xy mod n n, g, g x mod n g y mod n