Google Glass to add an extra layer of privacy for users withdrawing cash from ATM machines by displaying a one-time personal identification number which only the Glass user can see.The futuristic-looking device consists of a glasses frame on which a camera and a mini computer are installed. It depicts information in the user's field of vision via a glass prism that is installed at the front end of the right temple.
According to the German computer magazine "c't", this causes an effect "as if the user were looking at a 24 inch screen from a distance of two and a half meters".
Schröder, who also does research at the Center for IT-Security, Privacy and Accountability (CISPA), located only a few yards away, is aware of the data security concerns with Google Glass:
"We know that you can use it to abuse data. But it can also be used to protect data."
To prove this, Schröder and his group combine "Google Glass" with cryptographic methods and techniques from automated image analysis to create the software system "Ubic".
By using Ubic, withdrawing money at a cash machine would change as follows: The customer identifies himself to the cash machine. This requests from a reliable instance the public key of the customer.
It uses the key to encrypt the one-way personal identification number (PIN) and seals it additionally with a "digital signature", the digital counterpart of the conventional signature.
The result shows up on the screen as a black-and-white pattern, a so-called QR code. The PIN that is hidden below is only visible for the identified wearer of the glasses.
Google Glass decrypts it and shows it in the wearer's field of vision." Although the process occurs in public, nobody is able to spy on the PIN", explains Schröder. This is not the case if PINs are sent to a smart phone.
To spy on the PIN while it is being entered would also be useless, since the PIN is re-generated each time the customer uses the cash machine. An attacker also wearing a Google Glass is not able to spy on the process, either.
The digital signature guarantees that no assailant is able to intrude between the customer and the cash machine as during the so-called "skimming", where the assailant can impersonate the customer.
The customer is able to decrypt the encryption by the public key with his secret key. As long as this is safely stored on the Google Glass, his money is also safe. At the computer expo Cebit, the researchers will also present how Google Glass can be used to hide information.
No comments:
Post a Comment