SAVVIcode: Preventing Mafia Attacks on Visual Code Authentication Schemes
Author(s): Jonathan Millican, Frank Stajano

Date: December 2014
Publication: 7th International Conference on Passwords (Passwords14 Trondheim). Lecture Notes in Computer Science, Volume 9393
Page(s): 146 - 152
Publisher: Springer
Source 1:
Source 2: - Subscription or payment required

Abstract or Summary:
Most visual code authentication schemes in the literature have been shown to be vulnerable to relay attacks: the attacker logs into the victim’s “account A” using credentials that the victim provides with the intent of logging into "account B". Visual codes are not human-readable and therefore the victim cannot distinguish between the codes for A and B; on the other hand, codes must be machine-readable in order to automate the login process. We introduce a new type of visual code, the SAVVIcode, that contains an integrity-validated human-readable bitmap. With SAVVIcode, attackers have a harder time swapping visual codes surreptitiously because the integrity check prevents them from modifying or hiding the human-readable distinguisher. Note: Video of presentation:

Do you have additional information to contribute regarding this research paper? If so, please email with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2016