Visual Code Authentication Schemes
I bought a new security token and all I got was this lousy phish—
Relay attacks on visual code authentication schemes Graeme Jenkinson, Max Spencer, Chris Warrington, Frank Stajano
{graeme.jenkinson, max.spencer, chris.warrington, frank.stajano}@cl.cam.ac.uk University of Cambridge Computer Laboratory, Cambridge, UK
Abstract. One recent thread of academic and commercial research into web authentication has focused on schemes where users scan a visual code with their smartphone, which is a convenient alternative to passwordbased login. We find that many schemes in the literature (including, previously, our own) are, unfortunately, vulnerable to relay attacks. We explain the inherent reasons for this vulnerability and offer an architectural fix, evaluating its trade-offs and discussing why it has never been proposed by other authors.
1
Introduction
We consider a relatively new class of web authentication schemes, currently attracting significant academic and commercial interest, which we refer to as visual code authentication schemes. A user may log into a website which supports such an authentication scheme by scanning a visual code, such as a Quick Response
(QR) code [1], using their hand-held authenticator device, henceforth scanner.
The scanner is generally a smartphone, but might be a dedicated hardware gadget. The user carries their scanner at all times, or at least whenever they might want to authenticate to a website; the scanner may have a mechanism to prevent its misuse if lost or stolen. Our own Pico system [2] is of course in this class too.
Such schemes are interesting because they have some important usability benefits which passwords do not; specifically, there is nothing for users to remember or type1 . Furthermore these schemes are resilient to conventional phishing2 because the long-term secrets never leave the scanner and so an attacker cannot trick the victim into revealing them. However, visual code authentication schemes present a new risk.
Relay attacks on visual code authentication schemes Graeme Jenkinson, Max Spencer, Chris Warrington, Frank Stajano
{graeme.jenkinson, max.spencer, chris.warrington, frank.stajano}@cl.cam.ac.uk University of Cambridge Computer Laboratory, Cambridge, UK
Abstract. One recent thread of academic and commercial research into web authentication has focused on schemes where users scan a visual code with their smartphone, which is a convenient alternative to passwordbased login. We find that many schemes in the literature (including, previously, our own) are, unfortunately, vulnerable to relay attacks. We explain the inherent reasons for this vulnerability and offer an architectural fix, evaluating its trade-offs and discussing why it has never been proposed by other authors.
1
Introduction
We consider a relatively new class of web authentication schemes, currently attracting significant academic and commercial interest, which we refer to as visual code authentication schemes. A user may log into a website which supports such an authentication scheme by scanning a visual code, such as a Quick Response
(QR) code [1], using their hand-held authenticator device, henceforth scanner.
The scanner is generally a smartphone, but might be a dedicated hardware gadget. The user carries their scanner at all times, or at least whenever they might want to authenticate to a website; the scanner may have a mechanism to prevent its misuse if lost or stolen. Our own Pico system [2] is of course in this class too.
Such schemes are interesting because they have some important usability benefits which passwords do not; specifically, there is nothing for users to remember or type1 . Furthermore these schemes are resilient to conventional phishing2 because the long-term secrets never leave the scanner and so an attacker cannot trick the victim into revealing them. However, visual code authentication schemes present a new risk.
References: techniques—QR Code 2005 bar code symbology specification. ISO 18004:2006, International Organization for Standardization, Geneva, Switzerland (2006) 11, Berlin, Heidelberg, Springer-Verlag (2011) 49–81 In: Proceedings of the 2012 IEEE Symposium on Security and Privacy. SP ’12, Washington, DC, USA, IEEE Computer Society (2012) 553–567 7. Howard, A.: Qrauth. Bsc. thesis, Bournemouth University, Bournemouth, UK (2012) 9. Fu, H.P.: Pico: No more passwords! Msc. thesis, University of Leuven, Flanders, Belgium (2013) 11. Inc., C.O.: QRAuth. http://www.computingobjects.com/qrauthinfo (2012) Accessed: 2013-11-13. 12. Gibson, S.: Secure Quick Reliable Login. https://www.grc.com/sqrl/sqrl.htm (October 2013) Accessed: 2013-11-6. London, UK, UK, Springer-Verlag (1998) 91–104 14 passport protocol. In: Advances in CryptologyCRYPTO87, Springer (2006) 21–39 15 and its use in the ike protocols. In Boneh, D., ed.: Advances in Cryptology CRYPTO 2003. Volume 2729 of Lecture Notes in Computer Science. Springer Berlin Heidelberg (2003) 400–425 Conference, FC 2006, Anguilla, British West Indies, February 27-March 2, 2006, Revised Selected Papers Springer (2006) 1–19 17 passport protocol. In: A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology. CRYPTO ’87, London, UK, UK, Springer-Verlag (1988) 21–39 19. Brands, S., Chaum, D.: Distance-bounding protocols (extended abstract). In: EUROCRYPT93, Lecture Notes in Computer Science 765, Springer-Verlag (1993) Proceedings of the 2008 Workshop on New Security Paradigms. NSPW ’08, New York, NY, USA, ACM (2008) 127–133