SAVVIcode: Preventing Mafia Attacks on Visual Code Authentication Schemes
Date: December 2014
Publication: 7th International Conference on Passwords (Passwords14 Trondheim). Lecture Notes in Computer Science, Volume 9393
Page(s): 146 - 152
Source 1: http://www.cl.cam.ac.uk/~fms27/papers/2014-MillicanSta-savvicode.pdf
Source 2: http://dx.doi.org/10.1007/978-3-319-24192-0_10 - Subscription or payment required
Abstract or Summary:
Most visual code authentication schemes in the literature have been shown to be vulnerable to relay attacks: the attacker logs into the victim’s “account A” using credentials that the victim provides with the intent of logging into "account B". Visual codes are not human-readable and therefore the victim cannot distinguish between the codes for A and B; on the other hand, codes must be machine-readable in order to automate the login process. We introduce a new type of visual code, the SAVVIcode, that contains an integrity-validated human-readable bitmap. With SAVVIcode, attackers have a harder time swapping visual codes surreptitiously because the integrity check prevents them from modifying or hiding the human-readable distinguisher.
PasswordResearch.com Note: Video of presentation: https://video.adm.ntnu.no/pres/54943a5cb08d7
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.