ABSTRACT
The operation of achieving authenticated key agreement between two human-operated devices over a short-range wireless communication channel (such as Bluetooth or WiFi) is referred to as "Pairing". The devices in such a scenario are ad hoc in nature, i.e., they can neither be assumed to have a prior context (such as pre-shared secrets) with each other nor do they share a common trusted on- or off-line authority. However, the devices can generally be connected using auxiliary physical channel(s) (such as audio, visual, etc.) that can be authenticated by the device user(s) and thus form a basis for pairing.
One of the main challenges of secure device pairing is the lack of good quality output interfaces as well as corresponding receivers on devices. In [13], we presented a pairing scheme which is universally applicable to any pair of devices (such as a WiFi AP and a laptop, a Bluetooth keyboard and a desktop, etc.). The scheme is based upon the device user(s) comparing short and simple synchronized audiovisual patterns, such as "beeping" and "blinking". In this paper, we automate the (manual) scheme of [13] by making use of an auxiliary, commonly available device such as a personal camera phone. Based on a preliminary user study we conducted, we show that the automated scheme is generally faster and more user-friendly relative to the manual scheme. More importantly, the proposed scheme turns out to be quite accurate in the detection of any possible attacks.
- D. Balfanz, D. Smetters, P. Stewart, and H. C. Wong. Talking to strangers: Authentication in ad-hoc wireless networks. In Network and Distributed System Security Symposium (NDSS), 2002.Google Scholar
- M. Burnside, D. Clarke, B. Gassend, T. Kotwal, S. Devadas, and R. Rivest. The untrusted computer problem and camera-based authentication. In Pervasive Computing (Pervasive), 2002. Google ScholarDigital Library
- R. Canetti and H. Krawczyk. Analysis of key-exchange protocols and their use for building secure channels. In EUROCRYPT, 2001. Google ScholarDigital Library
- J. D. Foley and V. D. Andries. Fundamentals of Interactive Computer Graphics. 2nd Edition. Addison-Wesley, Reading, Massachusetts U.S.A., 1990. Google ScholarDigital Library
- E. Gieseke and J. McLaughlin. Secure web authentication with mobile phones using keyed hash authentication. CSCI E 170 Final Project, Harvard University Extension, 2005.Google Scholar
- I. Goldberg. Visual Key Fingerprint Code, 1996. http://www.cs.berkeley.edu/iang/visprint.c.Google Scholar
- M. T. Goodrich, M. Sirivianos, J. Solis, G. Tsudik, and E. Uzun. Loud and Clear: Human-Verifiable Authentication Based on Audio. In International Conference on Distributed Computing Systems (ICDCS), 2006. Google ScholarDigital Library
- S. Laur, N. Asokan, and K. Nyberg. Efficient mutual data authentication based on short authenticated strings. IACR Cryptology ePrint Archive: Report 2005/424, 2005.Google Scholar
- A. Madhavapeddy, D. Scott, R. Sharp, and E. Upton. Using camera-phones to enhance human-computer interaction. In Ubiquitous Computing (Adjunct Proceedings: Demos), 2004.Google Scholar
- J. M. McCune, A. Perrig, and M. K. Reiter. Seeing-is-believing: Using camera phones for human-verifiable authentication. In IEEE Symposium on Security and Privacy, 2005. Google ScholarDigital Library
- S. Pasini and S. Vaudenay. SAS-Based Authenticated Key Agreement. In Theory and Practice of Public-Key Cryptography (PKC), 2006. Google ScholarDigital Library
- A. Perrig and D. Song. Hash visualization: a new technique to improve real-world security. In Cryptographic Techniques and E-Commerce (CrypTEC), 1999.Google Scholar
- R. Prasad and N. Saxena. Efficient device pairing using human-comparable synchronized audiovisual patterns. In Applied Cryptography and Network Security (ACNS), to appear, 2008. Google ScholarDigital Library
- V. Roth, W. Polak, E. Rieffel, and T. Turner. Simple and effective defenses against evil twin access points. In ACM Conference on Wireless Network Security (WiSec), short paper, 2008. Google ScholarDigital Library
- N. Saxena, J.-E. Ekberg, K. Kostiainen, and N. Asokan. Secure device pairing based on a visual channel. In IEEE Symposium on Security and Privacy, short paper, 2006. Google ScholarDigital Library
- N. Saxena and M. B. Uddin. Device pairing using unidirectional physical channels. In Mobile and Wireless Networks Security (MWNS), 2008.Google ScholarCross Ref
- C. Soriente, G. Tsudik, and E. Uzun. BEDA: Button-Enabled Device Association. In International Workshop on Security for Spontaneous Interaction (IWSSI), 2007.Google Scholar
- C. Soriente, G. Tsudik, and E. Uzun. Hapadep: Human asisted pure audio device pairing. Cryptology ePrint Archive, Report 2007/093, 2007.Google Scholar
- F. Stajano and R. J. Anderson. The resurrecting duckling: Security issues for ad-hoc wireless networks. In Security Protocols Workshop, 1999. Google ScholarDigital Library
- J. Suomalainen, J. Valkonen, and N. Asokan. Security associations in personal networks: A comparative analysis. In European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS), 2007. Google ScholarDigital Library
- E. Uzun, K. Karvonen, and N. Asokan. Usability analysis of secure pairing methods. In Usable Security (USEC), 2007. Google ScholarDigital Library
- S. Vaudenay. Secure communications over insecure channels based on short authenticated strings. In International Cryptology Conference (CRYPTO), 2005. Google ScholarDigital Library
- M. Wu, S. Garfinkel, and R. Miller. Secure web authentication with mobile phones. http://dimacs.rutgers.edu/Workshops/Tools/abstract-wu-garfinkel-miller.pdf.Google Scholar
Index Terms
- Universal device pairing using an auxiliary device
Recommendations
Automated Device Pairing for Asymmetric Pairing Scenarios
Information and Communications SecurityAbstract“Secure Device Pairing” is the process of bootstrapping secure communication between two human-operated devices over a short- or medium-range wireless channel (such as Bluetooth, WiFi). The devices in such a scenario can neither be assumed to have ...
Using audio in secure device pairing
Secure pairing of electronic devices is an important issue that must be addressed in many contexts. In the absence of prior security context, the need to involve the user in the pairing process is a prominent challenge. In this paper, we investigate the ...
Secure Device Pairing Based on a Visual Channel: Design and Usability Study
“Pairing” is the establishment of authenticated key agreement between two devices over a wireless channel. Such devices are ad hoc in nature as they lack any common preshared secrets or trusted authority. Fortunately, these devices can be connected via ...
Comments