Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Forward-Security Under Continual Leakage Read chapter Read first chapter

2018 | OriginalPaper | Chapter

VisAuth: Authentication over a Visual Channel Using an Embedded Image

Authors : Jack Sturgess, Ivan Martinovic

Published in: Cryptology and Network Security

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Mobile payment systems are pervasive; their design is driven by convenience and security. In this paper, we identify five common problems in existing systems: (i) specialist hardware requirements, (ii) no reader-to-user authentication, (iii) use of invisible channels, (iv) dependence on a client-server connection, and (v) no inherent fraud detection. We then propose a novel system which overcomes these problems, so as to mutually authenticate a user, a point-of-sale reader, and a verifier over a visual channel, using an embedded image token to transport information, while providing inherent unauthorised usage detection. We show our system to be resilient against replay and tampering attacks.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Modelling Traffic Analysis in Home Automation Systems
Footnotes
3
support.​google.​com/​androidpay (last accessed: June 2017).
 
5
 
7
 
8
www.​tangerine.​ca/​en/​security (last accessed: Oct. 2017).
 
9
An authenticated encryption algorithm should be chosen, such as AES-EAX.
 
Literature
1.
British Retail Consortium: Debit Cards Overtake Cash to Become Number One Payment Method in the UK (2017)
2.
Bond, M., Choudary, O., Murdoch, S.J., Skorobogatov, S., Anderson, R.: Chip and skim: cloning EMV cards with the pre-play attack. In: IEEE Symposium on Security and Privacy (SP) (2014)
3.
Emms, M., Arief, B., Freitas, L., Hannon, J., van Moorsel, A.: Harvesting high value foreign currency transactions from EMV contactless credit cards without the PIN. In: ACM Conference on Computer and Communications Security (CCS) (2014)
4.
Jupiter Research. Integrated Handsets: Balancing Device Functionality with Consumer Desires (2005)
5.
Huh, J.H., Verma, S., Rayala, S.S.V., Bobba, R.B., Beznosov, K., Kim, H.: I Don’t Use Apple Pay because it’s less secure...: perception of security and usability in mobile tap-and-pay. In: Proceedings of the Workshop on Usable Security (USEC) (2017)
6.
Murdoch, S.J., Drimer, S., Anderson, R., Bond, M.: Chip and PIN is broken. In: IEEE Symposium on Security and Privacy (SP) (2010)
7.
Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: On the security issues of NFC enabled mobile phones. Int. J. Internet Technol. Secur. Trans. 2, 336–356 (2010)CrossRef
8.
Kortvedt, H., Mjolsnes, S.: Eavesdropping near field communication. In: The Norwegian Information Security Conference (NISK) (2009)
9.
Diakos, T.P., Briffa, J.A., Brown, T.W.C., Wesemeyer, S.: Eavesdropping near-field contactless payments: a quantitative analysis. J. Eng. 2013, 48–54 (2013)
10.
Schechter, S.E., Dhamija, R., Ozment, A., Fischer, I.: The Emperor’s new security indicators. In: IEEE Symposium on Security and Privacy (2007)
11.
Marforio, C., Masti, R.J, Soriente, C., Kostiainen, K., Čapkun, S.: Evaluation of personalized security indicators as an anti-phishing mechanism for smartphone applications. In: CHI Conference on Human Factors in Computing Systems, pp. 540–551 (2016)
12.
Purnomo, A.T., Gondokaryono, Y.S., Kim, C.-S.: Mutual authentication in securing mobile payment system using encrypted QR code based on public key infrastructure. In: IEEE 6th International Conference on System Engineering and Technology (ICSET) (2016)
13.
Biddle, R., Chiasson, S., Oorschot, P.C.: Graphical passwords: learning from the first twelve years. ACM Comput. Surv. (CSULR) 44, 19 (2012)MATH
14.
Brassard, G., Chaum, D., Crepeau, C.: Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37, 156–189 (1988)MathSciNetCrossRef
15.
Davis, D., Monrose, F., Reiter, M.K.: On user choice in graphical password schemes. In: USENIX Security Symposium 13, p. 11 (2004)
Metadata
Title
VisAuth: Authentication over a Visual Channel Using an Embedded Image
Authors
Jack Sturgess
Ivan Martinovic
Copyright Year
2018
Book
Cryptology and Network Security

Print ISBN: 978-3-030-02640-0

Electronic ISBN: 978-3-030-02641-7

Copyright Year: 2018

DOI
https://doi.org/10.1007/978-3-030-02641-7_28

Premium Partner

    Image Credits