Please use this identifier to cite or link to this item:
|Title:||Securing interactive sessions using mobile device through visual channel and visual inspection|
|Citation:||Fang, C.,Chang, E.-C. (2010). Securing interactive sessions using mobile device through visual channel and visual inspection. Proceedings - Annual Computer Security Applications Conference, ACSAC : 69-78. ScholarBank@NUS Repository. https://doi.org/10.1145/1920261.1920272|
|Abstract:||Communication channel established from a display to a device's camera is known as visual channel, and is helpful in securing key exchange protocol . In this paper, we study how visual channel can be exploited by a network terminal and mobile device to jointly verify information in an interactive session, and how such information can be jointly presented in a user-friendly manner, taking into account that the mobile device can only capture and display a small region. Motivated by applications in Kiosk computing and multi-factor authentication, we consider three security models: (1) the mobile device is trusted, (2) at most one of the terminal or the mobile device is dishonest, and (3) both the terminal and device are dishonest but they do not collude or communicate. We give a few protocols and investigate them under the abovementioned models. We point out a form of replay attack that renders some other straightforward implementations cumbersome to use. To enhance user-friendliness, we propose a solution using visual cues embedded into the 2D barcodes and incorporate the framework of "augmented reality" for easy verifications through visual inspection. We give a proof-of-concept implementation to show that our scheme is feasible in practice. Copyright 2010 ACM.|
|Source Title:||Proceedings - Annual Computer Security Applications Conference, ACSAC|
|Appears in Collections:||Staff Publications|
Show full item record
Files in This Item:
There are no files associated with this item.
checked on Feb 20, 2019
checked on Dec 29, 2018
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.