research-article

Universal device pairing using an auxiliary device

Authors:

Md. Borhan Uddin,

Jonathan VorisAuthors Info & Claims

SOUPS '08: Proceedings of the 4th symposium on Usable privacy and security

Pages 56 - 67

https://doi.org/10.1145/1408664.1408672

Published: 23 July 2008 Publication History

Abstract

The operation of achieving authenticated key agreement between two human-operated devices over a short-range wireless communication channel (such as Bluetooth or WiFi) is referred to as "Pairing". The devices in such a scenario are ad hoc in nature, i.e., they can neither be assumed to have a prior context (such as pre-shared secrets) with each other nor do they share a common trusted on- or off-line authority. However, the devices can generally be connected using auxiliary physical channel(s) (such as audio, visual, etc.) that can be authenticated by the device user(s) and thus form a basis for pairing.

One of the main challenges of secure device pairing is the lack of good quality output interfaces as well as corresponding receivers on devices. In [13], we presented a pairing scheme which is universally applicable to any pair of devices (such as a WiFi AP and a laptop, a Bluetooth keyboard and a desktop, etc.). The scheme is based upon the device user(s) comparing short and simple synchronized audiovisual patterns, such as "beeping" and "blinking". In this paper, we automate the (manual) scheme of [13] by making use of an auxiliary, commonly available device such as a personal camera phone. Based on a preliminary user study we conducted, we show that the automated scheme is generally faster and more user-friendly relative to the manual scheme. More importantly, the proposed scheme turns out to be quite accurate in the detection of any possible attacks.

References

[1]

D. Balfanz, D. Smetters, P. Stewart, and H. C. Wong. Talking to strangers: Authentication in ad-hoc wireless networks. In Network and Distributed System Security Symposium (NDSS), 2002.

[2]

M. Burnside, D. Clarke, B. Gassend, T. Kotwal, S. Devadas, and R. Rivest. The untrusted computer problem and camera-based authentication. In Pervasive Computing (Pervasive), 2002.

Digital Library

[3]

R. Canetti and H. Krawczyk. Analysis of key-exchange protocols and their use for building secure channels. In EUROCRYPT, 2001.

Digital Library

[4]

J. D. Foley and V. D. Andries. Fundamentals of Interactive Computer Graphics. 2nd Edition. Addison-Wesley, Reading, Massachusetts U.S.A., 1990.

Digital Library

[5]

E. Gieseke and J. McLaughlin. Secure web authentication with mobile phones using keyed hash authentication. CSCI E 170 Final Project, Harvard University Extension, 2005.

[6]

I. Goldberg. Visual Key Fingerprint Code, 1996. http://www.cs.berkeley.edu/iang/visprint.c.

[7]

M. T. Goodrich, M. Sirivianos, J. Solis, G. Tsudik, and E. Uzun. Loud and Clear: Human-Verifiable Authentication Based on Audio. In International Conference on Distributed Computing Systems (ICDCS), 2006.

Digital Library

[8]

S. Laur, N. Asokan, and K. Nyberg. Efficient mutual data authentication based on short authenticated strings. IACR Cryptology ePrint Archive: Report 2005/424, 2005.

[9]

A. Madhavapeddy, D. Scott, R. Sharp, and E. Upton. Using camera-phones to enhance human-computer interaction. In Ubiquitous Computing (Adjunct Proceedings: Demos), 2004.

[10]

J. M. McCune, A. Perrig, and M. K. Reiter. Seeing-is-believing: Using camera phones for human-verifiable authentication. In IEEE Symposium on Security and Privacy, 2005.

Digital Library

[11]

S. Pasini and S. Vaudenay. SAS-Based Authenticated Key Agreement. In Theory and Practice of Public-Key Cryptography (PKC), 2006.

Digital Library

[12]

A. Perrig and D. Song. Hash visualization: a new technique to improve real-world security. In Cryptographic Techniques and E-Commerce (CrypTEC), 1999.

[13]

R. Prasad and N. Saxena. Efficient device pairing using human-comparable synchronized audiovisual patterns. In Applied Cryptography and Network Security (ACNS), to appear, 2008.

Digital Library

[14]

V. Roth, W. Polak, E. Rieffel, and T. Turner. Simple and effective defenses against evil twin access points. In ACM Conference on Wireless Network Security (WiSec), short paper, 2008.

Digital Library

[15]

N. Saxena, J.-E. Ekberg, K. Kostiainen, and N. Asokan. Secure device pairing based on a visual channel. In IEEE Symposium on Security and Privacy, short paper, 2006.

Digital Library

[16]

N. Saxena and M. B. Uddin. Device pairing using unidirectional physical channels. In Mobile and Wireless Networks Security (MWNS), 2008.

[17]

C. Soriente, G. Tsudik, and E. Uzun. BEDA: Button-Enabled Device Association. In International Workshop on Security for Spontaneous Interaction (IWSSI), 2007.

[18]

C. Soriente, G. Tsudik, and E. Uzun. Hapadep: Human asisted pure audio device pairing. Cryptology ePrint Archive, Report 2007/093, 2007.

[19]

F. Stajano and R. J. Anderson. The resurrecting duckling: Security issues for ad-hoc wireless networks. In Security Protocols Workshop, 1999.

Digital Library

[20]

J. Suomalainen, J. Valkonen, and N. Asokan. Security associations in personal networks: A comparative analysis. In European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS), 2007.

Digital Library

[21]

E. Uzun, K. Karvonen, and N. Asokan. Usability analysis of secure pairing methods. In Usable Security (USEC), 2007.

Digital Library

[22]

S. Vaudenay. Secure communications over insecure channels based on short authenticated strings. In International Cryptology Conference (CRYPTO), 2005.

