Authentication using a Visual Channel
Lead Research Organisation:
University of Oxford
Department Name: Computer Science
Abstract
In previous work, I developed a system called VisAuth which enabled mobile payments over a visual channel by embedding authentication token information into a cover-image and displaying it to a point-of-sale terminal (similar systems exist using QR codes, but they have various drawbacks, which our system overcame). I aim to expand this visual authentication approach, firstly improving and thoroughly evaluating VisAuth and then exploring other applications of visual authentication (such as in augmented and virtual reality), combining it with real-time biometric authentication. Currently, there are weaknesses in AR/VR authentication systems (since it is a new field) and visual and biometric techniques would be an ideal fit for fixing them.
This research comes under the EPSRC Cyber Security research theme
This research comes under the EPSRC Cyber Security research theme
Planned Impact
It is part of the nature of Cyber Security - and a key reason for the urgency in developing new research approaches - that it now is a concern of every section of society, and so the successful CDT will have a very broad impact indeed. We will ensure impact for:
* The IT industry; vendors of hardware and software, and within this the IT Security industry;
* High value/high assurance sectors such as banking, bio-medical domains, and critical infrastructure, and more generally the CISO community across many industries;
* The mobile systems community, mobile service providers, handset and platform manufacturers, those developing the technologies of the internet of things, and smart cities;
* Defence sector, MoD/DSTL in particular, defence contractors, and the intelligence community;
* The public sector more generally, in its own activities and in increasingly important electronic engagement with the citizen;
* The not-for-profit sector, education, charities, and NGOs - many of whom work in highly contended contexts, but do not always have access to high-grade cyber defensive skills.
Impact in each of these will be achieved in fresh elaborations of threat and risk models; by developing new fundamental design approaches; through new methods of evaluation, incorporating usability criteria, privacy, and other societal concerns; and by developing prototype and proof-of-concept solutions exhibiting these characteristics. These impacts will retain focus through the way that the educational and research programme is structured - so that the academic and theoretical components are directed towards practical and anticipated problems motivated by the sectors listed here.
* The IT industry; vendors of hardware and software, and within this the IT Security industry;
* High value/high assurance sectors such as banking, bio-medical domains, and critical infrastructure, and more generally the CISO community across many industries;
* The mobile systems community, mobile service providers, handset and platform manufacturers, those developing the technologies of the internet of things, and smart cities;
* Defence sector, MoD/DSTL in particular, defence contractors, and the intelligence community;
* The public sector more generally, in its own activities and in increasingly important electronic engagement with the citizen;
* The not-for-profit sector, education, charities, and NGOs - many of whom work in highly contended contexts, but do not always have access to high-grade cyber defensive skills.
Impact in each of these will be achieved in fresh elaborations of threat and risk models; by developing new fundamental design approaches; through new methods of evaluation, incorporating usability criteria, privacy, and other societal concerns; and by developing prototype and proof-of-concept solutions exhibiting these characteristics. These impacts will retain focus through the way that the educational and research programme is structured - so that the academic and theoretical components are directed towards practical and anticipated problems motivated by the sectors listed here.
Organisations
People |
ORCID iD |
| Michael Goldsmith (Primary Supervisor) | |
| Jack Sturgess (Student) |
Studentship Projects
| Project Reference | Relationship | Related To | Start | End | Student Name |
|---|---|---|---|---|---|
| EP/P00881X/1 | 01/10/2016 | 31/03/2023 | |||
| 1775911 | Studentship | EP/P00881X/1 | 01/10/2016 | 08/10/2021 | Jack Sturgess |
| Description | Cyber 9/12 scenario developer (Feb. 2018) |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Undergraduate students |
| Results and Impact | Cyber 9/12 is an event run multiple times annually across the world (in London, Geneva, Sydney, and Washington, D.C.) by the Atlantic Council. Teams of students play the role of policymakers in a crisis simulation with an evolving narrative, proposing policy-based solutions to industry and government partners acting as judges. I participated in the Geneva 2017 instance (my team reached the semi-finals) and then I assisted in the organisation, scenario development, and on-day delivery of the London 2018 instance, hosted at BT Tower. The event recieved media attention, including local print media, national BBC coverage, and enthusiastic social media coverage from participants, partners, and media alike. Drawing on my knowledge of cyber security, my main contribution was assisting in the development of the narrative scenario, which involved an escalating, nation-state level cyber attack on airports and financial systems. The scenario was designed to be both factually accurate and engaging for participants. |
| Year(s) Of Engagement Activity | 2018 |
| Description | Taught course on Steganography and Watermarking (Feb. 2019) |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | Local |
| Primary Audience | Postgraduate students |
| Results and Impact | I designed, developed, and delivered/taught a course on steganography and watermarking to postgraduate students. It covered introduction and history of the field, state of the art techniques and applications, countermeasures, and practical elements. |
| Year(s) Of Engagement Activity | 2019 |