skip to main content
10.1145/1837110.1837118acmotherconferencesArticle/Chapter ViewAbstractPublication PagessoupsConference Proceedingsconference-collections
research-article

Influence of user perception, security needs, and social factors on device pairing method choices

Published: 14 July 2010 Publication History

Abstract

Recent years have seen a proliferation of secure device pairing methods that try to improve both the usability and security of today's de-facto standard -- PIN-based authentication. Evaluating such improvements is difficult. Most comparative laboratory studies have so far mainly focused on completeness, trying to find the single best method among the dozens of proposed approaches -- one that is both rated the most usable by test subjects, and which provides the most robust security guarantees. This search for the "best" pairing method, however, fails to take into account the variety of situations in which such pairing protocols may be used in real life. The comparative study reported here, therefore, explicitly situates pairing tasks in a number of more realistic situations. Our results indicate that people do not always use the easiest or most popular method -- they instead prefer different methods in different situations, based on the sensitivity of data involved, their time constraints, and the social conventions appropriate for a particular place and setting. Our study also provides qualitative data on factors influencing the perceived security of a particular method, the users' mental models surrounding security of a method, and their security needs.

References

[1]
Bump. http://bu.mp/.
[2]
R. Adelmann, M. Langheinrich, and C. Floerkemeier. Toolkit for bar code recognition and resolving on camera phones -- jump starting the internet of things. In GI Jahrestagung (2), pages 366--373, 2006.
[3]
D. Balfanz, G. Durfee, R. E. Grinter, D. K. Smetters, and P. Stewart. Network-in-a-box: how to set up a secure wireless network in under a minute. In SSYM'04: Proceedings of the 13th conference on USENIX Security Symposium, pages 15--15, Berkeley, CA, USA, 2004. USENIX Association.
[4]
L. Bauer, L. F. Cranor, M. K. Reiter, and K. Vaniea. Lessons learned from the deployment of a smartphone-based access-control system. In SOUPS '07: Proceedings of the 3rd Symposium on Usable Privacy and Security, pages 64--75, July 2007.
[5]
Bluetooth SIG. Bluetooth Special Interest Group. Simple Pairing Whitepaper (Revision V10r00), 2006.
[6]
S. Drimer and S. J. Murdoch. Keep your enemies close: distance bounding against smartcard relay attacks. In SS'07: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, pages 1--16, Berkeley, CA, USA, 2007. USENIX Association.
[7]
C. Gehrmann and K. Nyberg. Enhancements to Bluetooth baseband security. In Proceedings of Nordsec 2001, 2001.
[8]
C. Gehrmann and K. Nyberg. Manual authentication for wireless devices. RSA Cryptobytes, 7:2004, 2004.
[9]
M. T. Goodrich, M. Sirivianos, J. Solis, G. Tsudik, and E. Uzun. Loud and clear: Human-verifiable authentication based on audio. In ICDCS '06: Proceedings of the 26th IEEE International Conference on Distributed Computing Systems, page 10, Washington, DC, USA, 2006. IEEE Computer Society.
[10]
R. Kainda, I. Flechais, and A. W. Roscoe. Usability and security of out-of-band channels in secure device pairing protocols. In SOUPS, 2009.
[11]
R. Kainda, I. Flechais, and A. W. Roscoe. Two heads are better than one: Security and usability of device associations in group scenarios. In SOUPS, 2010.
[12]
A. Kobsa, R. Sonawalla, G. Tsudik, E. Uzun, and Y. Wang. Serial hook-ups: a comparative usability study of secure device pairing methods. In SOUPS, 2009.
[13]
A. Kumar, N. Saxena, G. Tsudik, and E. Uzun. Caveat emptor: A comparative study of secure device pairing methods. In PerCom, pages 1--10, 2009.
[14]
A. Kumar, N. Saxena, G. Tsudik, and E. Uzun. A comparative study of secure device pairing methods. Pervasive Mob. Comput., 5(6):734--749, 2009.
[15]
A. Kumar, N. Saxena, and E. Uzun. Alice meets bob: A comparative usability study of wireless device pairing methods for a "two-user" setting. CoRR, abs/0907.4743, 2009.
[16]
S. Laur and K. Nyberg. Efficient mutual data authentication using manually authenticated strings. In CANS, pages 90--107, 2006.
[17]
J. M. McCune, A. Perrig, and M. K. Reiter. Seeing-is-believing: Using camera phones for human-verifiable authentication. In Proc. IEEE Symp. on Security and Privacy, pages 110--124, 2005.
[18]
U. Rashid and A. J. Quigley. Interaction techniques for binding smartphones: A desirability evaluation. In Human Centered Design -- First International Conference, HCD 2009, Held as Part of HCI International 2009, San Diego, CA, USA, July 19--24, 2009 Proceedings, pages 120--128, 2009.
[19]
J. Rekimoto. Synctap: synchronous user operation for spontaneous network connection. Personal Ubiquitous Comput., 8(2):126--134, 2004.
[20]
C. Soriente, G. Tsudik, and E. Uzun. BEDA: Button-enabled device pairing. In Proc. IWSSI 2007, pages 443--449, September 2007.
[21]
C. Soriente, G. Tsudik, and E. Uzun. HAPADEP: Human asisted pure audio device pairing. Cryptology ePrint Archive, Report 2007/093, March 2007.
[22]
J. Suomalainen, J. Valkonen, and N. Asokan. Security associations in personal networks: A comparative analysis. In Proc. ESAS 2007, pages 43--57. Springer-Verlag, 2007.
[23]
E. Uzun, K. Karvonen, and N. Asokan. Usability analysis of secure pairing methods. In Proc. USEC 2007: Usable Security, February 2007.
[24]
J. Valkonen, A. Toivonen, and K. Karvonen. Usability testing for secure device pairing in home networks. In Proc. IWSSI 2007, pages 457--462, September 2007.
[25]
M. Čagalj, S. Čapkun, and J.-P. Hubaux. Key agreement in peer-to-peer wireless networks. Proceedings of the IEEE (Special Issue on Cryptography and Security), 94(2):467--478, Feb. 2006.
[26]
Wi-fi. Wi-fi alliance announces groundbreaking specification to support direct wi-fi connections between devices. http://www.wi-fi.org/news_articles.php?f=media_news&news_id=909, October 14, 2009.

