Multi-device key management using visual side channels in pervasive computing environments

Batyuk, Leonid, Camtepe, Seyit A., & Albayrak, Sahin (2011) Multi-device key management using visual side channels in pervasive computing environments. In Proceedings of the International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA 2011), IEEE Conference Publications, Barcelona, Spain, pp. 207-214.

View at publisher

Abstract

In the modern connected world, pervasive computing has become reality. Thanks to the ubiquity of mobile computing devices and emerging cloud-based services, the users permanently stay connected to their data. This introduces a slew of new security challenges, including the problem of multi-device key management and single-sign-on architectures. One solution to this problem is the utilization of secure side-channels for authentication, including the visual channel as vicinity proof. However, existing approaches often assume confidentiality of the visual channel, or provide only insufficient means of mitigating a man-in-the-middle attack. In this work, we introduce QR-Auth, a two-step, 2D barcode based authentication scheme for mobile devices which aims specifically at key management and key sharing across devices in a pervasive environment. It requires minimal user interaction and therefore provides better usability than most existing schemes, without compromising its security. We show how our approach fits in existing authorization delegation and one-time-password generation schemes, and that it is resilient to man-in-the-middle attacks.

Impact and interest:

2 citations in Scopus
Search Google Scholar™

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

ID Code: 58293
Item Type: Conference Paper
Refereed: Yes
Keywords: authorisation, mobile computing, 2D barcode based authentication scheme, key sharing, man-in-the-middle
DOI: 10.1109/BWCCA.2011.33
ISBN: 9781457714559
Subjects: Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303)
Divisions: Current > Schools > School of Electrical Engineering & Computer Science
Past > Institutes > Information Security Institute
Current > QUT Faculties and Divisions > Science & Engineering Faculty
Copyright Owner: Copyright 2011 IEEE
Deposited On: 15 Mar 2013 00:02
Last Modified: 12 Jun 2013 15:37

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page