Seeing-Is-Believing: using camera phones
for human-verifiable authentication
Jonathan M. McCune, Adrian Perrig and Michael K. Reiter
Int. J. Security and Networks
Payas Gupta
Problem

How do we authenticate each other on daily basis?
By seeing each other

In real-life we do authenticate to various devices
using
Physical connection such as cable
 Cumbersome
 Not
to carry with you all the time
feasible
Wireless communication
 Invisible
to humans
 Open to MITM attacks
Infrared rays etc…
Problem

MITM attack
An out-of-band communication channel that provides
authenticity suffices to defeat MITM attacks.
 Diffie
and Hellman key establishment
The challenge is to construct this kind of channel
Many techniques provide key exchange but all require
a shared secret password between the two entities,
which may be cumbersome to establish in many
mobile settings.
May be manual transmission or comparison.
Seeing-Is-Believing (SiB)


A visual channel to achieve demonstrating
identification of communicating devices.
In SiB, one device uses its camera to take a snapshot
of a barcode encoding cryptographic material
identifying, e.g., the public key of another device.
We term this a visual channel.
Seeing-Is-Believing (SiB)

In SiB, a mobile phone’s integrated camera serves
as a visual channel to provide demonstrative
identification
Meaning the property that the user is sure her device is
communicating with that other device.
In SiB this is done visually
Defeating MITM attacks and can authenticate and
exchange keys.

What better way for a user to tell device A that it should communicate securely with
device B than to take a picture of device B using device A’s integrated camera?

In later sections we will discuss on using SiB with
Show mode
devices that may be lacking
a display or
a camera or
Both

Assumptions
Find mode
Mobile phone is not compromised
Mobile phones are secure against active adversaries
2D barcodes as a visual channel




Bob use his camera in viewfinder mode
Updating the image in real time
Once barcode is recognized, stop
Barcode recognition and error-correcting
algorithms
Pre-authentication
Can a device of type X
authenticate a device of type Y?
Display
Camera
Bidirectional authentication

Both devices should have cameras


Privacy can be protected by avoiding the
transmission of their public key on the wireless
network.
Key can be encoded in a barcode directly , or in a
sequence of barcodes if a single barcode has
insufficient data capacity.
Unidirectional Authentication

Device X has a camera and device Y lacks a display
and a camera.
Mobile phone with camera and
802.11 Access Point (AP)



Device Y must be equipped with a long-term
public/private keypair, and a sticker containing a
barcode of a commitment to its public key must be
affixed to its housing.
As device Y is displayless, so per-interaction public
keys no longer applies.
Example – Printer in a public place
Presence Confirmation


A display-only device (cameraless, but display
equipped) is unable to strongly authenticate other
devices using SiB.
But they can obtain a property called ‘presence’.
Meaning confirming the presence of some other device
in line-of-sight with its display.
Presence confirmation




TV wants to authenticate DVD Player
Both are cameraless devices, but equipped with
display.
A user can use SiB to stringly authenticate the DVD
player to her phone through the barcode attached
to the DVD player.
She can demonstrate the DVD player’s presence to
the TV by sending it the public key of the DVD
player, along with a MAC over the DVD player’s
public key.

Presence property is quite weak
The display-only device has no way of knowing how
many device can see its display.
It can only compute MAC over the data received
And can measure the time delay between the
displaying the barcode and receiving the MAC on the
wireless channel.
Implementation Details



Application was developed on Series 60 phones
File size 52 KB
For a secure and usable Sib exchange, Show device
needs to convey
48 bits of Bluetooth address
160 bits of SHA-1 output
Visual Code barcode has a useful data
capacity of only 68 bits
So need 4 barcodes to accommodate all

Application of Seeing-Is-Believing


Seeing-Is-Believing and the Grey Project
SiB has been in use at Carnegie Mellon for several
years (around 5-6)

Group Key establishment
It is same as bidirectional authentication using SiB
But noticed few difficulties in using
 User’s
usually switch to other phones without completing
the second half of authentication
Security Analysis

Cryptography
Implementation uses cycling barcodes that provide
sufficient bandwidth to convey a full 160-bit SHA-1
hash.
Barcodes need to be secure against active attacks,
which can be achieved using SiB.


Selecting an authentication channel
COTS – Commercial Off-The-Shelf products
Attacks against SiB



A sophisticated adversary may be able to measure
emitted electromagnetic radiation (Kuhn and Anderson, 1998),
or to assemble the contents of the CRT by looking at
reflected light from the CRT (Kuhn, 2002).
An attacker can disrupt the lighting conditions in an
attempt to disrupt SiB.
A more sophisticated, and subtle, attack is to use
infrared radiation or a carefully aimed laser to
overwhelm the CCD in a phone’s camera.
Concluding Remarks



Nice and interesting approach of authentication.
Analysed the establishment of secure, authenticated
sessions between SiB-enabled devices and devices
missing either a camera, a display, or both, and
found that secure communication is possible in
many situations.
The visual channel has the desirable property that
it provides demonstrative identification of the
communicating parties.