Cited By

View all
  • (2024)Sounds Good? Fast and Secure Contact Exchange in GroupsProceedings of the ACM on Human-Computer Interaction10.1145/36869648:CSCW2(1-44)Online publication date: 8-Nov-2024
  • (2022)“Nah, it’s just annoying!” A Deep Dive into User Perceptions of Two-Factor AuthenticationACM Transactions on Computer-Human Interaction10.1145/350351429:5(1-32)Online publication date: 20-Oct-2022
  • (2021)Interaction design for security based on social contextInternational Journal of Human-Computer Studies10.1016/j.ijhcs.2021.102675154:COnline publication date: 1-Oct-2021
  • Show More Cited By
  1. Influence of user perception, security needs, and social factors on device pairing method choices

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    SOUPS '10: Proceedings of the Sixth Symposium on Usable Privacy and Security
    July 2010
    236 pages
    ISBN:9781450302647
    DOI:10.1145/1837110

    Sponsors

    • Carnegie Mellon University: Carnegie Mellon University

    In-Cooperation

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 14 July 2010

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. authentication
    2. device pairing
    3. security
    4. social factors
    5. usability
    6. user studies

    Qualifiers

    • Research-article

    Conference

    SOUPS '10
    Sponsor:
    • Carnegie Mellon University
    SOUPS '10: Symposium on Usable Privacy and Security
    July 14 - 16, 2010
    Washington, Redmond, USA

    Acceptance Rates

    Overall Acceptance Rate 15 of 49 submissions, 31%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)15
    • Downloads (Last 6 weeks)1
    Reflects downloads up to 15 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)Sounds Good? Fast and Secure Contact Exchange in GroupsProceedings of the ACM on Human-Computer Interaction10.1145/36869648:CSCW2(1-44)Online publication date: 8-Nov-2024
    • (2022)“Nah, it’s just annoying!” A Deep Dive into User Perceptions of Two-Factor AuthenticationACM Transactions on Computer-Human Interaction10.1145/350351429:5(1-32)Online publication date: 20-Oct-2022
    • (2021)Interaction design for security based on social contextInternational Journal of Human-Computer Studies10.1016/j.ijhcs.2021.102675154:COnline publication date: 1-Oct-2021
    • (2021)Understanding users’ perceptions to improve fallback authenticationPersonal and Ubiquitous Computing10.1007/s00779-021-01571-yOnline publication date: 23-May-2021
    • (2018)Survey and Systematization of Secure Device PairingIEEE Communications Surveys & Tutorials10.1109/COMST.2017.274827820:1(517-550)Online publication date: Sep-2019
    • (2017)Behavior Change Interventions for CybersecurityBehavior Change Research and Theory10.1016/B978-0-12-802690-8.00004-9(115-136)Online publication date: 2017
    • (2016)Looks Good To MeProceedings of the 6th International Workshop on Trustworthy Embedded Devices10.1145/2995289.2995295(57-67)Online publication date: 28-Oct-2016
    • (2016)Natural group binding and cross-display object movement methods for wearable devicesProceedings of the 18th International Conference on Human-Computer Interaction with Mobile Devices and Services10.1145/2935334.2935346(206-216)Online publication date: 6-Sep-2016
    • (2016)Do Users' Perceptions of Password Security Match Reality?Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems10.1145/2858036.2858546(3748-3760)Online publication date: 7-May-2016
    • (2015)Connecting devices for collaborative interactionsInteractions10.1145/277688722:4(39-43)Online publication date: 25-Jun-2015
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media