One recent thread of academic and commercial research into web authentication has focused on schemes where users scan a visual code with their smartphone, which is a convenient alternative to passwordbased login. We find that many schemes in the literature (including, previously, our own) are, unfortunately, vulnerable to relay attacks. We explain the inherent reasons for this vulnerability and offer an architectural fix, evaluating its trade-offs and discussing why it has never been proposed by other authors.
CITATION STYLE
Jenkinson, G., Spencer, M., Warrington, C., & Stajano, F. (2014). I bought a new security token and all i got was this lousy phish—relay attacks on visual code authentication schemes. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 8809, 197–215. https://doi.org/10.1007/978-3-319-12400-1_19
Mendeley helps you to discover research relevant for your work.