Using audio in secure device pairing

International Journal of Security and Networks

Volumn 4, Issue 1-2, 2009, Pages 57-68

  Goodrich, Michael T ^a   Sirivianos, Michael ^a   Solis, John ^a   Soriente, Claudio ^a   Tsudik, Gene ^a   Uzun, Ersin ^a  

^a Irvine   (United States)

Author keywords

Audio; Human assisted authentication; Man in the middle attacks; MITM; Personal device; Secure device pairing

Indexed keywords

ELECTRON DEVICES; NETWORK SECURITY;

AUDIO; MAN IN THE MIDDLE ATTACKS; MITM; PERSONAL DEVICES; SECURE DEVICE PAIRING;

AUDIO EQUIPMENT;

EID: 61849184822     PISSN: 17478405     EISSN: 17478413     Source Type: Journal    
DOI: 10.1504/IJSN.2009.023426     Document Type: Article

References (44)

1. Bouncy Castle Crypto APIs (2006) http://www.bouncycastle.org/
2. Alliance, W. (2007) 'Wi-fi protected setup specification', WiFi Alliance Document, January.
3. Balfanz, D., Smetters, D., Stewart, P. and Wong, H.C. (2002) 'Talking to strangers: Authentication in ad-hoc wireless networks', Symposium on Network and Distributed Systems Security (NDSS '02), San Diego, California, USA.
4. Brereton, M. (2005) Ewe Java vm for Pocketpc, Available at http:// www.ewesoft.com/
5. Cagalj, M., Capkun, S. and Hubaux, J. (2006) 'Key agreement in peer-to-peer wireless networks', Proceedings of the IEEE (Special Issue on Cryptography and Security), pp.467-478.
6. Capkun, S., Hubaux, J. and Buttyan, L. (2003) 'Mobility helps security in ad hoc networks', Proceedings of the ACM Symposium on Mobile Ad Hoc Networking and Computing(MobiHoc 2003), pp.46-56.
7. Diffie, W. and Hellman, M.E. (1976) 'New directions in cryptography', IEEE Transactions on Information Theory, IT Vol. 22, No. 6, pp.644-654.
8. Ellison, C. and Dohrmann, S. (2003) Public-key Support for Group Collaboration, New York, NY, USA, ACM Press, Vol. 6, pp.547-565.
9. Feeney, L.M., Ahlgren, B., Westerlund, A. and Dunkels, A. (2002) 'Spontaneous networking for secure collaborative applications in an infrastructureless environment', Demonstration session: Int'l Conf. on Pervasive Computing (Pervasive 2002), December.
10. Garey, M.R. and Johnson, D.S. (1990) Computers and Intractability; A Guide to the Theory of NP-Completeness, W.H. Freeman & Co., New York, NY, USA.
11. Gehrmann, C., Mitchell, C. and Nyberg, K. (2004) 'Manual authentication for wireless devices', RSA Cryptobytes, Vol. 7, No. 1, p.2937.
12. Gehrmann, C. and Nyberg, K. (2004) 'Security in personal area networks', in Mitchell, C.J. (Eds.): Security for Mobility, IEE, London, pp.191-230.
13. Goodrich, M.T., Sirivianos, M., Solis, J., Tsudik, G. and Uzun, E. (2006) 'Loud and clear: Human-verifiable authentication based on audio', ICDCS '06: Proceedings of the 26th IEEE International Conference on Distributed Computing Systems, Lisboa, Portugal, pp.10-17.
14. Group, B.S.I. (2006) Simple Pairing Whitepaper, http:// www.bluetooth.com/Bluetooth/Apply/Technology/Research/Simple_Pairing.htm.
15. Haller, N. (1995) Available at rfc1760: The s/key one-time password system.
16. Holmquist, L.E., Mattern, F., Schiele, B., Alahuhta, P., Beigl, M. and Gellersen, H-W. (2001) 'Smart-its friends: A technique for users to easily establish connections between smart artifacts', UbiComp '01: Proceedings of the 3rd International Conference on Ubiquitous Computing Springer-Verlag, London, UK, pp.116-122.
17. Juola, P. and Zimmermann, P. (1996) 'Whole-word phonetic distances and the pgpfone alphabet', Proceedings of the Fourth International Conference on Spoken Language Processing (ICSLP), Vol. 1, http:// www.asel.udel.edu/icslp/cdrom/vol1/005/a005.pdf.
18. Kindberg, T. and Zhang, K. (2003a) 'Secure spontaneous device association', in Dey, A.K., Schmidt, A. and McCarthy, J.F. (Eds.): Ubicomp, Vol. 2864 of Lecture Notes in Computer Science, Springer, pp.124-131.
19. Kindberg, T. and Zhang, K. (2003b) 'Validating and securing spontaneous associations between wireless devices', in Boyd, C. and Mao, W. (Eds.): ISC, Vol. 2851 of Lecture Notes in Computer Science, Springer, pp.44-53.
