[Resource Topic] 2005/428: Loud and Clear: Human-Verifiable Authentication Based on Audio

Welcome to the resource topic for 2005/428

Loud and Clear: Human-Verifiable Authentication Based on Audio

Authors: Michael T. Goodrich, Michael Sirivianos, John Solis, Gene Tsudik, Ersin Uzun


Secure pairing of electronic devices that lack
any previous association is a challenging problem which has been
considered in many contexts and in various flavors.
In this paper, we investigate an alternative and complementary approach–the use of the audio channel for human-assisted
authentication of previously un-associated devices.
We develop and evaluate a system we call Loud-and-Clear
(L&C) which places very little demand on
the human user. L&C involves the use of a text-to-speech (TTS)
engine for vocalizing a robust-sounding and syntactically-correct
(English-like) sentence derived from the hash of a device’s public key. By coupling vocalization on one device with the display of the same information on another device, we demonstrate that L&C is suitable for secure device pairing (e.g., key exchange) and similar tasks. We also describe several common use cases, provide some performance data for our prototype implementation and discuss the security properties of L&C.

ePrint: https://eprint.iacr.org/2005/428

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .