[转载]Human-Verifiable Authentication Based on Audio
信息来源:邪恶八进制信息安全团队([url]www.eviloctal.com[/url])Secure pairing of electronic devices that lack any previous association is a challenging problem which has been considered
in many contexts and in various flavors. In this paper, we investigate the use of the audio channel for human-assisted
authentication of previously un-associated devices. We develop and evaluate a system we call Loud-and-Clear (L&C)
which places very little demand on the human user. L&C involves the use of a text-to-speech (TTS) engine for vocalizing a
robust-sounding and syntactically-correct (English-like) sentence derived from the hash of a device’s public key. By coupling
vocalization on one device with the display of the same information on another device, we demonstrate that L&C is suitable
for secure device pairing (e.g., key exchange) and similar tasks. We also describe several common use cases, provide some
performance data for our prototype implementation and discuss the security properties of L&C.
页:
[1]