skip to main content
10.1145/1864349.1864399acmconferencesArticle/Chapter ViewAbstractPublication PagesubicompConference Proceedingsconference-collections
research-article

Groupthink: usability of secure group association for wireless devices

Published: 26 September 2010 Publication History

Abstract

A fairly common modern setting entails users, each in possession of a personal wireless device, wanting to communicate securely, via their devices. If these users (and their devices) have no prior association, a new security context must be established. In order to prevent potential attacks, the initial context (association) establishment process must involve only the intended devices and their users.
A number of methods for initial secure association of two devices have been proposed; their usability factors have been explored and compared extensively. However, a more challenging problem of initial secure association of a group of devices (and users) has not received much attention. Although a few secure group association methods have been proposed, their usability aspects have not been studied, especially, in a comparative manner. This paper discusses desirable features and evaluation criteria for secure group association, identifies suitable methods and presents a comparative usability study. Results show that some simple methods (e.g., peer- or leader-based number comparisons) are quite attractive for small groups, being fast, reasonably secure and well-received by users.

References

[1]
}}N. Asokan and P. Ginzboorg. Key agreement in ad hoc networks. Computer Communications, 23(17):1627--1637, 2000.
[2]
}}D. Balfanz et al. Talking to strangers: Authentication in ad-hoc wireless networks. In Network and Distributed System Security Symposium (NDSS), 2002.
[3]
}}A. Bangor, P. T. Kortum, and J. T. Miller. An empirical evaluation of the system usability scale. International Journal of Human-Computer Interaction, 24(6):574--594, 2008.
[4]
}}V. Boyko, P. MacKenzie, and S. Patel. Provably Secure Password-Authenticated Key Exchange Using Diffie-Heilman. In International Conference on the Theory and Applications of Cryptographic Techniques (Eurocrypt), 2000.
[5]
}}J. Brooke. SUS: a "quick and dirty" usability scale. In P. W. Jordan, B. Thomas, B. A. Weerdmeester, and A. L. McClelland, editors, Usability Evaluation in Industry. Taylor and Francis, London, 1996.
[6]
}}M. Cagalj, S. Capkun, and J. Hubaux. Key agreement in peer-to-peer wireless networks. In Proceedings of the IEEE (Special Issue on Cryptography and Security), 2006.
[7]
}}C.-H. O. Chen et al. Gangs: gather, authenticate 'n group securely. In MobiCom: ACM international conference on Mobile computing and networking, 2008.
[8]
}}J. Cohen, P. Cohen, S. G. West, and L. S. Aiken. Applied multiple regression/correlation analysis for the behavioral sciences. Lawrence Erlbaum Associates, Hillsdale, NJ, 1983.
[9]
}}C. M. Ellison and S. Dohrmann. Public-key support for group collaboration. ACM Transactions on Information and System Security (TISSEC), 6(4):547--565, 2003.
[10]
}}E. Frkjr, M. Hertzum, and K. Hornbk. Measuring usability: are effectiveness, efficiency, and satisfaction really correlated? In CHI: Conference on Human Factors in Computing Systems, 2000.
[11]
}}C. Gehrmann, C. J. Mitchell, and K. Nyberg. Manual authentication for wireless devices. RSA CryptoBytes, 7(1):29 -- 37, 2004.
[12]
}}I. Goldberg. Visual Key Fingerprint Code. http://www.cs.berkeley.edu/iang/visprint.c, 1996.
[13]
}}M. Goodrich et al. Audio-based secure device pairing. In International Journal of Security and Networks (IJSN), volume 4, 2009.
[14]
}}R. Kainda, I. Flechais, and A. W. Roscoe. Usability and security of out-of-band channels in secure device pairing protocols. In SOUPS: Symposium on Usable Privacy and Security, 2009.
[15]
