research-article

Universal device pairing using an auxiliary device

Authors:
Nitesh Saxena

Polytechnic University, Brooklyn, NY

Polytechnic University, Brooklyn, NY
View Profile

,
Md. Borhan Uddin

Polytechnic University, Brooklyn, NY

Polytechnic University, Brooklyn, NY
View Profile

,
Jonathan Voris

Polytechnic University, Brooklyn, NY

Polytechnic University, Brooklyn, NY
View Profile

SOUPS '08: Proceedings of the 4th symposium on Usable privacy and securityJuly 2008Pages 56–67https://doi.org/10.1145/1408664.1408672

Published:23 July 2008Publication History

SOUPS '08: Proceedings of the 4th symposium on Usable privacy and security

Pages 56–67

ABSTRACT

The operation of achieving authenticated key agreement between two human-operated devices over a short-range wireless communication channel (such as Bluetooth or WiFi) is referred to as "Pairing". The devices in such a scenario are ad hoc in nature, i.e., they can neither be assumed to have a prior context (such as pre-shared secrets) with each other nor do they share a common trusted on- or off-line authority. However, the devices can generally be connected using auxiliary physical channel(s) (such as audio, visual, etc.) that can be authenticated by the device user(s) and thus form a basis for pairing.

One of the main challenges of secure device pairing is the lack of good quality output interfaces as well as corresponding receivers on devices. In [13], we presented a pairing scheme which is universally applicable to any pair of devices (such as a WiFi AP and a laptop, a Bluetooth keyboard and a desktop, etc.). The scheme is based upon the device user(s) comparing short and simple synchronized audiovisual patterns, such as "beeping" and "blinking". In this paper, we automate the (manual) scheme of [13] by making use of an auxiliary, commonly available device such as a personal camera phone. Based on a preliminary user study we conducted, we show that the automated scheme is generally faster and more user-friendly relative to the manual scheme. More importantly, the proposed scheme turns out to be quite accurate in the detection of any possible attacks.