20. Kohnfelder, L.M. (1978) Towards a Practical Public-key Cryptosystem BSc Thesis, MIT Department of Electrical Engineering, Cambridge, MA, USA.
21. Kugler, D. (2003) 'Man in the middle attacks on bluetooth', Financial Cryptography, Lecture Notes in Computer Science, Guadeloupe, French West Indies, pp.149-161.
22. Larsson, J-O. (2001) Higher Layer Key Exchange Techniques for Bluetooth Security, Open Group Conference, Amsterdam.
23. Laur, S., Asokan, N. and Nyberg, K. (2006) 'Efficient mutual data authentication using manually authenticated strings', in Pointcheval, D., Mu, Y. and Chen, K. (Eds.): CANS, Vol. 4301 of Lecture Notes in Computer Science, Springer, pp.90-107.
24. Levien, R. (1996) Pgp Snowflake, Source code available at: http:// packages.debian.org/testing/graphics/snowflake.html
25. Lopes, C. (2001) The Digital Voices Project Home Page, http:// www.isr.uci.edu/lopes/dv/dv.html
26. Maher, D.P. (1995) Secure Communication Method and Apparatus, US Patent Number 5,450,493.
27. Mayrhofer, R. and Gellersen, H. (2007) 'Shake well before use: authentication based on accelerometer data', Proc. Pervasive 2007: 5th International Conference on Pervasive Computing, Toronto, Canada, pp.144-161
28. Mayrhofer, R., Gellersen, H. and Hazas, M. (2007) 'Security by spatial reference: Using relative positioning to authenticate devices for spontaneous interaction', Ubicomp, Innsbruck, Austria, pp.199-216.
29. McCune, J.M., Perrig, A. and Reiter, M.K. (2005) 'Seeing-is-believing: using camera phones for human-verifiable authentication', Proc. S&P 2005: IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp.110-124.
30. Microsoft (2006) Windows Connect Now-ufd and Windows Vista Specification, version 1.0, http://www.microsoft.com/whdc/Rally/ WCN-UFD Vistaspec.mspx, Microsoft
31. Miller, S., Neuman, C., Schiller, J. and Saltzer, J. (1987) 'Kerberos authentication and authorization system', Project Athena Technical Plan, section E.2.1.
32. Pasini, S. and Vaudenay, S. (2006) 'SAS-based authenticated key agreement', in Yung, M., Dodis, Y., Kiayias, A. and Malkin, T. (Eds.): Public Key Cryptography, Vol. 3958, Lecture Notes in Computer Science, Springer, pp.395-409.
33. Perrig, A. and Song, D. (1999) 'Hash visualization: A new technique to improve real-world security', Proceedings of the 1999 International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99), pp.131-138.
34. Pickles, J. (1982) An Introduction to the Physiology of Hearing, Academic Press, San Diego.
35. Saxena, N., Ekberg, J-E., Kostiainen, K. and Asokan, N. (2006) 'Secure device pairing based on a visual channel', 2006 IEEE Symposium on Security and Privacy, Oakland, California, USA, pp.306-313.
36. Soriente, C., Tsudik, G. and Uzun, E. (2007) 'Hapadep: Human asisted pure audio device pairing', Cryptology ePrint Archive, Report 2007/093.
37. Specification, W.U. (2006) Association Models Supplement, revision 1.0, In USB Implementers Forum, http://www.usb.org/developers/wusb/
38. Stajano, F. and Anderson, R. (2000) 'The resurrecting duckling: Security issues for ad-hoc wireless networks', Security Protocols: 7th International Workshop, Springer, pp.204-214.
39. Steiner, J.G., Neuman, C. and Schiller, J.I. (1998) Kerberos: An Authentication Service for Open Network Systems, Manuscript.
40. Stevens, S. and Davis, H. (1938) Hearing, Its Psychology and Physiology, Wiley, New York.
41. Uzun, E., Karvonen, K. and Asokan, N. (2007) Usability Analysis of Secure Pairing Methods, Technical Report NRC-TR-2007-002, Nokia Research Center.
42. Vaudenay, S. (2005) 'Secure communications over insecure channels based on short authenticated strings', Advances in Cryptology - CRYPTO '05: The 25th Annual International Cryptology Conference, Vol. 3621, Lecture Notes in Computer Science, Santa Barbara, California, USA, Springer-Verlag, August, pp.309-326.
43. von Békésy, G. and Wever, E. (1960) Experiments in Hearing, McGraw-Hill, New York.
44. Zimmermann, P. (1995) The Official PGP User's Guide, MIT Press, Cambridge, MA, USA.