SPATE: Small-group PKI-less authenticated trust establishment

IEEE Transactions on Mobile Computing

Volumn 9, Issue 12, 2010, Pages 1666-1681

  Lin, Yue Hsun ^a   Studer, Ahren ^b   Chen, Yao Hsin ^a   Hsiao, Hsu Chun ^b   Kuo, Li Hsiang ^c   McCune, Jonathan M ^b   Wang, King Hang ^a   Krohn, Maxwell ^d   Perrig, Adrian ^b   Yang, Bo Yin ^c   Sun, Hung Min ^a   Lin, Phen Lan ^e   Lee, Jason ^b  

^a NATIONAL TSING HUA UNIVERSITY   (Taiwan)

^b CARNEGIE MELLON UNIVERSITY   (United States)

^c INSTITUTE OF INFORMATION SCIENCE   (Taiwan)

^d Massachusetts Institute of Technology Cambridge   (United States)

^e PROVIDENCE UNIVERSITY   (Taiwan)

Author keywords

Authentication; human factors; security

Indexed keywords

FILE SHARING; HUMAN FACTORS; PHYSICAL INTERACTIONS; PROBABILISTIC GUARANTEES; SECURITY; SMALL GROUPS; SMART-PHONES; TEXT MESSAGING; TRUST ESTABLISHMENT;

AUTHENTICATION; HUMAN ENGINEERING; MOBILE DEVICES; NETWORK SECURITY; PORTABLE EQUIPMENT;

NETWORK PROTOCOLS;

EID: 78049520643     PISSN: 15361233     EISSN: None     Source Type: Journal    
DOI: 10.1109/TMC.2010.150     Document Type: Article

References (60)

