Securing Interactive Sessions Using Mobile Device Through Visual Channel and Visual Inspection

Communication channel established from a display to a device's camera is known as visual channel, and it is helpful in securing key exchange protocol. In this paper, the authors explain how visual channel can be exploited by a network terminal and mobile device to jointly verify information in an interactive session, and how such information can be jointly presented in a user-friendly manner, taking into account that the mobile device can only capture and display a small region, and the user may only want to authenticate selective regions-of-interests. They give two protocols and investigate them under the abovementioned models. They point out a form of replay attack that renders some other straightforward implementations cumbersome to use.