I bought a new security token and all I got was this lousy phish— Relay attacks on visual code authentication schemes
Accepted version
Peer-reviewed
Repository URI
Repository DOI
Change log
Authors
Jenkinson, Graeme
Spencer, Max
Warrington, Chris
Stajano, FM
Abstract
One recent thread of academic and commercial research into web authentication has focused on schemes where users scan a visual code with their smartphone, which is a convenient alternative to password- based login. We find that many schemes in the literature (including, previously, our own) are, unfortunately, vulnerable to relay attacks. We explain the inherent reasons for this vulnerability and offer an architec- tural fix, evaluating its trade-offs and discussing why it has never been proposed by other authors.
Description
Keywords
Journal Title
Security Protocols XXII 22nd International Workshop, Cambridge, UK, March 19-21, 2014, Revised Selected Papers
Conference Name
Security Protocols Workshop 2014
Journal ISSN
Volume Title
Publisher
Publisher DOI
Sponsorship
European Research Council (307224)
ERC 307224