The Untrusted Computer Problem and Camera-Based Authentication
The use of computers in public places is increasingly common in everyday life. In using one of these computers, a user is trusting it to correctly carry out her orders. For many transactions, particularly banking operations, blind trust in a public terminal will not satisfy most users. In this paper the aim is therefore to provide the user with authenticated communication between herself and a remote trusted computer, via the untrusted computer.
After defining the authentication problem that is to be solved, this paper reduces it to a simpler problem. Solutions to the simpler problem are explored in which the user carries a trusted device with her. Finally, a description is given of two camera-based devices that are being developed.
Unable to display preview. Download preview PDF.
- 1.Martin Abadi, Michael Burrows, C. Kaufman, and Butler W. Lampson. Authentication and delegation with smart-cards. In Theoretical Aspects of Computer Software, pages 326–345, 1991.Google Scholar
- 2.M. Burnside, D. Clarke, T. Mills, A. Maywah, S. Devadas, and R. Rivest. Proxy-based security protocols in networked mobile devices. In Proceedings SAC, 2002.Google Scholar
- 3.Rachna Dhamija and Adrian Perrig. Dejà vu: A user study using images for authentication. In Proceedings of the 9th USENIX Security Symposium, 2000.Google Scholar
- 4.Nicholas J. Hopper and Manuel Blum. A secure human-computer authentication scheme.Google Scholar
- 5.Charlie Kaufman, Radia Perlman, and Mike Speciner. Network Security, Private Communication in a Public World. Prentice Hall PTR, 1995.Google Scholar
- 6.H. Krawczyk, M. Bellare, and R. Canetti. RFC 2104: HMAC: Keyed-hashing for message authentication, February 1997. Status: INFORMATIONAL.Google Scholar
- 7.Tsutomu Matsumoto. Human identification through insecure channel. In Theory and Application of Cryptographic Techniques, pages 409–421, 1991.Google Scholar
- 8.Tsutomu Matsumoto. Human-computer cryptography: An attempt. In ACM Conference on Computer and Communications Security, pages 68–75, 1996.Google Scholar
- 9.Moni Naor and Benny Pinkas. Visual authentication and identification. In CRYPTO, pages 322–336, 1997.Google Scholar