Upload
austen-townsend
View
215
Download
0
Embed Size (px)
Citation preview
Center for Cyber-Security and Privacy 1
Loud And Clear Security
Michael T. Goodrich, Michael Sirivianos, John Solis, Gene Tsudik and Ersin Uzun.
{goodrich,msirivia,jsolis,gts,euzun}@ics.uci.edu
Center for Cyber-Security and Privacy 2
Problem Statement• Αuthentication of communication channels between devices that lack any previous secure association.
Alice Bob
Eve
??
??
Center for Cyber-Security and Privacy 3
Challenges
• Human verifiable authentication.• Introduce user in the authentication
loop.
• No previous shared secrets.• No online or offline authority.• Limited computational resources
on portable devices.• Support for multiple broadcast
mediums.
Center for Cyber-Security and Privacy 4
Previous Approaches
• Human Comparable Visual Hashes• Cumbersome Task• High Error Rate
• Seeing is Believing • 2D barcodes to authenticate
devices with camera phones• Many devices lack a camera or
barcode scanner• Need graphical display or
sticker• Visually-impaired users• Poor visibility scenarios (e.g.,
smoke, darkness)• Requires sufficiently clear
picture
Center for Cyber-Security and Privacy 5
Our Solution: L&C
• Audio channel for human-assisted authentication of previously un-associated devices• Derive auditorially-robust, syntactically
correct sentence (MadLib) from hash of a public key
• Vocalize sentence
• Combine vocalization on one (or both) devices with the display of the same information on other device• Suitable for secure device pairing (e.g key
exchange) and similar tasks• Only need speaker on one device and small
(text) display on the other
Center for Cyber-Security and Privacy 6
Personal Device Target Device
Cell phone:speaker &small display
Handheld/PDA:speaker &display
Smart Watch:tiny speaker &tiny display
MP3 player:audio out &no display
Printer or FAX:speaker &small display
Base Station:no speaker &no display
Mutual authenticationpossiblyrequired
Sample Use Scenarios
Center for Cyber-Security and Privacy 7
L&C Use Types
• TYPE 4: Compare text displayed on each device.
• TYPE 1: Hear and compare two audible sequences, one from each device
• TYPE 2: Hear audible sequence from target device, compare it to text displayed by personal device
• TYPE 3: Hear audible sequence from personal device, compare it to text displayed by target device.
Center for Cyber-Security and Privacy 8
Implementation-Performance
Programming System• Built on highly-
portable Ewe Java VM.
• Runs on any Pocket or Windows PC.
TTS Engine• Can use any
portable TTS engine
• Digit for PC and Pocket PC (uses Elan Speech Engine)
• Now porting Sun’s Java FreeTTS and JSAPI to Ewe
L&C Processing times in ms