Research Article
Defending Against Device Theft with Human Notarization
@INPROCEEDINGS{10.4108/icst.collaboratecom.2014.257706, author={Alana Libonati and Kelly Caine and Apu Kapadia and Michael Reiter}, title={Defending Against Device Theft with Human Notarization}, proceedings={10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing}, publisher={IEEE}, proceedings_a={COLLABORATECOM}, year={2014}, month={11}, keywords={crowdsourcing authentication notarization security biometrics}, doi={10.4108/icst.collaboratecom.2014.257706} }
- Alana Libonati
Kelly Caine
Apu Kapadia
Michael Reiter
Year: 2014
Defending Against Device Theft with Human Notarization
COLLABORATECOM
IEEE
DOI: 10.4108/icst.collaboratecom.2014.257706
Abstract
People increasingly rely on mobile phones for storing sensitive information and credentials for access to services. Because these devices are vulnerable to theft, security of this data is put at higher risk - once the attacker is in physical possession of the device, recovering these credentials and impersonating the owner of the phone is hard to defend by purely local means. We introduce the concept of ‘notarization’, a process by which a remote notary verifies the identity of the device user through video chat. We describe the design and implementation of a system that leverages notarization to protect cryptographic keys that the device uses to decrypt device data (e.g., website passwords) or perform signatures in support of client-side TLS, without trusting the notary with these keys. Through a lab-based study with 56 participants, we show that notarization even by strangers is effective for combating device theft.