Go anywhere: user-verifiable authentication over distance-free channel for mobile devices

Current mobile technology gives us ubiquitous services with personal mobile devices such as smart phones, tablet PCs, and laptops. With these mobile devices, the human users may wish to exchange sensitive data with others (e.g., their friends or their colleagues) over a secure channel. Public key cr...

Full description

Saved in:
Bibliographic Details
Published in:Personal and ubiquitous computing 2013-06, Vol.17 (5), p.933-943
Main Authors: Kang, Sukin, Kim, Jonguk, Hong, Manpyo
Format: Article
Language:English
Subjects:
Authentication
Authentication protocols
Channels
Computer Science
Cryptography
Devices
Human
Information systems
Mobile communication systems
Mobile Computing
Network security
Original Article
Personal Computing
Prototypes
Smartphones
User Interfaces and Human Computer Interaction
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Current mobile technology gives us ubiquitous services with personal mobile devices such as smart phones, tablet PCs, and laptops. With these mobile devices, the human users may wish to exchange sensitive data with others (e.g., their friends or their colleagues) over a secure channel. Public key cryptography is a good solution for establishing this secure channel. However, it is vulnerable to man-in-the-middle attack, if the entities have no shared information. A number of techniques based on human-assisted out-of-band channels have been proposed to solve this problem. Unfortunately, these works have a common shortcoming: The human users must be colocated in close proximity. In this paper, we focus on how to construct a distance - free channel , which is not location - limited for establishing a secure channel between two users (devices). The proposed distance-free channel provides identification and authentication of the devices at the different locations using taken pictures or pre-stored images. The human user participates in the authentication process by sending and verifying an image. We describe the prototype implementation operated on a smart phone and show the experimental results when actually two smart phones share a common key using Diffie–Hellman key agreement over the proposed distance-free channel.
ISSN:1617-4909
1617-4917
DOI:10.1007/s00779-012-0531-4