Secure pairing of interface constrained devices

International Journal of Security and Networks

Volumn 4, Issue 1-2, 2009, Pages 17-26

  Soriente, Claudio ^a   Tsudik, Gene ^a   Uzun, Ersin ^a  

^a Irvine   (United States)

Author keywords

Human assisted authentication; Man in the middle attacks; MiTM; Secure device pairing

Indexed keywords

INTERFACES (COMPUTER); NETWORK SECURITY;

COMMUNICATION MEDIUM; CONSTRAINED DEVICES; MAN IN THE MIDDLE ATTACKS; MAN IN THE MIDDLES (MITM); MITM; REQUIRED INTERFACES; SECURE DEVICE PAIRING; SECURITY INFRASTRUCTURE;

DISPLAY DEVICES;

EID: 61849147296     PISSN: 17478405     EISSN: 17478413     Source Type: Journal    
DOI: 10.1504/IJSN.2009.023423     Document Type: Article

References (34)

1. Alliance, W. (2007) Wi-fi Protected Setup Specification, WiFi Alliance Document, January.
2. Balfanz, D., Smetters, D., Stewart, P. and Wong, H. (2002) 'Talking to strangers: Authentication in ad-hoc wireless networks', Symposium on Network and Distributed Systems Security (NDSS '02), San Diego, California, USA.
3. Bellovin, S. and Merritt, M. (1992) 'Encrypted key exchange: password-based protocols secure against dictionary attacks', Research in Security and Privacy, 1992, Proceedings 1992 IEEE Computer Society Symposium on, pp.72-84.
4. Diffie, W. and Hellman, M.E. (1976) 'New directions in cryptography', IEEE Transactions on Information Theory, Vol. IT-22, No. 6, pp.644-654.
5. Ellison, C. and Dohrmann, S. (2003) 'Public-key support for group collaboration', ACM Trans. Inf. Syst. Secur., Vol. 6, No. 4, November, pp.547-565.
6. Feeney, L., Ahlgren, B. and Westerlund, A. (2002) 'Demonstration abstract: Spontaneous networking for secure collaborative applications in an infrastructureless environment', International Conference on Pervasive Computing (pervasive 2002), Zurich, Switzerland.
7. Gehrmann, C., Mitchell, C. and Nyberg, K. (2004) 'Manual authentication for wireless devices', RSA CryptoBytes, Spring, Vol. 7, No. 1, pp.29-37.
8. Goldberg, I. (1996) Visual Key Fingerprint Code, Available at http://www.cs.berkeley.edu/iang/visprint.c
9. Goodrich, M., Sirivianos, M., Solis, J., Tsudik, G. and Uzun, E. (2006) 'Loud and clear: Human-verifiable authentication based on audio', ICDCS '06: Proceedings of the 26th IEEE International Conference on Distributed Computing Systems, Lisboa, Portugal, pp.10-17.
10. Group, B.S.I. (2006) Simple Pairing Whitepaper, http://www. bluetooth.com/Bluetooth/Apply/Technology/Research/Simple_Pairing.htm
11. Holmquist, L., Mattern, F., Schiele, B., Alahuhta, P., Beigl, M. and Gellersen, H. (2001) 'Smart-its friends: A technique for users to easily establish connections between smart artefacts', UbiComp '01: Proceedings of the 3rd International Conference on Ubiquitous Computing Springer-Verlag, London, UK, pp. 116-122.
12. Kindberg, T. and Zhang, K. (2003a)'Secure spontaneous device association', in Dey, A., Schmidt, A. and McCarthy, J. (Eds.): Ubicomp, Volume 2864 of Lecture Notes in Computer Science, Springer, pp. 124-131.
13. Kindberg, T. and Zhang, K. (2003b) 'Validating and securing spontaneous associations between wireless devices', in Boyd, C. and Mao, W. (Eds.): ISC, Volume 2851 of Lecture Notes in Computer Science, Springer, pp.44-53.
14. Kostiainen, K., Uzun, E., Asokan, N. and Ginzboorg, P. (2007) Framework for Comparative Usability of Distributed Applications, Technical Report NRC-TR-2007-005, Nokia Research Center.
15. Kuo, C., Walker, J. and Perrig, A. (2007) 'Low-cost manufacturing, usability, and security: An analysis of bluetooth simple pairing and wi-fi protected setup', Usable Security Workshop (USEC'07), Scarborough, Trinidad and Tobago.
