Standards for security associations in personal networks: A comparative analysis

International Journal of Security and Networks

Volumn 4, Issue 1-2, 2009, Pages 87-100

  Suomalainen, Jani ^a   Valkonen, Jukka ^b   Asokan, N ^c  

^a VTT TECHNICAL RESEARCH CENTRE OF FINLAND   (Finland)

^b AALTO UNIVERSITY   (Finland)

^c NOKIA RESEARCH CENTER   (United States)

Author keywords

Attacks; Bluetooth; Comparative survey; HomePlugAV; Networks; Personal networks; Security; Security association; Standards; Wi Fi; WUSB

Indexed keywords

BLUETOOTH; NETWORKS (CIRCUITS); STANDARDS; SURVEYS; TAXONOMIES; WI-FI;

ATTACKS; HOMEPLUGAV; PERSONAL NETWORKS; SECURITY; SECURITY ASSOCIATION; WUSB;

NETWORK SECURITY;

EID: 61849117271     PISSN: 17478405     EISSN: 17478413     Source Type: Journal    
DOI: 10.1504/IJSN.2009.023428     Document Type: Article

References (33)

1. Azimi-Sadjadi, B., Kiayias, A., Mercado, A. and Yener, B. (2007) 'Robust key generation from signal envelopes in wireless networks', Proceedings of the 14th ACM Conference on Computer and Communications Security, ACM, New York, NY, USA, pp.401-410, http://portal.acm.org/ citation.cfm?id=1315295.
2. Balfanz, D., Smetters, D., Stewart, P. and Wong, H.C. (2002) 'Talking to strangers: Authentication in ad-hoc wireless networks', Proceedings of the Network and Distributed System Security Symposium, http:// www2.parc.com/csl/members/balfanz/publications/loclim.pdf
3. Barker, E., Barker, W., Burr, W., Polk, W. and Smid, M. (2006) Recommendation for Key Management - Part 1: General (Revised), http://csrc.nist.gov/CryptoToolkit/kms/SP800-57Part1_6-30-06.pdf
4. Bellovin, S.M. and Merritt, M. (1992) 'Encrypted key exchange: password-based protocols secure against dictionary attacks', Proceedings of the 1992 IEEE Symposium on Security and Privacy, pp.72-84, ieeexplore.ieee.org/iel2/412/5566/00213269.pdf.
5. Bluetooth SIG (2007) Bluetooth 2.1 Specifications. Bluetooth Special Interest Group, http://www.bluetooth.com/NR/rdonlyres/ F8E8276A-3898-4EC6-B7DA-E5535258B056/6545/Core_V21_EDR.zip
6. Čagalj, M., Hubaux, J-P., Čapkun, S., Rengaswamy, R., Tsigkogiannis, I. and Srivastava, M. (2006a) 'Integrity (I) codes: message integrity protection and authentication over insecure channels', Proceedings of the 2006 IEEE Symposium on Security and Privacy, pp.280-294, ieeexplore. ieee.org/xpls/abs_all.jsp?arnumber=1624018
7. Čagalj, M., Čapkun, S. and Hubaux, J-P. (2006b) 'Key agreement in peer-to-peer wireless networks', Proceedings of the IEEE, Vol. 94, No. 2, pp.467-478, ieeexplore.ieee.org/xpls/ abs_all.jsp?arnumber=1580514
8. Diffie, W. and Hellman, M.E. (1976) 'New directions in cryptography', IEEE Transactions on Information Theory, IT-22, Vol. 22, pp.644-654, http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1055638
9. Dolev, D. and Yao, A.C. (1983) 'On the security of public key protocols', IEEE Transactions on Information Theory, Vol. 29, No. 2, pp.198-208, ieeexplore.ieee.org/xpls/abs_all. jsp?arnumber=1056650.
10. Gehrmann, C., Mitchell, C. and Nyberg, K. (2004) 'Manual authentication for wireless devices', RSA Crypto-Bytes, Vol. 7, No. 1, pp.29-37, http://www.rsa.com/rsalabs/cryptobytes/Spring_2004_Cryptobytes.pdf.
11. Goodrich, M.T., Sirivianos, M., Solis, J., Tsudik, G. and Uzun, E. (2006) 'Loud and clear: Human-verifiable authentication based on audio', Proceedings of the 26th IEEE International Conference on Distributed Computing Systems, http://ieeexplore.ieee.org/xpls/ abs_all.jsp?arnumber=1648797
12. Heydt-Benjamin, T.S., Bailey, D.V., Fu, K., Juels, A. and OHare, T. (2007) 'Vulnerabilities in first-generation RFID-enabled credit cards', Proceedings of Eleventh International Conference on Financial Cryptography and Data Security, Volume 4886 of Lecture Notes in Computer Science, Springer-Verlag, Lowlands, Scarborough, Trinidad/ Tobago, pp.2-14, http://prisms.cs.umass.edu/~kevinfu/papers/ RFID-CC-manuscript.pdf
13. Kivinen, T. and Kojo, M. (2003) RFC3526: More Modular Exponential (MODP) Diffie-Hellman Groups for Internet Key Exchange (IKE), http:// www.ietf.org/rfc/rfc3526.txt
14. Kuo, C., Walker, J. and Perrig, A. (2007) 'Low-cost manufacturing, usability, and security: An analysis of bluetooth simple pairing and Wi-Fi protected setup', Proceedings of the Usable Security 2007 Workshop, Lowlands, Scarborough, Trinidad/Tobago, http:// usablesecurity.org/papers/kuo.pdf
15. Larsson, J-O. (2001) 'Higher layer key exchange techniques for bluetooth security', Open Group Conference, Amsterdam, 24 October.
