Usability and security of out-of-band channels in secure device pairing protocols

SOUPS 2009 - Proceedings of the 5th Symposium On Usable Privacy and Security

Volumn , Issue , 2009, Pages

  Kainda, Ronald ^a   Flechais, Ivan ^a   Roscoe, A W ^a  

^a UNIVERSITY OF OXFORD   (United Kingdom)

Author keywords

Pairing devices; Security protocols; Usability

Indexed keywords

COMMUNICATION CHANNEL; CRITICAL TASKS; KEY ELEMENTS; MOBILE PAYMENT; OUT-OF-BAND; PAIRING DEVICES; PAIRING METHOD; PERVASIVE COMPUTING; PUBLIC-KEY INFRASTRUCTURE; SECURE COMMUNICATIONS; SECURE DEVICE PAIRING; SECURITY PROTOCOLS; SHARED SECRETS; TRUSTED THIRD PARTIES; USABILITY; USABILITY AND SECURITY; USABILITY STUDIES; USER INTERFACE DESIGNS;

MOBILE DEVICES; NETWORK PROTOCOLS; PUBLIC KEY CRYPTOGRAPHY; USER INTERFACES; WIRELESS NETWORKS;

NETWORK SECURITY;

EID: 70350716576     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1572532.1572547     Document Type: Conference Paper

References (34)

1. R. Anderson. Why cryptosystems fail. CCS '93: Proceedings of the 1st ACM conference on Computer and communications security, pages 215-227, 1993.
2. D. Balfanz, D. K. Smetters, P. Stewart, and H. C. Wong. Talking to strangers: Authentication in ad-hoc wireless networks. In In Symposium on Network and Distributed Systems Security (NDSS '02), San Diego, California, 2002.
3. S. Brostoff and M. A. Sasse. Are passfaces more usable than passwords? a field trial investigation. In Proceedings of HCI 2000, 2000.
4. M. Čagalj, S. Čapkun, and J. Hubaux. Key agreement in peer-to-peer wireless networks. In Proceedings of the IEEE (Special Issue on Cryptography and Security). IEEE, 2006.
5. D. Dolev and A. Yao. On the security of public key protocols. In Information Theory, IEEE Transactions on, volume 29(2), pages 198-208, 1983.
6. I. Flechais. Designing Secure and Usable System. PhD thesis, University of London, 2005.
7. C. Gehrmann, C. J. Mitchell, and K. Nyberg. Manual authentication for wireless devices. In RSA Cryptobytes, volume 7(1), pages 29-37. RSA Security, Spring 2004.
8. M. Goodrich, M. Sirivianos, J. Solis, G. Tsudik, and E. Uzun. Loud and clear: Human-verifiable authentication based on audio. In Proc. 26th IEEE International Conference on Distributed Computing Systems ICDCS 2006, pages 10-10, 04-07 July 2006.
9. B. S. I. Group. Simple pairing white paper. www.bluetooth.com/NR/ rdonlyres/0A0B3F36-D15F-4470-85A6-F2CCFA26F70F/0/SimplePairing WP V10r00.pdf.
10. M. Jakobsson and S. Wetzel. Security weaknesses in bluetooth. In Lecture Notes in Computer Science, volume 2020, pages 176+, 2001.
11. J. Jamaluddin, N. Zotou, and P. Coulton. Mobile phone vulnerabilities: a new generation of malware. Consumer Electronics, 2004 IEEE International Symposium on, pages 199-202, Sept. 1-3, 2004.
12. S. Jeff. and E. Kindlund. How long should a task take? identifying specification limits for task times in usability tests. In In Proceeding of the Human Computer Interaction International Conference HCII 2005), Las Vegas, 2005.
13. A. Kobsa, R. Sonawalla, and G. Tsudik. Serial hook-ups: A comparative usability study of secure device pairing methods. In SOUPS '09: Proceedings of the 5th symposium on Usable privacy and security, 2009.
14. J. R. Lewis. Ibm computer usability satisfaction questionnaires: psychometric evaluation and instructions for use. Int. J. Hum.-Comput. Interact., 7(1):57-78, 1995.
15. J. McCune, A. Perrig, and M. Reiter. Seeing-is-believing: using camera phones for human-verifiable authentication. In Proc. IEEE Symposium on Security and Privacy, pages 110-124, 8-11 May 2005.
16. A. Minke. Conducting repeated measures analyses: Experimental design considerations. Technical report, Annual Meeting of the Southwest Educational Research Association (Austin, TX, January 23-25, 1997), 1997.
17. W. Moncur and G. Lepl̂atre. Pictures at the atm: exploring the usability of multiple graphical passwords. In CHI '07: Proceedings of the SIGCHI conference on Human factors in computing systems, pages 887-894, New York, NY, USA, 2007. ACM.
18. L. H. Nguyen and A. W. Roscoe. Efficient group authentication protocol based on human interaction. In Proceedings of the Workshop on Foundation of Computer Security and Automated Reasoning Protocol Security Analysis (FCS-ARSPA), pages 9-33, 2006.
19. L. H. Nguyen and A. W. Roscoe. Authenticating ad hoc networks by comparison of short digests. In Journal of Information and Computation. Special Issue of Information and Computation on Computer Security: Foundations and Automated Reasoning, 2007.
20. J. Nielsen and J. Levy. Measuring usability: preference vs. performance. Commun. ACM, 37(4):66-75, April 1994.
21. Owen. Zxing: Multi-format 1d/2d barcode image processing library with clients for android, java, and iphone project: http://code.google.com/p/zxing/.
22. A. Perrig and D. Song. Hash visualization: a new technique to improve real-world security. In International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99), pages 131-138, 1999.
23. A. W. Roscoe and L. H. Nguyen. Authenticating ad hoc networks by comparison of short digests. Information and Computation, 206:250-271, 2008.
24. J. Sauro and E. Kindlund. A method to standardize usability metrics into a single score. In CHI '05: Proceedings of the SIGCHI conference on Human factors in computing systems, pages 401-409, New York, NY, USA, 2005. ACM.
25. N. Saxena, J.-E. Ekberg, K. Kostiainen, and N. Asokan. Secure device pairing based on a visual channel (short paper). In SP '06: Proceedings of the 2006 IEEE Symposium on Security and Privacy, pages 306-313, Washington, DC, USA, 2006. IEEE Computer Society.
26. B. Schneier. Biometrics: Truths and fictions. Crypto-Gram Newsletter, August 15, 1998.
27. B. Schneier. Security in the real-world: How to evaluate security technology, 1999.
28. F. Stajano and R. Anderson. The resurrecting duckling: security issues for ubiquitous computing. Computer, 35(4):22-26, Part Supplement,&pril 2002.
29. I. Standards. Qrcode standard: Iso/iec18004.
30. S. Systems. Midp specification: http://java.sun.com/products/midp/.
31. E. Uzun, K. Karvonen, and N. Asokan. Usability analysis of secure pairing methods. In Financial Cryptography and Data Security, pages 307-324, 2007.
32. S. Vaudenay. Secure communications over insecure channels based on short authenticated strings. In Lecture Notes in Computer Science, volume 3621, pages 309-326, November 2005.
33. D. Weirich and M. A. Sasse. Pretty good persuasion: a first step towards effective password security in the real world. In NSPW '01: Proceedings of the 2001 workshop on New security paradigms, pages 137-143, New York, NY, USA, 2001. ACM.
34. A. Whitten and J. Tygar. Why johnny can't encrypt: A usability evaluation of pgp 5.0. In Proceedings of the 8th USENIX Security Symposium, August 1999, Washington, pages 169-183, 1999.