skip to main content
10.1145/1837110.1837117acmotherconferencesArticle/Chapter ViewAbstractPublication PagessoupsConference Proceedingsconference-collections
research-article

Two heads are better than one: security and usability of device associations in group scenarios

Published: 14 July 2010 Publication History

Abstract

We analyse and evaluate the usability and security of the process of bootstrapping security among devices in group scenarios. While a lot of work has been done in single user scenarios, we are not aware of any that focusses on group situations. Unlike in single user scenarios, bootstrapping security in a group requires coordination, attention, and cooperation of all group members. In this paper, we provide an analysis of the security and usability of bootstrapping security in group scenarios and present the results of a usability study on these scenarios. We also highlight crucial factors necessary for designing for secure group interactions.

References

[1]
R. Anderson and T. Moore. The Economics of Information Security. Science, 314(5799):610--613, 2006.
[2]
D. Balfanz, D. K. Smetters, P. Stewart, and H. C. Wong. Talking to strangers: Authentication in ad-hoc wireless networks. In In Symposium on Network and Distributed Systems Security (NDSS '02), San Diego, California, 2002.
[3]
M. Čagalj, S. Čapkun, and J. Hubaux. Key agreement in peer-to-peer wireless networks. In Proceedings of the IEEE (Special Issue on Cryptography and Security). IEEE, 2006.
[4]
M. K. Chong and H. Gellersen. Classification of spontaneous device association from a usability perspective. In In Second International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use (IWSSI/SPMU), 2010.
[5]
P. DiGioia and P. Dourish. Social navigation as a model for usable security. In SOUPS '05: Proceedings of the 2005 symposium on Usable privacy and security, pages 101--108, New York, NY, USA, 2005. ACM.
[6]
D. Dolev and A. Yao. On the Security of Public Key Protocols. In Information Theory, IEEE Transactions on, volume 29(2), pages 198--208, 1983.
[7]
P. Dourish, E. Grinter, J. Delgado de la Flor, and M. Joseph. Security in the wild: user strategies for managing security as an everyday, practical problem. Personal Ubiquitous Comput., 8(6):391--401, 2004.
[8]
L. M. Feeney, B. Ahlgren, and A. Westerlund. Demonstration abstract: Spontaneous networking for secure collaborative applications in an infrastructureless environment. In International conference on pervasive computing (Pervasive 2002), 2002.
[9]
N. S. Good and A. Krekelberg. Usability and Privacy: A Study of Kazaa P2P File-sharing. In CHI '03: Proceedings of the SIGCHI conference on Human factors in computing systems, pages 137--144, New York, NY, USA, 2003. ACM.
[10]
M. Goodrich, M. Sirivianos, J. Solis, G. Tsudik, and E. Uzun. Loud and clear: Human-verifiable authentication based on audio. In Proc. 26th IEEE International Conference on Distributed Computing Systems ICDCS 2006, pages 10--10, 04--07 July 2006.
[11]
B. S. I. Group. Simple Pairing White Paper. www.bluetooth.com/NR/rdonlyres/0A0B3F36-D15F-4470-85A6-F2CCFA26F70F/0/SimplePairing_WP_V10r00.pdf.
[12]
I. Ion, M. Langheinrich, and P. Kumaraguru. Influence of User Perception, Security Needs, and Social Factors on Device Pairing Method Choices. In SOUPS '10: Proceedings of the 5th symposium on Usable privacy and security, to appear, 2010.
[13]
R. Kainda, I. Flechais, and A. Roscoe. Usability and Security of Out-Of-Band Channels in Secure Device Pairing Protocols. In SOUPS '09: Proceedings of the 5th symposium on Usable privacy and security, 2009.
[14]
R. Kainda, I. Flechais, and A. Roscoe. Information Security Theory and Practice. Security and Privacy of Pervasive Systems and Smart Devices, volume 6033 of WISTP 2010, Lecture Notes in Computer Sciences, chapter Secure and Usable Out-Of-Band Channels for Ad hoc Mobile Device Interactions, pages 308--315. Spinger, 4 2010.
