Withdrawing money at cash machines with 'Google Glass'

Posted by TG Daily Staff

Taking photos with a wink, checking one's calendar with a glance of the right eye, reading text messages — the multinational cooperation Google wants to make it possible with Google Glass.

But what IT experts celebrate as a new milestone makes privacy groups skeptical. So far, few people have access to the prototype to test how it can be used in daily life. "Thanks to the Max Planck Institute for Informatics we are one of the few universities in Germany that can do research with Google Glass", says Dominique Schröder, assistant professor of Cryptographic Algorithms at Saarland University.

The futuristic-looking device consists of a glasses frame on which a camera and a mini computer are installed. It depicts information in the user's field of vision via a glass prism that is installed at the front end of the right temple. According to the German computer magazine "c't", this causes an effect "as if the user were looking at a 24 inch screen from a distance of two and a half meters".

Schröder, who also does research at the Center for IT-Security, Privacy and Accountability (CISPA), located only a few yards away, is aware of the data security concerns with Google Glass: "We know that you can use it to abuse data. But it can also be used to protect data." To prove this, Schröder and his group combine "Google Glass" with cryptographic methods and techniques from automated image analysis to create the software system "Ubic".

By using Ubic, withdrawing money at a cash machine would change as follows: The customer identifies himself to the cash machine. This requests from a reliable instance the public key of the customer. It uses the key to encrypt the one-way personal identification number (PIN) and seals it additionally with a "digital signature", the digital counterpart of the conventional signature. The result shows up on the screen as a black-and-white pattern, a so-called QR code. The PIN that is hidden below is only visible for the identified wearer of the glasses. Google Glass decrypts it and shows it in the wearer's field of vision."

Although the process occurs in public, nobody is able to spy on the PIN", explains Schröder. This is not the case if PINs are sent to a smart phone. To spy on the PIN while it is being entered would also be useless, since the PIN is re-generated each time the customer uses the cash machine. An attacker also wearing a Google Glass is not able to spy on the process, either. The digital signature guarantees that no assailant is able to intrude between the customer and the cash machine as during the so-called "skimming", where the assailant can impersonate the customer.

Only the customer is able to decrypt the encryption by the public key with his secret key. As long as this is safely stored on the Google Glass, his money is also safe. At the computer expo Cebit, the researchers will also present how Google Glass can be used to hide information. Several persons all wearing Google Glass can read the same document with encrypted text at the same time, but in their fields of vision they can only see the text passages that are intended for them.

"This could be interesting, for example, for large companies or agencies that are collecting information in one document, but do not want to show all parts to everybody", explains Mark Simkin, who was one of the developers of Ubic. A large electric company has already sent a request to the computer scientists in Saarbrücken. Google Glass is expected to enter the American market this year.