1. A. Whitten and J. Tygar, "Why Johnny Can't Encrypt," Proc. USENIX Security Symp., Aug. 1999.
2. S. Sheng, L. Broderick, J. Hyland, and C. Koranda, "Why Johnny Still Can't Encrypt: Evaluating the Usability of Email Encryption Software," Proc. Symp. Usable Privacy and Security, 2006.
3. S. Gaw, E.W. Felten, and P. Fernandez-Kelly, "Secrecy, Flagging, and Paranoia: Adoption Criteria in Encrypted Email," Proc. SIGCHI Conf. Human Factors in Computing Systems, pp. 591-600, 2006.
4. N.S. Good and A. Krekelberg, "Usability and Privacy: A Study of Kazaa P2P File-Sharing," Proc. SIGCHI Conf. Human Factors in Computing Systems (CHI '03), 2003.
5. C. Castelluccia and P. Mutaf, "Shake Them Up! A Movement-Based Pairing Protocol for CPU-Constrained Devices," Proc. ACM/ Usenix MobiSys, 2005.
6. J. Lester, B. Hannaford, and B. Gaetano, "Are You with Me?\-Using Accelerometers to Determine if Two Devices are Carried by the Same Person," Proc. Second Int'l Conf. Pervasive Computing, 2004.
7. C. Soriente, G. Tsudik, and E. Uzun, "BEDA: Button-Enabled Device Association," Proc. Int'l Workshop Security for Spontaneous Interaction (IWSSI), 2007.
8. J.M. McCune, A. Perrig, and M.K. Reiter, "Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication," Proc. IEEE Symp. Security and Privacy, May 2005.
9. C. Soriente, G. Tsudik, and E. Uzun, "HAPADEP: Human Assisted Pure Audio Device Pairing," Proc. Information Security Conf. (ISC), Sept. 2007.
10. C. Ellison and S. Dohrmann, "Public-Key Support for Group Collaboration," ACM Trans. Information and System Security, vol. 6, no. 4, pp. 547-565, 2003.
11. A. Perrig and D. Song, "Hash Visualization: A New Technique to Improve Real-World Security," Proc. Int'l Workshop Cryptographic Techniques and E-Commerce (CrypTEC '99), M. Blum and C. H. Lee, eds., pp. 131-138, Jul. 1999.
12. M. Burmester and Y. Desmedt, "Efficient and Secure Conference Key Distribution," Proc. Int'l Workshop Security Protocols, pp. 119-129, Apr. 1997.
13. S. Capkun, J.-P. Hubaux, and L. Buttyan, "Mobility Helps Security in Ad Hoc Networks," Proc. ACM MobiHoc, 2003.
14. M. Just and S. Vaudenay, "Authenticated Multi-Party Key Agreement," Proc. Advances in Cryptology (ASIACRYPT), pp. 36-49, 1996.
15. Y. Kim, A. Perrig, and G. Tsudik, "Simple and Fault-Tolerant Key Agreement for Dynamic Collaborative Groups," Proc. ACM Conf. Computer and Comm. Security (CCS), pp. 235-244, Nov. 2000.
16. D. Steer, L. Strawczynski, W. Diffie, and M. Wiener, "A Secure Audio Teleconference System," Proc. Advances in Cryptology (Crypto '90), pp. 520-528, 1990.
17. M. Steiner, G. Tsudik, and M. Waidner, "Key Agreement in Dynamic Peer Groups," IEEE Trans. Parallel and Distributed Systems, vol. 11, no. 8, pp. 769-780, Aug. 2000.
18. W.-G. Tzeng and Z. Tzeng, "Round-Efficient Conference-Key Agreement Protocols with Provable Security," Proc. Advances in Cryptology (ASIACRYPT), pp. 614-628, 2000.
19. V.A. Brennen, "The Keysigning Party HOWTO," http://cryptnet. net/fdp/crypto/keysigning-party/en/keysigning-party.html, Jan. 2008.
20. N. Asokan and P. Ginzboorg, "Key-Agreement in Ad-Hoc Networks," Computer Comm., vol. 23, no. 17, pp. 1627-1637, Nov. 2000.
21. D. Balfanz, D.K. Smetters, P. Stewart, and H.C. Wong, "Talking to Strangers: Authentication in Ad-Hoc Wireless Networks," Proc. Ninth Ann. Network and Distributed System Security Symp. (NDSS), 2002.
22. M. Cagalj, S. Capkun, and J.-P. Hubaux, "Key Agreement in Peer-to-Peer Wireless Networks," Proc. IEEE, special issue on cryptography, vol. 94, no. 2, pp. 467-478, Feb. 2006.
23. NFC Forum, "NFC Forum: Specifications," http://www.nfc-forum. org/specs, 2010.
24. F. Stajano and R.J. Anderson, "The Resurrecting Duckling: Security Issues for Ad-Hoc Wireless Networks," Proc. Security Protocols Workshop, pp. 172-194, 1999.
25. E. Uzun, K. Karvonen, and N. Asokan, "Usability Analysis of Secure Pairing Methods," Proc. Int'l Conf. Usable Security (USEC), Feb. 2007.
26. C.-H.O. Chen, C.-W. Chen, C. Kuo, Y.-H. Lai, J.M. McCune, A. Studer, A. Perrig, B.-Y. Yang, and T.-C. Wu, "GAnGS: Gather Authenticate 'n Group Securely," Proc. ACM MobiCom, Sept. 2008.
27. C. Kuo, "Reduction of End User Errors in the Design of Scalable, Secure Communication," PhD dissertation, Carnegie Mellon Univ., 2008.
28. J. Linksky et al., "Simple Pairing Whitepaper, Revision v10r00," http://www.bluetooth.com/NR/rdonlyres/0A0B3F36-D15F-4470-85A6- F2CCFA26F70F/0/SimplePairing-WP-V10r00.pdf, Aug. 2006.
