Serial hook-ups: A comparative usability study of secure device pairing methods

SOUPS 2009 - Proceedings of the 5th Symposium On Usable Privacy and Security

Volumn , Issue , 2009, Pages

  Kobsa, Alfred ^a   Sonawalla, Rahim ^a   Tsudik, Gene ^b   Uzun, Ersin ^b   Wang, Yang ^a  

^a Ringgold Standard Institution Informatics   (United States)

^b Irvine   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

AUXILIARY CHANNEL; COMPARATIVE STUDIES; DEVICE CONFIGURATIONS; DEVICE PAIRING; PRIOR EXPERIENCE; SECURE COMMUNICATIONS; SECURE DEVICE PAIRING; SECURITY CONTEXT; SYSTEM USABILITY; TASK PERFORMANCE; TRUST INFRASTRUCTURE; USABILITY STUDIES; USER ASSISTANCE; WIRELESS CHANNEL; WIRELESS COMMUNICATIONS;

EID: 70350738597     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1572532.1572546     Document Type: Conference Paper

References (34)

1. D. Balfanz, G. Durfee, R. Grinter, D. Smetters, and P. Stewart. Network-in-a-Box: how to set up a secure wireless network in under a minute. In USENIX Security, pages 207-222, 2004.
2. D. Balfanz, D. Smetters, P. Stewart, and H. Wong. Talking to strangers: Authentication in ad-hoc wireless networks. In Network and Distributed System Security Symposium (NDSS), 2002.
3. A. Bangor, P. T. Kortum, and J. T. Miller. An empirical evaluation of the system usability scale. International Journal of Human-Computer Interaction, 24(6):574{594, 2008. DOI 10.1080/10447310802205776.
4. V. Boyko, P. MacKenzie, and S. Patel. Provably secure password-authenticated key exchange using di e-hellman. In Advances in Cryptology-Eurocrypt, pages 156{171. Springer, 2000.
5. J. Brooke. SUS: a "quick and dirty" usability scale. In P. W. Jordan, B. Thomas, B. A. Weerdmeester, and A. L. McClelland, editors, Usability Evaluation in Industry. Taylor and Francis, London, 1996.
6. J. Cohen, P. Cohen, S. G. West, and L. S. Aiken. Applied multiple regression/correlation analysis for the behavioral sciences. Lawrence Erlbaum Associates, Hillsdale, NJ, 1983.
7. C. M. Ellison and S. Dohrmann. Public-key support for group collaboration. ACM Transactions on Information and System Security (TISSEC), 6(4):547{565, 2003.
8. E. Frøkjr, M. Hertzum, and K. Hornbæk. Measuring usability: are effectiveness, efficiency, and satisfaction really correlated? In CHI '00: Proceedings of the SIGCHI conference on Human factors in computing systems, pages 345-352, 2000.
9. C. Gehrmann, C. J. Mitchell, and K. Nyberg. Manual authentication for wireless devices. RSA CryptoBytes, 7(1):29-37, 2004.
10. I. Goldberg. Visual key fingerprint code. http://www.cs.berkeley.edu/ iang/visprint.c, 1996.
11. M. T. Goodrich, M. Sirivianos, J. Solis, G. Tsudik, and E. Uzun. Loud and clear: Human-verifiable authentication based on audio. In ICDCS '06: Proceedings of the 26th IEEE International Conference on Distributed Computing Systems, page 10, 2006.
12. Y. Hochberg and A. C. Tamhane. Multiple Comparison Procedures. Wiley, New York, 1987.
13. L. Holmquist, F. Mattern, B. Schiele, P. Alahuhta, M. Beigl, and H. Gellersen. Smart-its friends: A technique for users to easily establish connections between smart artefacts. In Ubiquitous Computing (UbiComp), pages 116-122, London, UK, 2001. Springer-Verlag.
14. R. Kainda, I. Flechais, and A. W. Roscoe. Usability and security of out-of-band channels in secure device pairing protocols. In 2009 Symposium On Usable Privacy and Security (SOUPS), Mountain View, CA (this volume), 2009.
15. T. Kindberg and K. Zhang. Validating and securing spontaneous associations between wireless devices. In Information Security Conference (ISC), pages 44-53, 2003.
16. K. Kostiainen. Personal Communication, Mar 2008.
17. K. Kostiainen and E. Uzun. Framework for comparative usability testing of distributed applications. In Security User Studies: Methodologies and Best Practices Workshop, 2007.
18. A. Kumar, N. Saxena, G. Tsudik, and E. Uzun. Caveat Emptor: A Comparative Study of Secure Device Pairing Methods. In IEEE International Conference on Pervasive Computing and Communications (IEEE PerCom'09), 2009.
19. S. Laur and K. Nyberg. E cient mutual data authentication using manually authenticated strings. In International Conference on Cryptology and Network Security (CANS), volume 4301, pages 90{107, 2006.
20. R. Mayrhofer and H. Gellersen. Shake well before use: Authentication based on accelerometer data. In Pervasive Computing (PERVASIVE), pages 144{161.
21. R. Mayrhofer and M. Welch. A human-verifiable authentication protocol using visible laser light. In International Conference on Availability, Reliability and Security (ARES), pages 1143-1148, 2007.
22. J. McCune, A. Perrig, and M. Reiter. Seeing-Is-Believing: using camera phones for human-verifiable authentication. In Proceedings of the 2005 IEEE Symposium on Security and Privacy, pages 110-124, 2005.
23. J. M. McCune. Personal Communication, Mar 2008.
24. S. Pasini and S. Vaudenay. SAS-Based Authenticated Key Agreement. In Public key cryptography-PKC 2006: 9th International Conference on Theory And Practice in Public-Key Cryptography, pages 395-409, 2006.
25. A. Perrig and D. Song. Hash visualization: a new technique to improve real-world security. In International Workshop on Cryptographic Techniques and E-Commerce, 1999.
26. R. Prasad and N. Saxena. E cient device pairing using "human-comparable" synchronized audiovisual patterns. In Conference on Applied Cryptography and Network Security (ACNS), pages 328-345, 2008.
27. N. Saxena, J. Ekberg, K. Kostiainen, and N. Asokan. Secure device pairing based on a visual channel. In 2006 IEEE Symposium on Security and Privacy, pages 306-313, 2006.
28. N. Saxena and M. B. Uddin. Automated device pairing for asymmetric pairing scenarios. In Information and Communications Security (ICICS), pages 311-327, 2008.
29. C. Soriente, G. Tsudik, and E. Uzun. BEDA: button-enabled device association. In UbiComp Workshop Proceedings: International Workshop on Security for Spontaneous Interaction (IWSSI), 2007.
30. C. Soriente, G. Tsudik, and E. Uzun. HAPADEP: human-assisted pure audio device pairing. In Information Security, pages 385-400, 2008.
31. F. Stajano and R. J. Anderson. The resurrecting duckling: Security issues for ad-hoc wireless networks. In Security Protocols Workshop, 1999.
32. J. Suomalainen, J. Valkonen, and N. Asokan. Security associations in personal networks: A comparative analysis. In F. Stajano, C. Meadows, S. Capkun, and T. Moore, editors, Security and Privacy in Ad-hoc and Sensor Networks Workshop (ESAS), pages 43-57, 2007.
33. E. Uzun, K. Karvonen, and N. Asokan. Usability analysis of secure pairing methods. In Financial Cryptography and Data Security (FC'07) & Usable Security (USEC'07), pages 307-324, 2007.
34. S. Vaudenay. Secure communications over insecure channels based on short authenticated strings. In Advances in Cryptology-CRYPTO, pages 309-326, 2005.