ABSTRACT
Ad-hoc interactions between devices over wireless networks present a security problem: the generation of shared secrets to initialize secure communication over a medium that is inherently vulnerable to various attacks. However, these scenarios can also build on physical security of spaces by using protocols in which users visibly demonstrate their presence to generate an association. As a consequence, secure device pairing has received significant attention. A plethora of schemes and protocols have been proposed, which use various forms of out-of-band exchange to form an association between two devices. These protocols and schemes have different strengths and weaknesses -- often in hardware requirements, strength against various attacks or usability in particular scenarios. From ordinary user's point of view, the problem then becomes which to choose or which is the best possible scheme in a particular scenario. This problem could be relieved by automation. We advocate that the integration of a discovery mechanism, several pairing schemes and a selection protocol into a single system is more efficient for users. In this paper, we present such a system along with its implementation details.
- Malkani, Y. A., D. Chalmers, and I. Wakeman, Secure Device Association: Trends and Issues, in Security of Self-Organizing Networks: MANET, WSN, WMN, VANET, A.-S.K. Pathan, Editor. October 2010, Auerbach Publication: CRC Press, Taylor & Francis Group, USA.Google Scholar
- Malkani, Y. A., et al., Towards a General System for Secure Device Pairing by Demonstration of Physical Proximity, in MWNS-09 co-located with IFIP Networking 2009 Conference, Shaker Verlag: Aachen, Germany. ISBN: 978-3-8322-8177-9. p. 13--24.Google Scholar
- Spahic, A., et al., Pre-Authentication using Infrared Privacy, Security, and Trust Within the Context of Pervasive Computing, 2005. Vol. 780: p. 105--112.Google Scholar
- Balfanz, D., et al. Talking to strangers: Authentication in adhoc wireless networks. in Symposium on Network and Distributed Systems Security (NDSS '02). 2002.Google Scholar
- Mayrhofer, R., M. Hazas, and H. Gellersen, An authentication protocol using ultrasonic ranging: Technical Report. 2006, Lancaster University.Google Scholar
- Mayrhofer, R. and H. Gellersen. On the Security of Ultrasound as Out-of-band Channel. in IEEE Symposium on Parallel and Distributed Processing (IPDPS'07), 2007.Google ScholarCross Ref
- Mayrhofer, R. and M. Welch. A Human-Verifiable Authentication Protocol Using Visible Laser Light. in 2nd Int. Conf. on Availability, Reliability and Security(ARES'07). 2007. Google ScholarDigital Library
- Holmquist, L. E., et al., Smart-Its Friends: A Technique for Users to Easily Establish Connections between Smart Artefacts, in Proceedings of the 3rd international conference on Ubiquitous Computing. 2001, Springer Verlag: Atlanta, Georgia, USA. Google ScholarDigital Library
- Mayrhofer, R. and H. Gellersen, Shake Well Before Use: Authentication Based on Accelerometer Data, in 5th Int. Conf. on Pervasive Computing (Pervasive 2007). 2007. Google ScholarDigital Library
- Kirovski, D., M. Sinclair, and D. Wilson, The Martini Synch: Joint Fuzzy Hashing Via Error Correction, in Security and Privacy in Ad-hoc and Sensor Networks. 2007. p. 16--30. Google ScholarDigital Library
- McCune, J. M., A. Perrig, and M. K. Reiter, Seeing-is-believing: using camera phones for human-verifiable authentication. Security and Privacy, 2005 IEEE Symposium on, 2005: p. 110--124. Google ScholarDigital Library
- Saxena, N. and M. Uddin, Automated Device Pairing for Asymmetric Pairing Scenarios, in Information and Communications Security. 2008. p. 311--327. Google ScholarDigital Library
- Soriente, C., G. Tsudik, and E. Uzun. BEDA: Button-Enabled Device Association. in Internation Workshop on Security and Spontaneous Interaction (IWSSI 2007). 2007.Google Scholar
- Soriente, C., G. Tsudik, and E. Uzun (2007) HAPADEP: Human Asisted Pure Audio Device Pairing. Cryptology ePrint Archive, Report 2007/093.Google Scholar
- Goodrich, M. T., et al. Loud and Clear: Human-Verifiable Authentication Based on Audio. in 26th IEEE Int. Conf. on Distributed Computing Systems, ICDCS'06. 2006. Google ScholarDigital Library
- Castelluccia, C. and P. Mutaf, Shake them up!: a movement-based pairing protocol for CPU-constrained devices, in Proc. of the 3rd Int. Conf. on Mobile Systems, Applications, and Services. 2005, ACM: Seattle, Washington. Google ScholarDigital Library
- Varshavsky, A., et al., Amigo: Proximity-Based Authentication of Mobile Devices, in UbiComp 2007: Ubiquitous Computing. 2007. p. 253--270. Google ScholarDigital Library
- Gehrmann, C. and C. J. Mitchell, Manual Authentication for Wireless Devices. RSA Cryptobytes, 2004. Vol. 7(1): p. 29--37.Google Scholar
- Stajano, F. and R. Anderson, The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks, in Security Protocols. 2000. p. 172--182. Google ScholarDigital Library
- Saxena, N., et al., Secure Device Pairing based on a Visual Channel. sp, 2006. 0: p. 306--313. Google ScholarDigital Library
- Schneier, B., Applied Cryptography: Protocols, Algorithms and Source Code in C. 2nd ed. 1996. Google ScholarDigital Library
- Phidgets: Products for USB Sensing and Control. 2010.Google Scholar
- Oracle Berkeley DB XML. {cited April, 2010}; Available from: http://www.oracle.com/database/berkeley-db/xml/index.html.Google Scholar
- Mimaroglu, S. Java Programming with Berkeley DBXML. 2010 {cited April, 2010}; Available from: http://linux.sys-con.com/node/175405.Google Scholar
- Reynolds, F., et al., Composite Capability / Preference Profiles (CC/PP): A User Side Framework for Content Negotiation, W3C NOTE-CCPP-19990727, July 1999, url: http://www.w3.org/TR/NOTE-CCPP/.Google Scholar
Index Terms
- A framework for secure device pairing by demonstration of physical proximity
Recommendations
A short redactable signature scheme using pairing
Redactable signature schemes permit deletion of arbitrary substrings of a signed document while preserving the authenticity of the remaining document. Most of known redactable signatures based on pairing have large-sized signatures and the sizes depend ...
Provably secure certificate-based signature scheme without pairings
In order to simplify certificate management in traditional public key cryptography and solve the key escrow problem in identity-based cryptography, the notion of certificate-based cryptography was introduced. Recently, Ming and Wang proposed a ...
One-shot Pairing and Authentication Using Moms Secret
WWW '24: Companion Proceedings of the ACM on Web Conference 2024The existing pairing and authentication mechanisms adopt either fuzzy commitment or fuzzy password-authenticated key exchange for device fingerprint generation, detecting and correcting multiple symbol errors, leading to guessing attacks and increased ...
Comments