Shake well before use: Intuitive and secure pairing of mobile devices

IEEE Transactions on Mobile Computing

Volumn 8, Issue 6, 2009, Pages 792-806

  Mayrhofer, Rene ^a   Gellersen, Hans ^b  

^a UNIVERSITY OF VIENNA   (Austria)

^b LANCASTER UNIVERSITY   (United Kingdom)

Author keywords

Algorithm protocol design and analysis; Authentication; Human centered computing; Mobile applications; Mobile environments; Ubiquitous computing

Indexed keywords

ALGORITHM/PROTOCOL DESIGN AND ANALYSIS; ARBITRARY PATTERNS; CLASSIFICATION ALGORITHMS; CONCRETE METHODS; CRYPTOGRAPHIC KEYS; CRYPTOGRAPHIC PROTOCOLS; FALSE NEGATIVE RATES; HUMAN-CENTERED COMPUTING; KEY EXCHANGES; MOBILE APPLICATIONS; MOBILE ENVIRONMENTS; MOBILE INTERACTIONS; MUTUAL AUTHENTICATIONS; PAIRING METHODS; SENSOR DATUM; UNDERLYING PRINCIPLES; USER STUDIES;

AUTHENTICATION; CRYPTOGRAPHY; MOBILE DEVICES; PORTABLE EQUIPMENT; SENSORS;

UBIQUITOUS COMPUTING;

EID: 65349086799     PISSN: 15361233     EISSN: None     Source Type: Journal    
DOI: 10.1109/TMC.2009.51     Document Type: Article

References (37)

