Google Glass has potential to be a quality piece of technology that can lead the pack for quite a while, but it may also help as a security device.
The futuristic-looking device consists of a glasses frame which has a camera and a mini computer installed. It depicts information in the user’s field of vision via a glass prism installed at the front end of the right temple. This causes an effect as if the user were looking at a 24 inch screen from a distance of two and a half meters.
Dominique Schröder, assistant professor of Cryptographic Algorithms at Saarland University and who also does research at the Center for IT-Security, Privacy and Accountability (CISPA), is aware of the data security concerns with Google Glass.
“We know that you can use it to abuse data,” Schröder said. “But it can also be used to protect data.”
To prove this, Schröder and his group combined “Google Glass” with cryptographic methods and techniques from automated image analysis to create the software system “Ubic.”
By using Ubic, withdrawing money at a cash machine would change as follows: The customer identifies himself to the cash machine. This requests from a reliable instance the public key of the customer. It uses the key to encrypt the one-way personal identification number (PIN) and seals it additionally with a “digital signature,” the digital counterpart of the conventional signature.
The result shows up on the screen as a black-and-white pattern, a QR code. The PIN hidden below is only visible for the identified wearer of the glasses. Google Glass decrypts it and shows it in the wearer’s field of vision.
“Although the process occurs in public, nobody is able to spy on the PIN,” Schröder said. This is not the case if PINs end up sent over to a smartphone. To spy on the PIN while a person is entering would also be useless, since the PIN re-generates each time the customer uses the cash machine. An attacker also wearing a Google Glass is not able to spy on the process, either.
The digital signature guarantees that no assailant is able to intrude between the customer and the cash machine as during a “skimming” attack, where the assailant can impersonate the customer.
Only the customer is able to decrypt the encryption by the public key with his secret key. As long as this is safely stored on the Google Glass, his money is also safe.