Skip to main content
Journal Article

I bought a new security token and all i got was this lousy phish—relay attacks on visual code authentication schemes

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2014) 8809 197-215
DOI: 10.1007/978-3-319-12400-1_19
4Citations
Citations of this article
12Readers
Mendeley users who have this article in their library.
Get full text

Abstract

One recent thread of academic and commercial research into web authentication has focused on schemes where users scan a visual code with their smartphone, which is a convenient alternative to passwordbased login. We find that many schemes in the literature (including, previously, our own) are, unfortunately, vulnerable to relay attacks. We explain the inherent reasons for this vulnerability and offer an architectural fix, evaluating its trade-offs and discussing why it has never been proposed by other authors.

Cite

CITATION STYLE

APA

Jenkinson, G., Spencer, M., Warrington, C., & Stajano, F. (2014). I bought a new security token and all i got was this lousy phish—relay attacks on visual code authentication schemes. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 8809, 197–215. https://doi.org/10.1007/978-3-319-12400-1_19

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free