{"title":"Authenticating physical location using QR codes and network latency","authors":"Charles Allen, A. Harfield","doi":"10.1109/JCSSE.2017.8025952","DOIUrl":null,"url":null,"abstract":"QR codes are increasingly being used as a mechanism to transmit one time passwords (OTPs) between devices for the purpose of authentication due to their convenience, low cost, and the ubiquity of consumer mobile devices. Existing practice typically utilizes a single QR code which is relatively easy to capture and relay to an offsite attacker or collaborator. We propose a mechanism using a stream of rapidly changing QR codes that maintains the convenience, ubiquity, and low cost of the standard approach, while aiming to eliminate the viability of relay attacks. We test this setup using a university class attendance scenario and successfully distinguish between valid physically present users and invalid offsite attackers.","PeriodicalId":6460,"journal":{"name":"2017 14th International Joint Conference on Computer Science and Software Engineering (JCSSE)","volume":"52 1","pages":"1-6"},"PeriodicalIF":0.0000,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 14th International Joint Conference on Computer Science and Software Engineering (JCSSE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/JCSSE.2017.8025952","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5
Abstract
QR codes are increasingly being used as a mechanism to transmit one time passwords (OTPs) between devices for the purpose of authentication due to their convenience, low cost, and the ubiquity of consumer mobile devices. Existing practice typically utilizes a single QR code which is relatively easy to capture and relay to an offsite attacker or collaborator. We propose a mechanism using a stream of rapidly changing QR codes that maintains the convenience, ubiquity, and low cost of the standard approach, while aiming to eliminate the viability of relay attacks. We test this setup using a university class attendance scenario and successfully distinguish between valid physically present users and invalid offsite attackers.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
