10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing

Research Article

Defending Against Device Theft with Human Notarization

Download543 downloads
  • @INPROCEEDINGS{10.4108/icst.collaboratecom.2014.257706,
        author={Alana Libonati and Kelly Caine and Apu Kapadia and Michael Reiter},
        title={Defending Against Device Theft with Human Notarization},
        proceedings={10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing},
        publisher={IEEE},
        proceedings_a={COLLABORATECOM},
        year={2014},
        month={11},
        keywords={crowdsourcing authentication notarization security biometrics},
        doi={10.4108/icst.collaboratecom.2014.257706}
    }
    
  • Alana Libonati
    Kelly Caine
    Apu Kapadia
    Michael Reiter
    Year: 2014
    Defending Against Device Theft with Human Notarization
    COLLABORATECOM
    IEEE
    DOI: 10.4108/icst.collaboratecom.2014.257706
Alana Libonati1, Kelly Caine2, Apu Kapadia3, Michael Reiter1,*
  • 1: UNC Chapel Hill
  • 2: Clemson University
  • 3: Indiana University
*Contact email: reiter@cs.unc.edu

Abstract

People increasingly rely on mobile phones for storing sensitive information and credentials for access to services. Because these devices are vulnerable to theft, security of this data is put at higher risk - once the attacker is in physical possession of the device, recovering these credentials and impersonating the owner of the phone is hard to defend by purely local means. We introduce the concept of ‘notarization’, a process by which a remote notary verifies the identity of the device user through video chat. We describe the design and implementation of a system that leverages notarization to protect cryptographic keys that the device uses to decrypt device data (e.g., website passwords) or perform signatures in support of client-side TLS, without trusting the notary with these keys. Through a lab-based study with 56 participants, we show that notarization even by strangers is effective for combating device theft.