The Untrusted Computer Problem and Camera-Based Authentication

  • Dwaine Clarke
  • Blaise Gassend
  • Thomas Kotwal
  • Matt Burnside
  • Marten van Dijk
  • Srinivas Devadas
  • Ronald Rivest
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2414)

Abstract

The use of computers in public places is increasingly common in everyday life. In using one of these computers, a user is trusting it to correctly carry out her orders. For many transactions, particularly banking operations, blind trust in a public terminal will not satisfy most users. In this paper the aim is therefore to provide the user with authenticated communication between herself and a remote trusted computer, via the untrusted computer.

After defining the authentication problem that is to be solved, this paper reduces it to a simpler problem. Solutions to the simpler problem are explored in which the user carries a trusted device with her. Finally, a description is given of two camera-based devices that are being developed.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Martin Abadi, Michael Burrows, C. Kaufman, and Butler W. Lampson. Authentication and delegation with smart-cards. In Theoretical Aspects of Computer Software, pages 326–345, 1991.Google Scholar
  2. 2.
    M. Burnside, D. Clarke, T. Mills, A. Maywah, S. Devadas, and R. Rivest. Proxy-based security protocols in networked mobile devices. In Proceedings SAC, 2002.Google Scholar
  3. 3.
    Rachna Dhamija and Adrian Perrig. Dejà vu: A user study using images for authentication. In Proceedings of the 9th USENIX Security Symposium, 2000.Google Scholar
  4. 4.
    Nicholas J. Hopper and Manuel Blum. A secure human-computer authentication scheme.Google Scholar
  5. 5.
    Charlie Kaufman, Radia Perlman, and Mike Speciner. Network Security, Private Communication in a Public World. Prentice Hall PTR, 1995.Google Scholar
  6. 6.
    H. Krawczyk, M. Bellare, and R. Canetti. RFC 2104: HMAC: Keyed-hashing for message authentication, February 1997. Status: INFORMATIONAL.Google Scholar
  7. 7.
    Tsutomu Matsumoto. Human identification through insecure channel. In Theory and Application of Cryptographic Techniques, pages 409–421, 1991.Google Scholar
  8. 8.
    Tsutomu Matsumoto. Human-computer cryptography: An attempt. In ACM Conference on Computer and Communications Security, pages 68–75, 1996.Google Scholar
  9. 9.
    Moni Naor and Benny Pinkas. Visual authentication and identification. In CRYPTO, pages 322–336, 1997.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Dwaine Clarke
    • 1
  • Blaise Gassend
    • 1
  • Thomas Kotwal
    • 1
  • Matt Burnside
    • 1
  • Marten van Dijk
    • 2
  • Srinivas Devadas
    • 1
  • Ronald Rivest
    • 1
  1. 1.Massachusetts Institute of TechnologyUSA
  2. 2.Philips ResearchUSA

Personalised recommendations