USENIX Security '16: AuthLoop for Secure Telephony π
Introducing AuthLoop, a cryptographic system ensuring end-to-end authentication over voice channels, enhancing telephony security.
USENIX
75 views β’ Dec 3, 2021
About this video
AuthLoop: End-to-End Cryptographic Authentication for Telephony over Voice Channels
Bradley Reaves, Logan Blue, and Patrick Traynor, University of Florida
Telephones remain a trusted platform for conducting some of our most sensitive exchanges. From banking to taxes, wide swathes of industry and government rely on telephony as a secure fall-back when attempting to confirm the veracity of a transaction. In spite of this, authentication is poorly managed between these systems, and in the general case it is impossible to be certain of the identity (i.e., Caller ID) of the entity at the other end of a call. We address this problem with AuthLoop, the first system to provide cryptographic authentication solely within the voice channel. We design, implement and characterize the performance of an in-band modem for executing a TLS-inspired authentication protocol, and demonstrate its abilities to ensure that the explicit single-sided authentication procedures pervading the web are also possible on all phones. We show experimentally that this protocol can be executed with minimal computational overhead and only a few seconds of user time (β9 instead of β97 seconds for a naΓ―ve implementation of TLS 1.2) over heterogeneous networks. In so doing, we demonstrate that strong end-to-end validation of Caller ID is indeed practical for all telephony networks.
View the full USENIX Security '16 program at https://www.usenix.org/conference/usenixsecurity16/technical-sessions
Bradley Reaves, Logan Blue, and Patrick Traynor, University of Florida
Telephones remain a trusted platform for conducting some of our most sensitive exchanges. From banking to taxes, wide swathes of industry and government rely on telephony as a secure fall-back when attempting to confirm the veracity of a transaction. In spite of this, authentication is poorly managed between these systems, and in the general case it is impossible to be certain of the identity (i.e., Caller ID) of the entity at the other end of a call. We address this problem with AuthLoop, the first system to provide cryptographic authentication solely within the voice channel. We design, implement and characterize the performance of an in-band modem for executing a TLS-inspired authentication protocol, and demonstrate its abilities to ensure that the explicit single-sided authentication procedures pervading the web are also possible on all phones. We show experimentally that this protocol can be executed with minimal computational overhead and only a few seconds of user time (β9 instead of β97 seconds for a naΓ―ve implementation of TLS 1.2) over heterogeneous networks. In so doing, we demonstrate that strong end-to-end validation of Caller ID is indeed practical for all telephony networks.
View the full USENIX Security '16 program at https://www.usenix.org/conference/usenixsecurity16/technical-sessions
Tags and Topics
Browse our collection to discover more content in these categories.
Video Information
Views
75
Duration
27:29
Published
Dec 3, 2021
Related Trending Topics
LIVE TRENDSRelated trending topics. Click any trend to explore more videos.
Trending Now