Caveat emptor: A comparative study of secure device pairing methods

7th Annual IEEE International Conference on Pervasive Computing and Communications, PerCom 2009

Volumn , Issue , 2009, Pages

  Kumar, Arun ^a   Saxena, Nitesh ^a   Tsudik, Gene ^b   Uzun, Ersin ^b  

^a POLYTECHNIC UNIVERSITY   (United States)

^b UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPARATIVE EVALUATIONS; COMPARATIVE STUDIES; DEVICE PAIRING; HUMAN ABILITIES; SECURE CHANNELS; SECURE DEVICE PAIRING; SECURITY CONTEXT; TRUST INFRASTRUCTURE; USER INVOLVEMENT;

COMPUTER SCIENCE;

EID: 70349332824     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/PERCOM.2009.4912753     Document Type: Conference Paper

References (31)

1. J. Suomalainen, J. Valkonen, and N. Asokan, "Security Associations in Personal Networks: A Comparative Analysis", in Security and Privacy in Ad-hoc and Sensor Networks Workshop (ESAS), F. Stajano, C. Meadows, S. Capkun. and T. Moore, Eds.. no. 4572, 2007, pp. 43-57.
2. M. Jakobsson and S. Wetzel. "Security weaknesses in bluetooth", in The Cryptographer's Track at RSA (CT-RSA). 2001.
3. C. Soriente. G. Tsudik, and E. Uzun, "BEDA: Button-Enabled Device Association." in International Workshop, on Security for Spontaneous Interaction (IWSSI), UbiComp, Workshop Proceedings, 2007.
4. D. Balfanz et al., "Talking to strangers: Authentication in ad-hoc wireless networks", in Network and Distributed System Security Symposium (NDSS), 2002.
5. C. Gehrmann, C. J. Mitchell, and K. Nyberg, "Manual authentication for wireless devices", RSA CryptoBytes. vol. 7. no. 1. 2004.
6. S. Vaudenay, "Secure communications over insecure channels based short authenticated strings", in Advances in Cryptology-CRYPTO. 2005.
7. S. Laur and K. Nyberg, "Efficient mutual data authentication using manually authenticated strings", in International Confrence on Cryptology and Network Security (CANS), vol. 4301. Springer, 2006. pp. 90-107.
8. S. Pasini and S. Vaudenay. "SAS-Based Authenticated Key Agreement", in Public key cryptography (PKC). 2006.
9. N. Saxena et al., "Extended abstract: Secure desice pairing based on visual channel", in IEEE Symposium on Security and Privacy, 2006.
10. N. Saxena and M. B. Uddin, "Automated device pairing for asymmetric pairing scenarios", in Information, mation and Communications Security (ICICS), 2008, pp. 311-327.
11. F. Stajano and R. J. Anderson. "The resurrecting duckling: Security issues for ad-hoc wireless networks", in Security Protocols Workshop, 1999.
12. D. Balfanz et al.. "Network-in-a-box: How to set up a secure wireless network in under a minute." in USENIX Security, 2004. pp. 207-222.
13. I. Goldberg, "Visual Key Fingerprint Code", 1996.
14. A. Perrig and D. Song. "Hash visualization: a new technique to prove real-world security", in International Workshop, on Cryptographic Techniques and E-Commerce, 1999.
15. C. M. Ellison and S. Dohrmann, "Public-key support for group laboration", ACM Transactions on Information and System Security (TISSEC), vol. 6, no. 4, pp. 547-565, 2003.
16. V. Roth et al., "Simple and effective defense against evil twin access points", in ACM conference on Wireless network security ( WISEC), 2008.
17. J. M. McCune. A. Perrig, and M. K. Reiter, "Seeing-is-beliesing: Using camera phones for human-verifiable authentication", in IEEE Symposium on Security and Privacy, 2005,
18. R. Prasad and N. Saxena, "Efficient device pairing using "human- comparable" synchronized audiovisual patterns", in conference on Applied Cryptography and Network Security (ACNS), June 2008,
19. M. Goodrich et al., "Loud and Clear: Human-Verifiable Authentication Based on Audio", in IEEE International Conference on Distributed Computing Systems (ICDCS), 2006.
20. C. Soriente, G. Tsudik, and E. Uzun, "HAPADEP: human-assisted pure audio device pairing", in Information Security, 2008, pp. 385-400.
21. M. Goodrich et al., "Audio-based secure device pairing", in International Journal of Security and Networks (IJSN), vol. 4, 2009.
22. E. Uzun, K. Karsonen, and N. Asokan, "Usability analysis of cure pairing methods", in International Workshop on Usable Security (USEC), 2007.
23. V. Boyko, P. MacKenzie, and S. Patel, "Provably Secure Password- Authenticated Key Exchange Using Diffie-Hellman", in Advances Cryptology-Eurocrypt. Springer, 2000, pp. 156 171.
24. T. Kindberg and K. Zhang, "Validating and securing spontaneous asso ciations between wireless devices." in Information Security Conference (ISC), 2003, pp. 44-53.
25. R. Mayrhofer and M. Welch, "A Human-Verifiable Authentication Protocol Using Visible Laser Light", in International Conference on Availability, Reliability and Security (ARES). IEEE Computer Society Washington, DC, USA, 2007, pp. 1143-1148.
26. L. E. Holmquist et al., "Smart-its friends: A technique for users to easily establish connections between smart artefacts", in Ubiquitous Computing (UbiComp). London, UK: Springer-Verlag, 2001, pp. 116-122.
27. R. Mayrhofer and H. Gellersen, "Shake Well Before Use: Authentication Based on Accelerometer Data", in Pervasive Computing (PERVASIVE). Springer, 2007.
28. K. Kostiainen and E. Uzun, "Framework for comparative usability test ing of distributed applications", in Security User Studies: Methodologies and Best Practices Workshop, 2007.
29. J. M. McCune, Personal Communication, Mar 2008.
30. K. Kostiainen, Personal Communication, Mar 2008.
31. L. Faulkner, "Beyond the fise-user assumption: Benefits of increased sample sizes in usability testing", Behavior Research Methods, Instruments, & Computers, vol. 35. no, 3, pp. 379 383, 2003.