Advertisement

Wireless Authentication and Transaction-Confirmation Token

  • Daniel V. Bailey
  • John Brainard
  • Sebastian Rohde
  • Christof Paar
Part of the Communications in Computer and Information Science book series (CCIS, volume 130)

Abstract

Our new system combines Wi-Fi with user-authentication tokens to authenticate consumer financial transactions. To achieve this goal while maintaining maximum usability and compatibility, our token tunnels data through new side channels including the SSID field, packet timing, and packet length. These new point-to-point side-channels in Wi-Fi allow a token and PC to directly exchange messages – even while the PC is also connected to an access point. The result is a token that can authenticate transactions using only one touch by the user.

Keywords

Medium Access Control Access Point Smart Card Side Channel Packet Length 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Myers, B.: Using handhelds and PCs together. Communications of the ACM 44(11), 34–41 (2001)CrossRefGoogle Scholar
  2. 2.
    Apple: About the apple remote control (2008), http://support.apple.com/kb/HT1522
  3. 3.
    McCune, J.M., Perrig, A., Reiter, M.K.: Bump in the ether: A framework for securing sensitive user input. In: Proceedings of the 2006 USENIX Annual Technical Conference, pp. 185–198 (2006)Google Scholar
  4. 4.
    Balfanz, D., Felten, E.: Hand-Held Computers Can Be Better Smart Cards. In: 8th USENIX Security Symposium, vol. 271 (1999)Google Scholar
  5. 5.
    Corner, M., Noble, B.: Zero-interaction authentication. In: Proceedings of the 8th Annual International Conference on Mobile Computing and Networking, pp. 1–11 (2002)Google Scholar
  6. 6.
    Matsumiya, K., Aoki, S., Murase, M., Tokuda, H.: A zero-stop authentication system for sensor-based embedded real-time applications. J. Embedded Comput. 1, 119–132 (2005)Google Scholar
  7. 7.
    Bardram, J., Kjær, R., Pedersen, M.: Context-aware user authentication – supporting proximity-based login in pervasive computing. In: Dey, A.K., Schmidt, A., McCarthy, J.F. (eds.) UbiComp 2003. LNCS, vol. 2864, pp. 107–123. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Wi-Fi Alliance announces groundbreaking specification to support direct Wi-Fi connections between devices. Wi-Fi Alliance (October 14, 2010) Referenced 2010 at http://www.wi-fi.org/news_articles.php?f=media_news&news_id=909
  9. 9.
    IEEE: IEEE 802.11-2007. IEEE standard for information technology–telecommunications and information exchange between system–local and metropolitan area networks specific requirements–part 11: Wireless LAN medium access control (MAC) and physical layer (PHY) specifications (2007)Google Scholar
  10. 10.
    Parno, B., Kuo, C., Perrig, A.: Phoolproof Phishing Prevention. In: Di Crescenzo, G., Rubin, A. (eds.) FC 2006. LNCS, vol. 4107, pp. 1–19. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    M’Raihi, D., Bellare, M., Hoornaert, F., Naccache, D., Ranen, O.: Hotp: An hmac-based one-time password algorithm (2005), http://www.ietf.org/rfc/rfc4226.txt
  12. 12.
    M’Raihi, D., Machani, S., Pei, M., Rydell, J.: Totp: Time-based one-time password algorithm (2008), http://www.ietf.org/internet-drafts/draft-mraihi-totp-timebased-00.txt
  13. 13.
    M’Raihi, D., Rydell, J., Naccache, D., Machani, S., Bajaj, S.: Ocra: Oath challenge-response algorithms (2008), http://www.ietf.org/internet-drafts/draft-mraihi-mutual-oath-hotp-variants-07.txt
  14. 14.
    Schneier, B., Shostack, A.: Breaking Up is Hard to Do: Modeling Security Threats for Smart Cards. In: USENIX Workshop on Smartcard Technology (1999)Google Scholar
  15. 15.
    Kershaw, M.: Kismet (2004), Referenced 2008 at http://www.kismetwireless.net/presentations/5hope-kismet.pdf
  16. 16.
    LORCON: Lorcon (loss of radio connectivity) (2008), http://802.11ninja.net/lorcon
  17. 17.
    MadWifi: Madwifi wlan driver (2008), http://madwifi.org/
  18. 18.
    Libnet: The libnet packet construction library (2008), http://www.packetfactory.net/libnet/
  19. 19.
    WinPcap: Winpcap: The windows packet capture library (2008), http://www.winpcap.org/
  20. 20.
    RT73: The rt73 driver homepage (2008), http://rt2x00.serialmonkey.com/
  21. 21.
    Lauradoux, C.: Throughput/code size tradeoff for stream ciphers. In: The State of the Art of Stream Ciphers - SASC (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Daniel V. Bailey
    • 1
    • 2
  • John Brainard
    • 1
  • Sebastian Rohde
    • 2
  • Christof Paar
    • 2
  1. 1.RSAThe Security Division of EMCBedfordU.S.A.
  2. 2.Horst-Görtz Institute for IT SecurityRuhr-Universität BochumGermany

Personalised recommendations