Abstract
Wearable computing devices have become increasingly popular and while these devices promise to improve our lives, they come with new challenges. This paper focuses on user authentication mechanisms for the Google Glass device (Glass). Glass only has three sources of input: a camera, a microphone, and a touchpad. This limited set of interfaces makes the use of standard passwords infeasible or cumbersome. We therefore propose a One-Time-Password (OTP) authentication scheme, Glass OTP that uses the Glass camera to scan a QR code displayed on the user’s smartphone. We implement a proof of concept Glass lock screen which unlocks only upon scanning an OTP generated by the companion Android smartphone application. We also discuss the reliability, security, and convenience of the proposed solution as compared to the current solutions in use.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Fitbit, Inc. Fitbit Official Site. http://www.fitbit.com. Accessed 2 October 2014
Google. Google Glass. http://www.google.com/glass. Accessed 20 September 2014
Google. Google Developers Voice Input. https://developers.google.com/glass/develop/gdk/voice. Accessed 8 October 2014
Google. Context Android Developers. http://developer.android.com/reference/android/content/Context.html. Accessed 1 October 2014
Oracle. KeyGenerator (Java Platform SE 7). http://docs.oracle.com/javase/7/docs/api/javax/crypto/KeyGenerator.html. Accessed 1 October 2014
Github, Inc. zxing/Zxing. https://github.com/zxing/zxing. Accessed 12 October 2014
Github, Inc. kaze0/Bulletproof. https://github.com/kaze0/bulletproof. Accessed 10 October 2014
Google. Screen Lock – Google Glass Help. https://support.google.com/glass/answer/4389349?hl=en. Accessed 8 October 2014
Bonneau, J., Herley, C., van Oorschot, P.C., Stajano, F.: The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes. Microsoft. http://research.microsoft.com/pubs/161585/QuestToReplacePasswords.pdf
Li, J., Isobe, T., Shibutani, K.: Converting MITM Preimage Attack into Pseudo Collision Attack: Application to SHA-2 (2012). Sony China Research Laboratory. Sony Corporation. http://fse2012.inria.fr/SLIDES/67.pdf
M’Raihi, D., Machani, S., Pei, M., Rydell, J.: TOTP: Time-Based One-Time Password Algorithm. Int. Eng. Task Force (2011). https://tools.ietf.org/html/rfc6238
Bluetooth SIG, Inc. Basics | Bluetooth Technology Website. http://www.bluetooth.com/Pages/Basics.aspx. Accessed 10 December 2014
Google. Bluetooth Low Energy | Android Developers. https://developer.android.com/guide/topics/connectivity/bluetooth-le.html. Accessed 12 December 2014
Ghose, A., Bhaumik, C., Chakravarty, T.: BlueEye – A System for Proximity Detection Using Bluetooth on Mobile Phones. UbiComp. http://www.ubicomp.org/ubicomp2013/adjunct/adjunct/p1135.pdf
Google. Android 4.3 APIs | Android Developers. https://developer.android.com/about/versions/android-4.3.html. Accessed 16 December 2014
Elenkov, N.: Jelly Bean hardware-backed credential storage. http://nelenkov.blogspot.com/2012/07/jelly-bean-hardware-backed-credential.html. Accessed 16 December 2014
Google. On-Head Detection – Google Glass Help. https://support.google.com/glass/answer/3079857. Accessed 20 December 2014
Apple. Apple – iPhone 6 – Touch ID. https://www.apple.com/iphone-6/touch-id/. Accessed 20 December 2014
FinExtra. PayPal adds fingerprint authentication to more Samsung devices (2014). http://www.finextra.com/news/announcement.aspx?pressreleaseid=56577&topic=retail
PewReseach Internet Project, Mobile Technology Fact Sheet. http://www.pewinternet.org/fact-sheets/mobile-technology-fact-sheet/
Cnet, 72 percent say no to Google Glass because of privacy. http://www.cnet.com/news/72-percent-say-no-to-google-glass-because-of-privacy/
Yadav, D.K., Ionascu, B., Ongole, S.V.K., Roy, A., Memon, N.: Design and analysis of shoulder surfing resistant PIN based authentication bechanisms on google glass. In: Wearable S&P 2015 (2015)
Acknowledgments
This work was supported in part by the NSF (under grant 1228842). The views and conclusions contained in this document are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied, of any of the sponsors.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 International Financial Cryptography Association
About this paper
Cite this paper
Chan, P., Halevi, T., Memon, N. (2015). Glass OTP: Secure and Convenient User Authentication on Google Glass. In: Brenner, M., Christin, N., Johnson, B., Rohloff, K. (eds) Financial Cryptography and Data Security. FC 2015. Lecture Notes in Computer Science(), vol 8976. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-48051-9_22
Download citation
DOI: https://doi.org/10.1007/978-3-662-48051-9_22
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-48050-2
Online ISBN: 978-3-662-48051-9
eBook Packages: Computer ScienceComputer Science (R0)