Multi-Device Key Management Using Visual Side Channels in Pervasive Computing Environments

Abstract

In the modern connected world, pervasive computing has become reality. Thanks to the ubiquity of mobile computing devices and emerging cloud-based services, the users permanently stay connected to their data. This introduces a slew of new security challenges, including the problem of multi-device key management and single-sign-on architectures. One solution to this problem is the utilization of secure side-channels for authentication, including the visual channel as vicinity proof. However, existing approaches often assume confidentiality of the visual channel, or provide only insufficient means of mitigating a man-in-the-middle attack. In this work, we introduce QR-Auth, a two-step, 2D barcode based authentication scheme for mobile devices which aims specifically at key management and key sharing across devices in a pervasive environment. It requires minimal user interaction and therefore provides better usability than most existing schemes, without compromising its security. We show how our approach fits in existing authorization delegation and one-time-password generation schemes, and that it is resilient to man-in-the-middle attacks.

@INPROCEEDINGS{Baty1110:Multi,
AUTHOR="Leonid Batyuk and Seyit A. Camtepe and Sahin Albayrak",
TITLE="{Multi-Device} Key Management Using Visual Side Channels in Pervasive
Computing Environments",
BOOKTITLE="Sixth International Conference on Broadband and Wireless Computing,
Communication and Applications (BWCCA 2011)",
ADDRESS="BARCELONA, Spain",
DAYS=26,
MONTH=oct,
YEAR=2011,
KEYWORDS="mobile; smartphones; key management; authentication; 2D barcode; pervasive
computing; ubiquitous computing;",
ABSTRACT="In the modern connected world, pervasive computing has become reality.
Thanks to the ubiquity of mobile computing devices and emerging cloud-based
services, the users permanently stay connected to their data. This
introduces a slew of new security challenges, including the problem of
multi-device key management and single-sign-on architectures. One solution
to this problem is the utilization of secure side-channels for
authentication, including the visual channel as vicinity proof. However,
existing approaches often assume confidentiality of the visual channel, or
provide only insufficient means of mitigating a man-in-the-middle attack.
In this work, we introduce QR-Auth, a two-step, 2D barcode based
authentication scheme for mobile devices which aims specifically at key
management and key sharing across devices in a pervasive environment. It
requires minimal user interaction and therefore provides better usability
than most existing schemes, without compromising its security. We show how
our approach fits in existing authorization delegation and
one-time-password generation schemes, and that it is resilient to
man-in-the-middle attacks."
}
Authors:
Leonid Batyuk, Seyit Ahmet Camtepe, Sahin Albayrak
Category:
Conference Paper
Year:
2011
Location:
Proceedings of the Sixth International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA 2011)