29. S. Laur and K. Nyberg, "Efficient Mutual Data Authentication Using Manually Authenticated Strings," Proc. Cryptology and Network Security (CANS), pp. 90-107, 2006.
30. "Wi-Fi Protected Setup Specification,"WiFi Alliance Document, 2007.
31. B. Ford, J. Strauss, C. Lesniewski-Laas, S. Rhea, F. Kaashoek, and R. Morris, "Persistent Personal Names for Globally Connected Mobile Devices," Proc. Seventh USENIX Symp. Operating Systems Design and Implementation (OSDI), Nov. 2006.
32. M.T. Goodrich, M. Sirivianos, J. Solis, G. Tsudik, and E. Uzun, "Loud and Clear: Human-Verifiable Authentication Based on Audio," Proc. Int'l Conf. Distributed Computing (ICDCS), p. 10, 2006.
33. C. Glasbey, G. van der Heijden, V.F.K. Toh, and A. Gray, "Colour Displays for Categorical Images," Color Research and Application, vol. 32, no. 4, pp. 304-309, June 2007.
34. S. Vaudenay, "Secure Communications over Insecure Channels Based on Short Authenticated Strings," Proc. Advances in Cryptol-ogy (Crypto), pp. 309-326, 2005.
35. L.E. Holmquist, F. Mattern, B. Schiele, P. Alahuhta, M. Beigl, and H.-W. Gellersen, "Smart-Its Friends: A Technique for Users to Easily Establish Connections between Smart Artefacts," Proc. Int'l Symp. Ubiquitous Computing (Ubicomp), 2001.
36. J. Valkonen, N. Asokan, and K. Nyberg, "Ad Hoc Security Associations for Groups," Proc. Security and Privacy in Ad-Hoc and Sensor Networks (ESAS), pp. 150-164, 2006.
37. M. Abdalla, E. Bresson, O. Chevassut, and D. Pointcheval, "Password-Based Group Key Exchange in a Constant Number of Rounds," Proc. Public Key Cryptography (PKC), pp. 427-442, 2006.
38. A. Shamir, "Identity-Based Cryptosystems and Signature Schemes," Proc. Advances in Cryptology, pp. 47-53, 1984.
39. D. Boneh and M. Franklin, "Identity-Based Encryption from the Weil Pairing," Proc. Advances in Cryptology (CRYPTO '01), pp. 213-229, 2001.
40. S.N. Foley and J. Jacob, "Specifying Security for CSCW Systems," Proc. Eighth IEEE Workshop Computer Security Foundations, 1995.
41. M. Blum, "Coin Flipping by Telephone," Proc. Advances in Cryptography, pp. 11-15, Aug. 1982.
42. M. Jakobsson, "Issues in Security and Privacy," Lecture Slides, http://www.informatics.indiana.edu/markus/i400, 2006.
43. Y.-H. Lin, A. Studer, H.-C. Hsiao, J.M. McCune, K.-H. Wang, M. Krohn, P.-L. Lin, A. Perrig, H.-M. Sun, and B.-Y. Yang, "SPATE: Small-Group PKI-Less Authenticated Trust Establishment," Proc. ACM MobiSys, June 2009.
44. T. Howes and M. Smith, "A MIME Content-Type for Directory Information," IETF RFC 2425, Sept. 1998.
45. Mozilla Thunderbird 2 http://www.mozilla.com/en-US/ thunderbird Dec. 2008.
46. B. Cohen, "Bittorrent," http://www.bittorrent.com, Apr. 2001.
47. D. Houston and A. Ferdowsi, "Dropbox," https://www.getdrop box.com, Sept. 2008.
48. N. Zennström, J. Friis, and P. Kasesalu, "KaZaA Media Desktop," http://www.kazaa.com, Mar. 2001.
49. M. Szeredi, "SSH Filesystem," http://fuse.sourceforge.net/ sshfs. html, Jan. 2005.
50. MDA: Mobile Data Assoc. The Q1 2008 UK Mobile Trends Report http://www.swiftcrm.net/MDA-Q1-2008-UK-mobile- report.pdf 2009.
51. A. Grillo, A. Lentini, G. Me, and G.F. Italiano, "Transaction Oriented Text Messaging with Trusted-SMS," Proc. Ann. Computer Security Applications Conf., pp. 485-494, 2008.
52. Kryptext Kryptext\-Offers Software to Encrypt SMS Text Messages from Mobile to PC http://www.kryptext.co.uk 2010.
53. CryptoSMS, CryptoSMS\-Protecting Your Confidential SMS Messages http://www.cryptosms.com, 2008.
54. D. Scott, R. Sharp, A. Madhavapeddy, and E. Upton, "Using Visual Tags to Bypass Bluetooth Device Discovery," ACM Mobile Computer Comm. Rev., vol. 9, no. 1, pp. 41-53, Jan. 2005.
55. M. Rohs and B. Gfeller, "Using Camera-Equipped Mobile Phones for Interacting with Real-World Objects," Proc. Advances in Pervasive Computing, pp. 265-271, Apr. 2004.
56. M.J. Cox and R.S. Engelschall, "OpenSSL: Open Source Toolkit Implementing for SSL/TLS," http://www.openssl.org, May 1999.
57. B. Ramsdell, "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification," IETF RFC 3851, July 2004.
58. Scponly http://sublimation.org/scponly 2009.
59. M. Bellare and C. Namprempre, "Authenticated Encryption: Relations Among Notions and Analysis of the Generic Composition Paradigm," Proc. Advances in Cryptology (ASIACRYPT '00), pp. 531-545, 2000.
60. H. Krawczyk, "The Order of Encryption and Authentication for Protecting Communications (Or: How Secure is SSL?)," Proc. Advances in Cryptology (CRYPTO '01), pp. 310-331, 2001.