Repository logo
 

I bought a new security token and all I got was this lousy phish— Relay attacks on visual code authentication schemes

Accepted version
Peer-reviewed

Type

Conference Object

Change log

Authors

Jenkinson, Graeme 
Spencer, Max 
Warrington, Chris 
Stajano, FM 

Abstract

One recent thread of academic and commercial research into web authentication has focused on schemes where users scan a visual code with their smartphone, which is a convenient alternative to password- based login. We find that many schemes in the literature (including, previously, our own) are, unfortunately, vulnerable to relay attacks. We explain the inherent reasons for this vulnerability and offer an architec- tural fix, evaluating its trade-offs and discussing why it has never been proposed by other authors.

Description

Keywords

Journal Title

Security Protocols XXII 22nd International Workshop, Cambridge, UK, March 19-21, 2014, Revised Selected Papers

Conference Name

Security Protocols Workshop 2014

Journal ISSN

Volume Title

Publisher

Sponsorship
European Research Council (307224)
ERC 307224