Loud and Clear: Human-Verifiable Authentication Based on Audio Export

@inproceedings{citeulike:5705153, abstract = {Secure pairing of electronic devices that lack any previous association is a challenging problem which has been considered in many contexts and in various flavors. In this paper, we investigate the use of audio for human-assisted authentication of previously un-associated devices. We develop and evaluate a system we call Loud-and-Clear (L\&C) which places very little demand on the human user. L\&C involves the use of a text-to-speech (TTS) engine for vocalizing a robust-sounding and syntactically-correct (English-like) sentence derived from the hash of a device\&\#146;s public key. By coupling vocalization on one device with the display of the same information on another device, we demonstrate that L\&C is suitable for secure device pairing (e.g., key exchange) and similar tasks. We also describe several common use cases, provide some performance data for our prototype implementation and discuss the security properties of L\&C.}, author = {Goodrich, M. T. and Sirivianos, M. and Solis, J. and Tsudik, G. and Uzun, E.}, booktitle = {Distributed Computing Systems, 2006. ICDCS 2006. 26th IEEE International Conference on}, citeulike-article-id = {5705153}, citeulike-linkout-0 = {http://dx.doi.org/10.1109/ICDCS.2006.52}, citeulike-linkout-1 = {http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1648797}, doi = {10.1109/ICDCS.2006.52}, journal = {Distributed Computing Systems, 2006. ICDCS 2006. 26th IEEE International Conference on}, keywords = {audio, captcha}, pages = {10}, posted-at = {2009-09-02 06:11:50}, priority = {2}, title = {Loud and Clear: Human-Verifiable Authentication Based on Audio}, url = {http://dx.doi.org/10.1109/ICDCS.2006.52}, year = {2006} }

TY - CONF ID - citeulike:5705153 L3 - citeulike-article-id:5705153 N2 - Secure pairing of electronic devices that lack any previous association is a challenging problem which has been considered in many contexts and in various flavors. In this paper, we investigate the use of audio for human-assisted authentication of previously un-associated devices. We develop and evaluate a system we call Loud-and-Clear (L&C) which places very little demand on the human user. L&C involves the use of a text-to-speech (TTS) engine for vocalizing a robust-sounding and syntactically-correct (English-like) sentence derived from the hash of a device’s public key. By coupling vocalization on one device with the display of the same information on another device, we demonstrate that L&C is suitable for secure device pairing (e.g., key exchange) and similar tasks. We also describe several common use cases, provide some performance data for our prototype implementation and discuss the security properties of L&C. JF - Distributed Computing Systems, 2006. ICDCS 2006. 26th IEEE International Conference on EP - 10 TI - Loud and Clear: Human-Verifiable Authentication Based on Audio T2 - Distributed Computing Systems, 2006. ICDCS 2006. 26th IEEE International Conference on SP - 10 KW - audio KW - captcha AU - Goodrich, MT AU - Sirivianos, M AU - Solis, J AU - Tsudik, G AU - Uzun, E PY - 2006/// UR - http://dx.doi.org/10.1109/ICDCS.2006.52 ER -