Communication channel established from a display to a device's camera isknown as visual channel, and it is helpful in securing key exchange protocol.In this paper, we study how visual channel can be exploited by a networkterminal and mobile device to jointly verify information in an interactivesession, and how such information can be jointly presented in a user-friendlymanner, taking into account that the mobile device can only capture and displaya small region, and the user may only want to authenticate selectiveregions-of-interests. Motivated by applications in Kiosk computing andmulti-factor authentication, we consider three security models: (1) the mobiledevice is trusted, (2) at most one of the terminal or the mobile device isdishonest, and (3) both the terminal and device are dishonest but they do notcollude or communicate. We give two protocols and investigate them under theabovementioned models. We point out a form of replay attack that renders someother straightforward implementations cumbersome to use. To enhanceuser-friendliness, we propose a solution using visual cues embedded into the 2Dbarcodes and incorporate the framework of "augmented reality" for easyverifications through visual inspection. We give a proof-of-conceptimplementation to show that our scheme is feasible in practice.
展开▼