1. F. Stajano and R. Anderson, "The Resurrecting Duckling: Security Issues for Ad-Hoc Wireless Networks," Proc. Seventh Int'l Workshop Security Protocols, pp. 172-194, Apr. 1999.
2. T. Kindberg and K. Zhang, "Validating and Securing Spontaneous Associations between Wireless Devices," Proc. Information Security Conf. (ISC '03), pp. 44-53, Oct. 2003.
3. C. Gehrmann, C.J. Mitchell, and K. Nyberg, "Manual Authentication for Wireless Devices," RSA Cryptobytes, vol. 7, no. 1, pp. 29-37, 2004.
4. F. Stajano, "Security for Whom?: The Shifting Security Assumptions of Pervasive Computing," Proc. Int'l Symp. System Synthesis (ISSS '02), pp. 16-27, Nov. 2002.
5. R. Want, T. Pering, G. Danneels, M. Kumar, M. Sundar, and J. Light, "The Personal Server: Changing the Way We Think about Ubiquitous Computing," Proc. Int'l Conf Ubiquitous Computing (UbiComp '02), pp. 194-209, Sept. 2002.
6. Bluetooth SIG, "Bluetooth Special Interest Group," Simple Pairing Whitepaper (Revision Vl0r00)," 2006.
7. M. Čagalj, S. Čapkun, and J.-P. Hubaux, "Key Agreement in Peerto-Peer Wireless Networks," Proc. IEEE, special issue on cryptography and security, vol. 94, pp. 467-478, 2006.
8. A. Perrig and D. Song, "Hash Visualization: A New Technique to Improve Real-World Security," Proc. Cryptographic Techniques and Electronic Commerce (CrypTEC '99), pp. 131-138,1999.
9. N. Saxena, J.-E. Ekberg, K. Kostiainen, and N. Asokan, "Secure Device Pairing Based on a Visual Channel," Report 2006/050, Cryptology ePrint Archive, 2006.
10. V. Roth, W. Polak, E. Rieffel, and T. Turner, "Simple and Effective Defense against Evil Twin Access Points," Proc. ACM Conf. Wireless Network Security (WiSec '08), pp. 220-235, Mar. 2008.
11. M.T. Goodrich, M. Sirivianos, J. Solis, G. Tsudik, and E. Uzun, "Loud and Clear: Human Verifiable Authentication Based on Audio," Proc. Int'l Conf. Distributed Computing Systems (ICDCS '06), p. 10, July 2006.
12. C. Soriente, G. Tsudik, and E. Uzun, "BEDA: Button-Enabled Device Pairing," Proc. Int'l Workshop Security for Spontaneous Interaction (IWSSI 2007), pp. 443-449, Sept. 2007.
13. S.N. Patel, J.S. Pierce, and G.D. Abowd, "A Gesture-Based Authentication Scheme for Untrusted Public Terminals," Proc. ACM Symp. User Interface Software and Technology (UIST '04), pp. 157-160, Oct. 2004.
14. D. Balfanz, D.K. Smetters, P. Stewart, and H.C. Wong, "Talking to Strangers: Authentication in Ad-Hoc Wireless Networks," Proc. Network and Distributed Systems Security Symp. (NDSS '02), Feb. 2002.
15. D. Balfanz, G. Durfee, R.E. Grinter, D.K. Smetters, and P. Stewart, "Network-in-a-Box: How to Set up a Secure Wireless Network in under a Minute," Proc. 13th USENIX Security Symp. pp. 207-222, Aug. 2004.
16. T. Kindberg and K. Zhang, "Secure Spontaneous Device Association," Proc. Int'l Conf. Ubiquitous Computing (UbiComp '03), pp. 124-131, Oct. 2003.
17. R. Mayrhofer and M. Welch, "A Human-Verifiable Authentication Protocol Using Visible Laser Light," Proc. Int'l Conf. Availability, Reliability and Security (ARES '07), pp. 1143-1147, Apr. 2007.
18. R. Mayrhofer, H. Gellersen, and M. Hazas, "Security by Spatial Reference: Using Relative Positioning to Authenticate Devices for Spontaneous Interaction," Proc. Int'l Conf. Ubiquitous Computing (Ubicomp '07), pp. 199-216, Sept. 2007.
19. A. Varshavsky, A. Scannell, A. LaMarca, and E. de Lara, "Amigo: Proximity-Based Authentication of Mobile Devices," Proc. Int'l Conf. Ubiquitous Computing (UbiComp '07), pp. 253-270, Sept. 2007.
20. J. Rekimoto, Y. Ayatsuka, and M. Kohno, "SyncTap: An Interaction Technique for Mobile Networking," Proc. Int'l Conf. Mobile Human-Computer Interaction (MOBILE HCl '03), pp. 104-115, Sept. 2003.
21. J.M. McCune, A. Perrig, and M.K. Reiter, "Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication," Proc. IEEE Symp. Security and Privacy, pp. 110-124, 2005.
22. L.E. Holmquist, F. Mattern, B. Schiele, P.A., M. Beigl, and H.-W. Gellersen, "Smart-Its Friends: A Technique for Users to Easily Establish Connections between Smart Artefacts," Proc. Int'l Conf. Ubiquitous Computing (UbiComp '01, pp. 116-122, Sept. 2001.
23. K. Hinckley, "Synchronous Gestures for Multiple Persons and Computers," Proc. ACM Symp. User Interface Software and Technology (UIST '03), pp. 149-158. Nov. 2003.
24. J. Lester, B. Hannaford, and G. Borriello, "Are You with Me?-Using Accelerometers to Determine If Two Devices Are Carried by the Same Person," Proc. Pervasive Computing Int'l Conf. (PERVASIVE '04), pp. 33-50, 2004.
25. R. Marin-Perianu, M. Marin-Perianu, P. Havinga, and H. Scholten, "Movement-Based Group Awareness with Wireless Sensor Networks," Proc. Pervasive Computing Int'l Conf. (PERVASIVE '07), pp. 298-315, 2007.
26. K. Fujinami and S. Pirttikangas, "A Study on a Correlation Coefficient to Associate an Object with Its User," Proc. AAAI Spring Symp. Intelligent Environments (IE '07), pp. 288-295, Sept. 2007.
27. R. Mayrhofer and H. Gellersen, "Shake Well Before Use: Authentication Based on Accelerometer Data," Proc. Pervasive Computing Int'l Conf. (PERVASIVE '07), pp. 144-161, May 2007.
28. D. Kirovski, M. Sinclair, and D. Wilson, "The Martini Synch," Technical Report MSR-TR-2007-123, Microsoft Research, Sept. 2007.
29. D. Bichler, G. Stromberg, M. Huemer, and M. Low, "Key Generation Based on Acceleration Data of Shaking Processes," Proc. Int'l Conf. Ubiquitous Computing (UbiComp '07), pp. 304-317, 2007.
30. C. Castelluccia and P. Mutaf, "Shake Them Up! A MovementBased Pairing Protocol for CPU-Constrained Devices," Proc. Int'l Conf Mobile Systems, Applications, and Services (MobiSys '05), pp. 51-64, June 2005.
31. L. Batina, N. Mentens, and I. Verbauwhede, "Side Channel Issues for Designing Secure Hardware Implementations," Proc. IEEE Online Testing Symp. (IOLTS '05), pp. 118-121, 2005.
32. T. Huynh and B. Schiele, "Analyzing Features for Activity Recognition," Proc. Joint Conf. Smart Objects and Ambient Intelligence: Innovative Context-Aware Services: Usages and Technologies (Soc-EUSAI '05), pp. 159-163, Oct. 2005.
33. W. Diffie and M.E. Hellman, "New Directions in Cryptography," IEEE Trans. Information Theory, vol. IT-22, no. 6, pp. 644-654,1976.
34. R.L. Rivest and A. Shamir, "How to Expose an Eavesdropper," Comm. ACM, vol. 27, no. 4, pp. 393-394,1984.
35. R. Mayrhofer, "The Candidate Key Protocol for Generating Secret Shared Keys from Similar Sensor Data Streams," Proc. European Workshop Security and Privacy in Ad Hoc and Sensor Networks (ESAS '07), pp. 1-15, July 2007.
36. S. Vaudenay, "Secure Communications Over Insecure Channels Based on Short Authenticated Strings," Proc. Ann. Int'l Cryptology Conf. (CRYPTO '05). Aug. 2005.
37. S. Laur and K. Nyberg, "Efficient Mutual Data Authentication Using Manually Authenticated Strings," Proc. Int'l Conf. Cryptology and Network Security (CANS '06), pp. 90-107, Dec. 2006.