[15]
R. Kainda, I. Flechais, and A. Roscoe. Secure Mobile Ad-hoc Interactions: Reasoning About Out-Of-Band (OOB) Channels. In In Second International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use (IWSSI/SPMU), 2010.
[16]
R. Kainda, I. Flechais, and A. Roscoe. Security and Usability: Analysis and Evaluation. 2010.
[17]
A. Kobsa, R. Sonawalla, G. Tsudik, E. Uzun, and Y. Wang. Serial Hook-ups: A Comparative Usability Study of Secure Device Pairing Methods. In SOUPS '09: Proceedings of the 5th symposium on Usable privacy and security, 2009.
[18]
J. Leach. Improving user security behaviour. Computers & Security, 22(8):685--692, 2003.
[19]
J. R. Lewis. IBM Computer Usability Satisfaction Questionnaires: Psychometric Evaluation and Instructions for Use. Int. J. Hum.-Comput. Interact., 7(1):57--78, 1995.
[20]
M. Long and D. Durham. Human Perceivable Authentication: An Economical Solution for Security Associations in Short-Distance Wireless Networking. In ICCCN, pages 257--264. IEEE, 2007.
[21]
R. Mayrhofer and H. Gellersen. Shake well before use: Authentication based on Accelerometer Data. In Proc. Pervasive 2007: 5th International Conference on Pervasive Computing, volume 4480 of LNCS, pages 144--161. Springer-Verlag, May 2007.
[22]
R. Mayrhofer and M. Welch. A human-verifiable authentication protocol using visible laser light. In ARES '07: Proceedings of the The Second International Conference on Availability, Reliability and Security, pages 1143--1148, Washington, DC, USA, 2007. IEEE Computer Society.
[23]
J. McCune, A. Perrig, and M. Reiter. Seeing-is-Believing: Using Camera Phones for Human-Verifiable Authentication. In Proc. IEEE Symposium on Security and Privacy, pages 110--124, 8--11 May 2005.
[24]
L. H. Nguyen and A. W. Roscoe. Efficient group authentication protocol based on human interaction. In Proceedings of the Workshop on Foundation of Computer Security and Automated Reasoning Protocol Security Analysis (FCS-ARSPA), pages 9--33, 2006.
[25]
A. Perrig and D. Song. Hash visualization: a new technique to improve real-world security. In International Workshop on Cryptographic Techniques and E-Commerce (Cryp TEC '99), pages 131--138, 1999.
[26]
A. W. Roscoe, S. J. Creese, M. H. Goldsmith, and M. Xiao. Bootstrapping multi-party ad-hoc security. In Proceedings of SAC 2006, 2006.
[27]
M. A. Sasse, S. Brostoff, and D. Weirich. Transforming the 'weakest link' --- a human/computer interaction approach to usable and effective security. BT Technology Journal, 19(3):122--131, 2001.
[28]
N. Saxena, J.-E. Ekberg, K. Kostiainen, and N. Asokan. Secure Device Pairing based on a Visual Channel (Short Paper). In SP '06: Proceedings of the 2006 IEEE Symposium on Security and Privacy, pages 306--313, Washington, DC, USA, 2006. IEEE Computer Society.
[29]
N. Saxena, B. Uddin, and V. Jonathan. Universal Device Pairing Using an Auxiliary Device. In Symposium on Usable Privacy and Security (SOUPS), July 2008.
[30]
B. Schneier. Biometrics: Truths and fictions. Crypto-Gram Newsletter, August 15, 1998.
[31]
B. Schneier. Secrets & Lies: Digital Security in a Networked World. John Wiley & Sons, Inc., New York, NY, USA, 2000.
[32]
C. Soriente, G. Tsudik, and E. Uzun. BEDA: Button-Enabled Device Association. In In International Workshop on Security for Spontaneous Interaction (IWSSI), 2007.
[33]
C. Soriente, G. Tsudik, and E. Uzun. HAPADEP: Human-Assisted Pure Audio Device Pairing. In ISC '08: Proceedings of the 11th international conference on Information Security, pages 385--400, Berlin, Heidelberg, 2008. Springer-Verlag.
[34]
F. Stajano and R. Anderson. The resurrecting duckling: security issues for ubiquitous computing. Computer, 35(4):22--26, April 2002.

