Secure and Usable Out-Of-Band Channels for Ad Hoc Mobile Device Interactions
Kainda , Ronald
Flechais , Ivan
Roscoe , A. W.
- Publisher: Springer
Security | Usability | Device pairing | [ INFO.INFO-DL ] Computer Science [cs]/Digital Libraries [cs.DL] | Out-Of-Band channel
International audience; Protocols for bootstrapping security in ad hoc mobile device interactions rely on users' ability to perform specific tasks such as transferring or comparing fingerprints of information between devices. The size of fingerprints depends on the level of technical security required by a given application but, at the same time, is limited by users' inability to deal with large amounts of data with high levels of accuracy. Large fingerprints provide high technical security but potentially reduce usability of protocols which may result in users making mistakes that compromise security. This conflict between technical security and usability requires methods for transferring fingerprints between devices that maximise both to achieve acceptable effective security. In this paper, we propose two methods for transferring fingerprints between devices. We conducted a usability and security evaluation of the methods and our results show that, in contrast to previous proposals, our methods are both usable and resistant to security failures.