Secure and Usable Out-Of-Band Channels for Ad Hoc Mobile Device Interactions

Conference object English OPEN
Kainda , Ronald ; Flechais , Ivan ; Roscoe , A. W. (2010)
  • Publisher: Springer
  • Related identifiers: doi: 10.1007/978-3-642-12368-9_24
  • Subject: Security | Usability | Device pairing | [ INFO.INFO-DL ] Computer Science [cs]/Digital Libraries [cs.DL] | Out-Of-Band channel

International audience; Protocols for bootstrapping security in ad hoc mobile device interactions rely on users' ability to perform specific tasks such as transferring or comparing fingerprints of information between devices. The size of fingerprints depends on the level of technical security required by a given application but, at the same time, is limited by users' inability to deal with large amounts of data with high levels of accuracy. Large fingerprints provide high technical security but potentially reduce usability of protocols which may result in users making mistakes that compromise security. This conflict between technical security and usability requires methods for transferring fingerprints between devices that maximise both to achieve acceptable effective security. In this paper, we propose two methods for transferring fingerprints between devices. We conducted a usability and security evaluation of the methods and our results show that, in contrast to previous proposals, our methods are both usable and resistant to security failures.
  • References (12)
    12 references, page 1 of 2

    1. Balfanz, D., Smetters, D.K., Stewart, P., Wong, H.C.: Talking to strangers: Authentication in ad-hoc wireless networks. In: In Symposium on Network and Distributed Systems Security (NDSS '02), San Diego, California. (2002)

    2. Feeney, L.M., Ahlgren, B., Westerlund, A.: Demonstration abstract: Spontaneous networking for secure collaborative applications in an infrastructureless environment. In: International conference on pervasive computing (Pervasive 2002). (2002)

    3. Mayrhofer, R., Welch, M.: A human-verifiable authentication protocol using visible laser light. In: ARES '07: Proceedings of the The Second International Conference on Availability, Reliability and Security, Washington, DC, USA, IEEE Computer Society (2007) 1143-1148

    4. Saxena, N., Ekberg, J.E., Kostiainen, K., Asokan, N.: Secure Device Pairing based on a Visual Channel (Short Paper). In: SP '06: Proceedings of the 2006 IEEE Symposium on Security and Privacy, Washington, DC, USA, IEEE Computer Society (2006) 306-313

    5. Mayrhofer, R., Gellersen, H.: Shake well before use: Authentication based on Accelerometer Data. In: Proc. Pervasive 2007: 5th International Conference on Pervasive Computing. Volume 4480 of LNCS., Springer-Verlag (May 2007) 144- 161

    6. Saxena, N., Uddin, B., Jonathan, V.: Universal Device Pairing Using an Auxiliary Device. In: Symposium on Usable Privacy and Security (SOUPS). (July 2008)

    7. Kainda, R., Flechais, I., Roscoe, A.: Usability and Security of Out-Of-Band Channels in Secure Device Pairing Protocols. In: SOUPS '09: Proceedings of the 5th symposium on Usable privacy and security. (2009)

    8. Kobsa, A., Sonawalla, R., Tsudik, G., Uzun, E., Wang, Y.: Serial Hook-ups: A Comparative Usability Study of Secure Device Pairing Methods. In: SOUPS '09: Proceedings of the 5th symposium on Usable privacy and security. (2009)

    9. Soriente, C., Tsudik, G., Uzun, E.: BEDA: Button-Enabled Device Association. In: In International Workshop on Security for Spontaneous Interaction (IWSSI). (2007)

    10. Juola, P.: Whole-word Phonetic Distance and the PGPfone Alphabet. In: Spoken Language, 1996. ICSLP 96. Proceedings., Fourth International Conference on. Volume 1. (Oct 1996) 98-101 vol.1

  • Metrics
    No metrics available
Share - Bookmark