A Human-Verifiable Authentication Protocol Using Visible Laser Light


Securing wireless channels necessitates authenticating communicationpartners. For spontaneous interaction, authentication must be efficientand intuitive. One approach to create interaction and authenticationmethods that scale to using hundreds of services throughout the dayis to rely on personal, trusted, mobile devices to interact withthe environment. Authenticating the resulting device-to-device interactionsrequires an out-of-band channel that is verifiable by the user. Wepresent a protocol for creating such an out-of-band channel withvisible laser light that is secure against man-in-the-middle attackseven when the laser transmission is not confidential. A prototypeimplementation shows that an appropriate laser channel can be constructedwith simple off-the-shelf components.

Proc. ARES 2007: 2nd International Conference on Availability,Reliability and Security