16. Laur, S., Asokan, N. and Nyberg, K. (2005) Efficient Mutual Data Authentication Using Manually Authenticated Strings, Cryptology ePrint Archive, Report 2005/424, eprint.iacr.org/2005/424.pdf.
17. Laur, S. and Nyberg, K. (2006) 'Efficient mutual data authentication using manually authenticated strings', in Pointcheval, D. (Ed.): The 5th International Conference on Cryptology and Network Security, Volume 4301 of Lecture Notes in Computer Science, Springer, Suzhou, China, pp.90-107, http://www.springerlink.com/content/w152n0455673652k/
18. McCune, J.M., Perrig, A. and Reiter, M.K. (2005) 'Seeingis-believing: using camera phones for human-verifiable authentication', Proceedings of the 2005 IEEE Symposium on Security and Privacy, pp.110-124, ieeexplore.ieee.org/xpls/abs_alljsp?arnumber=1425062
19. National Institute of Standards and Technology (2000) Digital Signature Standard (DSS), US Department of Commerce, http:// csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf
20. Newman, R., Gavette, S., Yonge, L. and Anderson, R. (2006) 'Protecting domestic power-line communications', Proceedings of The Second Symposium on Usable Privacy and Security, pp.122-132, http:// portal.acm.org/citation.cfm?id-1143120.1143136
21. Newman, R., Yonge, L., Gavette, S. and Anderson, R. (2007) 'HomePlug AV security mechanisms', Proceedings of The International Symposium on Power Line Communications and Its Applications, pp.366-371, ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4231726
22. Pasini, S. and Vaudenay, S. (2006) 'SAS-based authenticated key agreement', Proceedings of The 9th International Workshop on Theory and Practice in Public Key Cryptography, Volume 3958 of Lecture Notes in Computer Science, Springer-Verlag, pp.395-409, http://www. springerlink.com/content/r42826j7335254q2/
23. Saxena, N., Ekberg, J-E., Kostiainen, K. and Asokan, N. (2006) 'Secure device pairing based on a visual channel (short paper)', Proceedings of the 2006 IEEE Symposium on Security and Privacy, pp.306-313, http://ieeexplore.ieee.org/xpl/freeabs_alljsp?arnumber-1624021
24. Soriente, C., Tsudik, G. and Uzun, E. (2007) HAPADEP: Human Asisted Pure Audio Device Pairing, Technical report, Cryptology ePrint Archive, Report 2007/039, eprint.iacr.org/2007/093.pdf
25. Stajano, F. and Anderson, R. (1999) 'The resurrecting duckling: Security issues for ad-hocwireless networks', Proceedings of the 7th International Workshop on Security Protocols, Volume 2133 of Lecture Notes in Computer Science, Springer-Verlag, pp. 172-194, http://www. springerlink.com/content/ru2015q381304428/
26. Suomalainen, J., Valkonen, J. and Asokan, N. (2007) 'Security associations in personal networks: A comparative analysis', Proceedings of the 4th European Workshop on Security and Privacy in Ad-hoc and Sensor Networks, Volume 4572 of Lecture Notes in Computer Science, Springer-Verlag, pp.43-57, http://www.springerlink.com/content/ dk04356586jg4g00/
27. USB Implementers Forum (2006) Wireless USB Specification. Association Models Supplement. Revision 1.0, http://www.usb.org/developers/wusb/
28. USB Implementers Forum (2007) Association Models Supplement to the Certified Wireless Universal Serial Bus Specification - Frequently Asked Questions, http://www.usb.org/developers/wusb/ WUSB_AM_FAQ_2007_06_19.pdf
29. Valkonen, J., Toivonen, A. and Karvonen, K. (2007) 'Usability testing for secure device pairing in home networks', UbiComp 2007 Workshop Proceedings, September, Innsbruck, Austria, pp.457-462.
30. Varshavsky, A., Scannell, A., LaMarca, A. and de Lara, E. (2007) 'Amigo: proximity-based authentication of mobile devices', Proceedings of the Ninth International Conference on Ubiquitous Computing, Volume 4717 of Lecture Notes in Computer Science, Springer-Verlag, pp.253-270, http://www.springerlink.com/content/37v827165x571333/
31. Vaudenay, S. (2005) 'Secure communications over insecure channels based on short authenticated strings', Advances in Cryptology - CRYPTO 2005 Volume 3621 of Lecture Notes in Computer Science, Springer-Verlag, pp.309-326, http://www.springerlink.com/content/ 5wak8q5hedk2fe4n/
32. Wi-Fi Alliance (2007) Wi-Fi Protected Setup Specification, Wi-Fi Alliance Document, available at http://www.wi-fi. org/ wifi-protected-setup/
33. Zimmermann, P.R. (1996) Pgpfone: Pretty Good Privacy Phone Owner's Manual, version 1.0 beta 5, appendix c. http://web.mit.edu/network/ pgpfone/manual/#PGP000057