16. Laur, S. and Nyberg, K. (2006) 'Efficient mutual data authentication using manually authenticated strings', The 5th International Conference on Cryptology and Network Security, CANS 2006, Volume 4301 of Lecture Notes in Computer Science, Springer, Suzhou, 8-10 December, pp.90-107, A shortened version of ePrint Report 2005/424.
17. Levien, R. (1996) PGP snowflake, Source code available at: http:// packages.debian.org/testing/graphics/snowflake.html
18. Mayrhofer, R. and Gellersen, H. (2007) 'Shake well before use: authentication based on accelerometer data', Proc. Pervasive 2007: 5th International Conference on Pervasive Computing, Toronto, Canada, pp. 144-161.
19. McCune, J., Perrig, A. and Reiter, M. (2005)'Seeing-is-believing: Using camera phones for human-verifiable authentication', 2005 IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 110-124.
20. Microsoft (2006) Windows Connect Now-UFD and Windows Vista Specification, Version 1.0. http://www.microsoft. com/whdc/Rally/ WCN-UFDVistaspec.mspx
21. Nippon Telegraph and Telephone Corporation (2005) Redtacton Website Available at http://www.redtacton.com
22. Pasini, S. and Vaudenay, S. (2006)'SAS-based authenticated key agreement', in Yung, M. (Ed.) Public Key Cryptography - PKC'06, 9th International Workshop on Theory and Practice in Public Key Cryptography Volume 3958 of Lecture Notes in Computer Science, Springer-Verlag, New York, USA, pp.395-409.
23. Perrig, A. and Song, D. (1999) 'Hash visualization: A new technique to improve realworld security', Proceedings of the 1999 International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC'99), pp.131-138.
24. Saxena, N., Ekberg, J., Kostiainen, K. and Asokan, N. (2006) 'Secure device pairing based on a visual channel', 2006 IEEE Symposium on Security and Privacy, Oakland, California, USA, pp.306-313.
25. Shinagawa, M., Ochiai, K., Sakamoto, H. and Asahi, T. (2005) 'Human area networking technology: RedTacton', NTT Tech. Rev., Vol. 3, No. 5, pp.41-46.
26. Shivers, O. (1993) BodyTalk and the BodyNet: A Personal Information Infrastructure, Personal Information Architecture Note 1.
27. Soriente, C., Tsudik, G. and Uzun, E. (2007a) 'BEDA: Button-enabled device pairing', International Workshop on Security for Spontaneous Interaction, UbiComp 2007 Workshop Proceedings, Innsbruck, Austria.
28. Soriente, C., Tsudik, G. and Uzun, E. (2007b) HAPADEP: Human Assisted Pure Audio Device Pairing, Cryptology ePrint Archive, Report 2007/093.
29. Specification, W.U. (2006) Association Models Supplement, Revision 1.0, USB Implementers Forum, http://www.usb.org/developers/wusb/
30. Stajano, F. and Anderson, R. (1999) 'The resurrecting duckling: Security issues for ad-hoc wireless networks', Security Protocols, 7th International Workshop, Cambridge, UK.
31. Suomalainen, J., Valkonen, J., Asokan, N., Stajano, F., Meadows, C., Capkun, S. and Moore, T. (2007) 'Security associations in personal networks: A comparative analysis', Security and Privacy in Ad-hoc and Sensor Networks 4th European Workshop, ESAS 2007, Cambridge, UK, pp.43-57.
32. Uzun, E., Karvonen, K. and Asokan, N. (2007) Usability analysis of secure pairing methods, Technical Report NRC-TR-2007-002, Nokia Research Center.
33. Zimmerman, T. (1995) Personal Area Networks (PAN): Near-Field Intra-Body Communication, PhD thesis, Massachusetts Institute of Technology.
34. Zimmerman, T., Smith, J., Paradiso, J., Allport, D. and Gershenfeld, N. (1995) 'Applying electric field sensing to human-computer interfaces', Proceedings of the SIGCHI Conference on Human factors in Computing Systems, Denver, Colorado, USA, pp.280-287.