References

D. Balfanz, D. Smetters, P. Stewart, and H. C. Wong. Talking to strangers: Authentication in ad-hoc wireless networks. In Network and Distributed System Security Symposium (NDSS), 2002.Google Scholar
M. Burnside, D. Clarke, B. Gassend, T. Kotwal, S. Devadas, and R. Rivest. The untrusted computer problem and camera-based authentication. In Pervasive Computing (Pervasive), 2002. Google ScholarDigital Library
R. Canetti and H. Krawczyk. Analysis of key-exchange protocols and their use for building secure channels. In EUROCRYPT, 2001. Google ScholarDigital Library
J. D. Foley and V. D. Andries. Fundamentals of Interactive Computer Graphics. 2nd Edition. Addison-Wesley, Reading, Massachusetts U.S.A., 1990. Google ScholarDigital Library
E. Gieseke and J. McLaughlin. Secure web authentication with mobile phones using keyed hash authentication. CSCI E 170 Final Project, Harvard University Extension, 2005.Google Scholar
I. Goldberg. Visual Key Fingerprint Code, 1996. http://www.cs.berkeley.edu/iang/visprint.c.Google Scholar
M. T. Goodrich, M. Sirivianos, J. Solis, G. Tsudik, and E. Uzun. Loud and Clear: Human-Verifiable Authentication Based on Audio. In International Conference on Distributed Computing Systems (ICDCS), 2006. Google ScholarDigital Library
S. Laur, N. Asokan, and K. Nyberg. Efficient mutual data authentication based on short authenticated strings. IACR Cryptology ePrint Archive: Report 2005/424, 2005.Google Scholar
A. Madhavapeddy, D. Scott, R. Sharp, and E. Upton. Using camera-phones to enhance human-computer interaction. In Ubiquitous Computing (Adjunct Proceedings: Demos), 2004.Google Scholar
J. M. McCune, A. Perrig, and M. K. Reiter. Seeing-is-believing: Using camera phones for human-verifiable authentication. In IEEE Symposium on Security and Privacy, 2005. Google ScholarDigital Library
S. Pasini and S. Vaudenay. SAS-Based Authenticated Key Agreement. In Theory and Practice of Public-Key Cryptography (PKC), 2006. Google ScholarDigital Library
A. Perrig and D. Song. Hash visualization: a new technique to improve real-world security. In Cryptographic Techniques and E-Commerce (CrypTEC), 1999.Google Scholar
R. Prasad and N. Saxena. Efficient device pairing using human-comparable synchronized audiovisual patterns. In Applied Cryptography and Network Security (ACNS), to appear, 2008. Google ScholarDigital Library
V. Roth, W. Polak, E. Rieffel, and T. Turner. Simple and effective defenses against evil twin access points. In ACM Conference on Wireless Network Security (WiSec), short paper, 2008. Google ScholarDigital Library
N. Saxena, J.-E. Ekberg, K. Kostiainen, and N. Asokan. Secure device pairing based on a visual channel. In IEEE Symposium on Security and Privacy, short paper, 2006. Google ScholarDigital Library
N. Saxena and M. B. Uddin. Device pairing using unidirectional physical channels. In Mobile and Wireless Networks Security (MWNS), 2008.Google ScholarCross Ref
C. Soriente, G. Tsudik, and E. Uzun. BEDA: Button-Enabled Device Association. In International Workshop on Security for Spontaneous Interaction (IWSSI), 2007.Google Scholar
C. Soriente, G. Tsudik, and E. Uzun. Hapadep: Human asisted pure audio device pairing. Cryptology ePrint Archive, Report 2007/093, 2007.Google Scholar
F. Stajano and R. J. Anderson. The resurrecting duckling: Security issues for ad-hoc wireless networks. In Security Protocols Workshop, 1999. Google ScholarDigital Library
J. Suomalainen, J. Valkonen, and N. Asokan. Security associations in personal networks: A comparative analysis. In European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS), 2007. Google ScholarDigital Library
E. Uzun, K. Karvonen, and N. Asokan. Usability analysis of secure pairing methods. In Usable Security (USEC), 2007. Google ScholarDigital Library
S. Vaudenay. Secure communications over insecure channels based on short authenticated strings. In International Cryptology Conference (CRYPTO), 2005. Google ScholarDigital Library
M. Wu, S. Garfinkel, and R. Miller. Secure web authentication with mobile phones. http://dimacs.rutgers.edu/Workshops/Tools/abstract-wu-garfinkel-miller.pdf.Google Scholar

Index Terms

Universal device pairing using an auxiliary device
1. Networks
  1. Network types
    1. Mobile networks
    2. Wireless access networks

Recommendations

Automated Device Pairing for Asymmetric Pairing Scenarios
Information and Communications Security
Abstract
“Secure Device Pairing” is the process of bootstrapping secure communication between two human-operated devices over a short- or medium-range wireless channel (such as Bluetooth, WiFi). The devices in such a scenario can neither be assumed to have ...
Read More
Using audio in secure device pairing

Secure pairing of electronic devices is an important issue that must be addressed in many contexts. In the absence of prior security context, the need to involve the user in the pairing process is a prominent challenge. In this paper, we investigate the ...
Read More
Secure Device Pairing Based on a Visual Channel: Design and Usability Study

“Pairing” is the establishment of authenticated key agreement between two devices over a wireless channel. Such devices are ad hoc in nature as they lack any common preshared secrets or trusted authority. Fortunately, these devices can be connected via ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SOUPS '08: Proceedings of the 4th symposium on Usable privacy and security
July 2008
145 pages
ISBN:9781605582764
DOI:10.1145/1408664
General Chair:
Lorrie Faith Cranor
Carnegie Mellon University
Copyright © 2008 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 23 July 2008
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
authentication
distributed protocols
mobile/ad-hoc systems
security
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate15of49submissions,31%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 19
  Total Citations
  View Citations
- 409
  Total Downloads
- Downloads (Last 12 months)3
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Universal device pairing using an auxiliary device

SOUPS '08: Proceedings of the 4th symposium on Usable privacy and security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Automated Device Pairing for Asymmetric Pairing Scenarios

Using audio in secure device pairing

Secure Device Pairing Based on a Visual Channel: Design and Usability Study