research-article

Using mobile device screens for authentication

Authors:

Andrea Bianchi,

Ian Oakley,

Dong Soo KwonAuthors Info & Claims

OzCHI '11: Proceedings of the 23rd Australian Computer-Human Interaction Conference

Pages 50 - 53

https://doi.org/10.1145/2071536.2071542

Published: 28 November 2011 Publication History

Get Access

Abstract

Authentication in public spaces, such as ATM PIN entry, is inherently susceptible to security attacks based on observation in person or via cameras. This paper addresses this problem with a system which allows users to enter a PIN on a standard mobile phone and then transmit it securely for authentication using modulated patterns of light shown on the screen and sensed by a cheap bespoke receiver unit. No pre-pairing is required as physical proximity guarantees security. The paper presents several hardware and software variations, evaluates the technical soundness of the system, and presents two user studies addressing usability and security against observation attacks.

References

[1]

Anderson, R., Why cryptosystems fail. In Proc. ACM CCS'93, pp. 215--227, 1993

Digital Library

Google Scholar

[2]

Balfanz, D., Smetters, D. K., Stewart, P., Wong., H. C., Talking to strangers. In Proc. NDSS 2002, pp.23--35.

Google Scholar

[3]

Brooke, J., SUS: a "quick and dirty" usability scale. In Usability Evaluation in Ind. Taylor & Francis, 1996.

Google Scholar

[4]

Kainda, R., Flechais, I., and Roscoe, A. W. Usability and security of out-of-band channels in secure device pairing protocols. In Proc. of SOUPS '09, pp. 1--12.

Digital Library

Google Scholar

[5]

Kindberg, T., Zhang, K., Secure spontaneous devices association. In Proc. UbiComp 2003, pp 124--131.

Crossref

Google Scholar

[6]

Kobsa, A., Sonawalla, R., Tsudik, G., Uzun, E., Wang, Y., Serial hook-ups: a comparative usability study of secure device pairing methods. In Proc. of SOUPS '09.

Digital Library

Google Scholar

[7]

Mayrhofer, R., Welch, M.: A human-verifiable authentication protocol using visible laser light. In: Proc. Conf. on Availability, Reliability & Security, 2007

Digital Library

Google Scholar

[8]

Mccune, J. M., Perrig, A., Reiter, M. K., Seeing-is-believing. In Proc. of Symposium on Security and Privacy, IEEE, pp. 110--124, 2005.

Digital Library

Google Scholar

[9]

Saxena, N., Ekberg, J. E., Kostiainen, K., Asokan, N., Secure device pairing based on a visual channel, IEEE Symposium on Security and Privacy, 2006.

Digital Library

Google Scholar

[10]

Stajano, F., Anderson, R. J., The resurrecting duckling: Security issues for ad-hoc wireless networks. 7th Security Protocols Workshop, LNCS 1796, pp.172--194.

Digital Library

Google Scholar

Cited By

View all

Mathis FVaniea KKhamis M(2021)Prototyping Usable Privacy and Security Systems: Insights from ExpertsInternational Journal of Human–Computer Interaction10.1080/10447318.2021.1949134(1-23)Online publication date: 5-Aug-2021
https://doi.org/10.1080/10447318.2021.1949134
Goyal MSrivastava D(2021)A Behaviour‐Based Authentication to Internet of Things Using Machine LearningDesign and Development of Efficient Energy Systems10.1002/9781119761785.ch14(245-263)Online publication date: 15-Apr-2021
https://doi.org/10.1002/9781119761785.ch14
Mahadi NMohamed MMohamad AMakhtar MKadir MMamat M(2018)A Survey of Machine Learning Techniques for Behavioral-Based Biometric User AuthenticationRecent Advances in Cryptography and Network Security10.5772/intechopen.76685Online publication date: 31-Oct-2018
https://doi.org/10.5772/intechopen.76685
Show More Cited By

Index Terms

Using mobile device screens for authentication
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. Interaction devices
      1. Touch screens

Recommendations

Secure remote user authentication scheme using bilinear pairings
WISTP'07: Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems

In 2006, Das et al. proposed a remote user authentication scheme using the properties of bilinear pairings. The current paper, however, demonstrates that Das et al.'s scheme is still vulnerable to an impersonation attack and an off-line password ...
A non-interactive deniable authentication scheme based on designated verifier proofs

A deniable authentication protocol enables a receiver to identify the source of the given messages but unable to prove to a third party the identity of the sender. In recent years, several non-interactive deniable authentication schemes have been ...
A key authentication scheme with non-repudiation

In 1996, Horng and Yang proposed a key authentication scheme that requires no authorities. However, it is vulnerable to the guessing attack. An intruder can try out a password and forge the public key. To amend this problem, an improved authentication ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

OzCHI '11: Proceedings of the 23rd Australian Computer-Human Interaction Conference

November 2011

363 pages

ISBN:9781450310901

DOI:10.1145/2071536

Conference Chair:
Duncan Stevenson
Australian National University

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 November 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

OzCHI '11

Sponsor:

Human Factors & Ergonomics Soc

OzCHI '11: The Annual Meeting of the Australian Special Interest Group for Computer Human Interaction

November 28 - December 2, 2011

Canberra, Australia

Acceptance Rates

Overall Acceptance Rate 362 of 729 submissions, 50%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
238
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Mathis FVaniea KKhamis M(2021)Prototyping Usable Privacy and Security Systems: Insights from ExpertsInternational Journal of Human–Computer Interaction10.1080/10447318.2021.1949134(1-23)Online publication date: 5-Aug-2021
https://doi.org/10.1080/10447318.2021.1949134
Goyal MSrivastava D(2021)A Behaviour‐Based Authentication to Internet of Things Using Machine LearningDesign and Development of Efficient Energy Systems10.1002/9781119761785.ch14(245-263)Online publication date: 15-Apr-2021
https://doi.org/10.1002/9781119761785.ch14
Mahadi NMohamed MMohamad AMakhtar MKadir MMamat M(2018)A Survey of Machine Learning Techniques for Behavioral-Based Biometric User AuthenticationRecent Advances in Cryptography and Network Security10.5772/intechopen.76685Online publication date: 31-Oct-2018
https://doi.org/10.5772/intechopen.76685
Ruoti SRoberts BSeamons KGangemi ALeonardi SPanconesi A(2015)Authentication MeleeProceedings of the 24th International Conference on World Wide Web10.1145/2736277.2741683(916-926)Online publication date: 18-May-2015
https://dl.acm.org/doi/10.1145/2736277.2741683
Yoon HPark SLee K(2015)Exploiting Ambient Light Sensor for Authentication on Wearable Devices2015 Fourth International Conference on Cyber Security, Cyber Warfare, and Digital Forensic (CyberSec)10.1109/CyberSec.2015.27(95-100)Online publication date: Oct-2015
https://doi.org/10.1109/CyberSec.2015.27
Seifert JDe Luca ARukzio ERukzio E(2012)Don't queue up!Proceedings of the 11th International Conference on Mobile and Ubiquitous Multimedia10.1145/2406367.2406422(1-4)Online publication date: 4-Dec-2012
https://dl.acm.org/doi/10.1145/2406367.2406422
Bianchi AOakley IKwon D(2012)Counting clicks and beepsInteracting with Computers10.1016/j.intcom.2012.06.00524:5(409-422)Online publication date: 1-Sep-2012
https://dl.acm.org/doi/10.1016/j.intcom.2012.06.005

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Secure remote user authentication scheme using bilinear pairings

A non-interactive deniable authentication scheme based on designated verifier proofs

A key authentication scheme with non-repudiation