Cited By

View all
  • (2024)Sounds Good? Fast and Secure Contact Exchange in GroupsProceedings of the ACM on Human-Computer Interaction10.1145/36869648:CSCW2(1-44)Online publication date: 8-Nov-2024
  • (2019)Usability analysis of shared device ecosystem securityProceedings of the New Security Paradigms Workshop10.1145/3368860.3368861(1-15)Online publication date: 23-Sep-2019
  • (2018)Survey and Systematization of Secure Device PairingIEEE Communications Surveys & Tutorials10.1109/COMST.2017.274827820:1(517-550)Online publication date: Sep-2019
  • Show More Cited By

Index Terms

  1. Two heads are better than one: security and usability of device associations in group scenarios

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    SOUPS '10: Proceedings of the Sixth Symposium on Usable Privacy and Security
    July 2010
    236 pages
    ISBN:9781450302647
    DOI:10.1145/1837110

    Sponsors

    • Carnegie Mellon University: Carnegie Mellon University

    In-Cooperation

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 14 July 2010

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. device association
    2. group interactions
    3. security protocols
    4. usability

    Qualifiers

    • Research-article

    Conference

    SOUPS '10
    Sponsor:
    • Carnegie Mellon University
    SOUPS '10: Symposium on Usable Privacy and Security
    July 14 - 16, 2010
    Washington, Redmond, USA

    Acceptance Rates

    Overall Acceptance Rate 15 of 49 submissions, 31%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)12
    • Downloads (Last 6 weeks)1
    Reflects downloads up to 18 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)Sounds Good? Fast and Secure Contact Exchange in GroupsProceedings of the ACM on Human-Computer Interaction10.1145/36869648:CSCW2(1-44)Online publication date: 8-Nov-2024
    • (2019)Usability analysis of shared device ecosystem securityProceedings of the New Security Paradigms Workshop10.1145/3368860.3368861(1-15)Online publication date: 23-Sep-2019
    • (2018)Survey and Systematization of Secure Device PairingIEEE Communications Surveys & Tutorials10.1109/COMST.2017.274827820:1(517-550)Online publication date: Sep-2019
    • (2017)An Exploration of the Effects of Sensory Stimuli on the Completion of Security TasksIEEE Security & Privacy10.1109/MSP.2017.425111015:6(52-60)Online publication date: Nov-2017
    • (2016)Identifying Parent's Security Requirements for Web Filtering in MOOCs for KidsUser-Centered Design Strategies for Massive Open Online Courses (MOOCs)10.4018/978-1-4666-9743-0.ch004(48-66)Online publication date: 2016
    • (2016)Natural group binding and cross-display object movement methods for wearable devicesProceedings of the 18th International Conference on Human-Computer Interaction with Mobile Devices and Services10.1145/2935334.2935346(206-216)Online publication date: 6-Sep-2016
    • (2015)Connecting devices for collaborative interactionsInteractions10.1145/277688722:4(39-43)Online publication date: 25-Jun-2015
    • (2015)Checksum gesturesProceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing10.1145/2750858.2807521(391-401)Online publication date: 7-Sep-2015
    • (2015)A Study of IEEE 802.15.6 Association ProtocolsProceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA - Volume 0110.1109/Trustcom.2015.456(848-855)Online publication date: 20-Aug-2015
    • (2014)FlexiGroupsProceedings of the 16th international conference on Human-computer interaction with mobile devices & services10.1145/2628363.2628376(369-378)Online publication date: 23-Sep-2014
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media