Digital Library

[23]

M. Wu, S. Garfinkel, and R. Miller. Secure web authentication with mobile phones. http://dimacs.rutgers.edu/Workshops/Tools/abstract-wu-garfinkel-miller.pdf.

Cited By

Patrono LAtzori LŠolić PMongiello MAlmeida A(2019)Challenges to be addressed to realize Internet of Things solutions for smart environmentsFuture Generation Computer Systems10.1016/j.future.2019.09.033Online publication date: Sep-2019
https://doi.org/10.1016/j.future.2019.09.033
Carrara BAdams C(2016)Out-of-Band Covert Channels—A SurveyACM Computing Surveys10.1145/293837049:2(1-36)Online publication date: 30-Jun-2016
https://dl.acm.org/doi/10.1145/2938370
Jin RShi LZeng KPande AMohapatra P(2016)MagPairing: Pairing Smartphones in Close Proximity Using MagnetometersIEEE Transactions on Information Forensics and Security10.1109/TIFS.2015.250562611:6(1306-1320)Online publication date: Jun-2016
https://doi.org/10.1109/TIFS.2015.2505626
Show More Cited By

Index Terms

Universal device pairing using an auxiliary device
1. Networks
  1. Network types
    1. Mobile networks
    2. Wireless access networks

Recommendations

Automated Device Pairing for Asymmetric Pairing Scenarios
Information and Communications Security
Abstract
“Secure Device Pairing” is the process of bootstrapping secure communication between two human-operated devices over a short- or medium-range wireless channel (such as Bluetooth, WiFi). The devices in such a scenario can neither be assumed to have ...
Using audio in secure device pairing

Secure pairing of electronic devices is an important issue that must be addressed in many contexts. In the absence of prior security context, the need to involve the user in the pairing process is a prominent challenge. In this paper, we investigate the ...
Secure Device Pairing Based on a Visual Channel: Design and Usability Study

“Pairing” is the establishment of authenticated key agreement between two devices over a wireless channel. Such devices are ad hoc in nature as they lack any common preshared secrets or trusted authority. Fortunately, these devices can be connected via ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

SOUPS '08: Proceedings of the 4th symposium on Usable privacy and security

July 2008

145 pages

ISBN:9781605582764

DOI:10.1145/1408664

General Chair:
Lorrie Faith Cranor
Carnegie Mellon University

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 July 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SOUPS '08

SOUPS '08: The fourth Symposium on Usable Privacy and Security

July 23 - 25, 2008

Pennsylvania, Pittsburgh, USA

Acceptance Rates

Overall Acceptance Rate 15 of 49 submissions, 31%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
419
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Patrono LAtzori LŠolić PMongiello MAlmeida A(2019)Challenges to be addressed to realize Internet of Things solutions for smart environmentsFuture Generation Computer Systems10.1016/j.future.2019.09.033Online publication date: Sep-2019
https://doi.org/10.1016/j.future.2019.09.033
Carrara BAdams C(2016)Out-of-Band Covert Channels—A SurveyACM Computing Surveys10.1145/293837049:2(1-36)Online publication date: 30-Jun-2016
https://dl.acm.org/doi/10.1145/2938370
Jin RShi LZeng KPande AMohapatra P(2016)MagPairing: Pairing Smartphones in Close Proximity Using MagnetometersIEEE Transactions on Information Forensics and Security10.1109/TIFS.2015.250562611:6(1306-1320)Online publication date: Jun-2016
https://doi.org/10.1109/TIFS.2015.2505626
Kovačević TPerković TČagalj M(2016)Flashing displaysSecurity and Communication Networks10.1002/sec.14009:10(1050-1071)Online publication date: 10-Jul-2016
https://dl.acm.org/doi/10.1002/sec.1400
Ahmed IYe YBhattacharya SAsokan NJacucci GNurmi PTarkoma SMase KLangheinrich MGatica-Perez DGellersen HChoudhury TYatani K(2015)Checksum gesturesProceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing10.1145/2750858.2807521(391-401)Online publication date: 7-Sep-2015
https://dl.acm.org/doi/10.1145/2750858.2807521
Chong MMayrhofer RGellersen H(2014)A Survey of User Interaction for Spontaneous Device AssociationACM Computing Surveys10.1145/259776847:1(1-40)Online publication date: 1-May-2014
https://dl.acm.org/doi/10.1145/2597768
Jin RShi LZeng KPande AMohapatra P(2014)MagPairing: Exploiting magnetometers for pairing smartphones in close proximity2014 IEEE Conference on Communications and Network Security10.1109/CNS.2014.6997514(445-453)Online publication date: Oct-2014
https://doi.org/10.1109/CNS.2014.6997514
Perkovic TCagalj MMastelic TSaxena NBegusic D(2012)Secure Initialization of Multiple Constrained Wireless Devices for an Unaided UserIEEE Transactions on Mobile Computing10.1109/TMC.2011.3511:2(337-351)Online publication date: 1-Feb-2012
https://dl.acm.org/doi/10.1109/TMC.2011.35
Stelle SManulis MHollick M(2012)Topology-Driven Secure Initialization in Wireless Sensor NetworksProceedings of the 2012 Seventh International Conference on Availability, Reliability and Security10.1109/ARES.2012.36(28-37)Online publication date: 20-Aug-2012
https://dl.acm.org/doi/10.1109/ARES.2012.36
Chong MGellersen H(2012)Usability classification for spontaneous device associationPersonal and Ubiquitous Computing10.1007/s00779-011-0421-116:1(77-89)Online publication date: 1-Jan-2012
https://dl.acm.org/doi/10.1007/s00779-011-0421-1
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten