Secure device pairing based on a visual channel

Recently several researchers and practitioners have begun to address the problem of how to set up secure communication between two devices without the assistance of a trusted third party. McCune, et al. [4] proposed that one device displays the hash of its public key in the form of a barcode, and the other device reads it using a camera. Mutual authentication requires switching the roles of the devices and repeating the above process in the reverse direction. In this paper, we show how strong mutual authentication can be achieved even with a unidirectional visual channel, without having to switch device roles. By adopting recently proposed improved pairing protocols, we propose how visual channel authentication can be used even on devices that have very limited displaying capabilities

Pitfalls in Designing Zero-Effort Deauthentication: Opportunistic Human Observation Attacks

VK: Asokan, N.Deauthentication is an important component of any authentication system. The widespread use of computing devices in daily life has underscored the need for zero-effort deauthentication schemes. However, the quest for eliminating user effort may lead to hidden security flaws in the authentication schemes. As a case in point, we investigate a prominent zero-effort deauthentication scheme, called ZEBRA, which provides an interesting and a useful solution to a difficult problem as demonstrated in the original paper. We identify a subtle incorrect assumption in its adversary model that leads to a fundamental design flaw. We exploit this to break the scheme with a class of attacks that are much easier for a human to perform in a realistic adversary model, compared to the naive attacks studied in the ZEBRA paper. For example, one of our main attacks, where the human attacker has to opportunistically mimic only the victim’s keyboard typing activity at a nearby terminal, is significantly more successful compared to the naive attack that requires mimicking keyboard and mouse activities as well as keyboardmouse movements. Further, by understanding the design flaws in ZEBRA as cases of tainted input, we show that we can draw on well-understood design principles to improve ZEBRA’s security.Peer reviewe

Using contextual co-presence to strengthen Zero-Interaction Authentication:Design, integration and usability

Zero-Interaction Authentication (ZIA) refers to approaches that authenticate a user to a verifier (terminal) without any user interaction. Currently deployed ZIA solutions are predominantly based on the terminal detecting the proximity of the user’s personal device, or a security token, by running an authentication protocol over a short-range wireless communication channel. Unfortunately, this simple approach is highly vulnerable to low-cost and practical relay attacks which completely offset the usability benefits of ZIA. The use of contextual information, gathered via on-board sensors, to detect the co-presence of the user and the verifier is a recently proposed mechanism to resist relay attacks. In this paper, we systematically investigate the performance of different sensor modalities for co-presence detection with respect to a standard Dolev–Yao adversary. First, using a common data collection framework run in realistic everyday settings, we compare the performance of four commonly available sensor modalities (WiFi, Bluetooth, GPS, and audio) in resisting ZIA relay attacks, and find that WiFi is better than the rest. Second, we show that, compared to any single modality, fusing multiple modalities improves resilience against ZIA relay attacks while retaining a high level of usability. Third, we motivate the need for a stronger adversarial model to characterize an attacker who can compromise the integrity of context sensing itself. We show that in the presence of such a powerful attacker, each individual sensor modality offers very low security. Positively, the use of multiple sensor modalities improves security against such an attacker if the attacker cannot compromise multiple modalities simultaneously. Finally, based on our analysis, we integrate our contextual co-presence detection system with a real-world ZIA application, BlueProximity [1], so as to enhance its security against relay attacks. We describe the design of the BlueProximity++ application and present results from a small-scale user study that evaluated its effectiveness

On the security and usability of dynamic cognitive game CAPTCHAs

Existing CAPTCHA solutions are a major source of user frustration on the Internet today, frequently forcing companies to lose customers and business. Game CAPTCHAs are a promising approach which may make CAPTCHA solving a fun activity for the user. One category of such CAPTCHAs - called Dynamic Cognitive Game (DCG) CAPTCHA - challenges the user to perform a game-like cognitive (or recognition) task interacting with a series of dynamic images. Specifically, it takes the form of many objects floating around within the images, and the user's task is to match the objects corresponding to specific target(s), and drag/drop them to the target region(s). In this paper, we pursue a comprehensive analysis of DCG CAPTCHAs. We design and implement such CAPTCHAs, and dissect them across four broad but overlapping dimensions: (1) usability, (2) fully automated attacks, (3) human-solving relay attacks, and (4) hybrid attacks that combine the strengths of automated and relay attacks. Our study shows that DCG CAPTCHAs are highly usable, even on mobile devices and offer some resilience to relay attacks, but they are vulnerable to our proposed automated and hybrid attacks

A three-way investigation of a game-CAPTCHA: Automated attacks, relay attacks and usability

Existing captcha solutions on the Internet are a major source of user frustration. Game captchas are an interesting and, to date, littlestudied approach claiming to make captcha solving a fun activity for the users. One broad form of such captchas-called Dynamic Cognitive Game (DCG) captchas-challenge the user to perform a game-like cognitive task interacting with a series of dynamic images. We pursue a comprehensive analysis of a representative category of DCG captchas. We formalize, design and implement such captchas, and dissect them across: (1) fully automated attacks, (2) humansolver relay attacks, and (3) usability. Our results suggest that the studied DCG captchas exhibit high usability and, unlike other known captchas, offer some resistance to relay attacks, but they are also vulnerable to our novel dictionary-based automated attack