}}T. Kindberg and K. Zhang. Validating and securing spontaneous associations between wireless devices. In Information Security Conference (ISC), pages 44--53, 2003.
[16]
}}A. Kobsa, R. Sonawalla, G. Tsudik, E. Uzun, and Y. Wang. Serial hook-ups: A comparative usability study of secure device pairing methods. In SOUPS: Symposium on Usable Privacy and Security, 2009.
[17]
}}K. Kostiainen and E. Uzun. Framework for comparative usability testing of distributed applications. In Security User Studies: Methodologies and Best Practices Workshop, 2007.
[18]
}}A. Kumar et al. Caveat Emptor: A Comparative Study of Secure Device Pairing Methods. In IEEE International Conference on Pervasive Computing and Communications (PerCom), 2009.
[19]
}}A. Kumar, N. Saxena, and E. Uzun. Alice meets bob: A comparative usability study of wireless device pairing methods for a "two-user" setting. CoRR, abs/0907.4743, 2009.
[20]
}}C. Kuo, A. Studer, and A. Perrig. Mind your manners: socially appropriate wireless key establishment for groups. In WiSec: ACM conference on Wireless network security, 2008.
[21]
}}L. Holmquist et al. Smart-its friends: A technique for users to easily establish connections between smart artifacts. In ACM International Conference on Ubiquitous Computing (Ubicomp), 2001.
[22]
}}S. Laur and K. Nyberg. Efficient mutual data authentication using manually authenticated strings. International Conference on Cryptology and Network Security (CANS), 4301:90--107, 2006.
[23]
}}S. Laur and S. Pasini. Sas-based group authentication and key agreement protocols. In Public Key Cryptography, 2008.
[24]
}}J. Lewis and J. Sauro. The factor structure of the system usability scale. In Human Computer Interaction International Conference (HCII), 2009.
[25]
}}Y.-H. Lin et al. Spate: small-group pki-less authenticated trust establishment. In MobiSys: Conference on Mobile systems, applications, and services, 2009.
[26]
}}M. Goodrich et al. Loud and Clear: Human-Verifiable Authentication Based on Audio. In International Conference on Distributed Computing Systems (ICDCS), 2006.
[27]
}}R. Mayrhofer and H. Gellersen. Shake well before use: Authentication based on accelerometer data. International Conference on Pervasive Computing (Pervasive), 2007.
[28]
}}R. Mayrhofer and M. Welch. A human-verifiable authentication protocol using visible laser light. In IEEE International Conference on Availability, Reliability and Security, 2007.
[29]
}}J. M. McCune, A. Perrig, and M. K. Reiter. Seeing-is-believing: Using camera phones for human-verifiable authentication. In IEEE Symposium on Security and Privacy, 2005.
[30]
}}N. Saxena et al. Extended abstract: Secure device pairing based on a visual channel. In IEEE Symposium on Security and Privacy, 2006.
[31]
}}S. Pasini and S. Vaudenay. SAS-Based Authenticated Key Agreement. In International Conference on Theory and Practice of Public-Key Cryptography (PKC), 2006.
[32]
}}A. Perrig and D. Song. Hash visualization: a new technique to improve real-world security. In International Workshop on Cryptographic Techniques and E-Commerce, 1999.
[33]
}}R. Prasad and N. Saxena. Efficient device pairing using "human-comparable" synchronized audiovisual patterns. In Applied Cryptography and Network Security (ACNS), 2008.
[34]
}}C. Soriente, G. Tsudik, and E. Uzun. BEDA: Button-Enabled Device Association. In International Workshop on Security and Privacy in Spontaneous Interaction (IWSSI), 2007.
[35]
}}C. Soriente, G. Tsudik, and E. Uzun. HAPADEP: human-assisted pure audio device pairing. In Information Security Conference (ISC), pages 385--400, 2008.
[36]
}}F. Stajano and R. J. Anderson. The resurrecting duckling: Security issues for ad-hoc wireless networks. In Security Protocols Workshop, 1999.
[37]
}}E. Uzun, K. Karvonen, and N. Asokan. Usability analysis of secure pairing methods. In Financial Cryptography and Data Security, pages 307--324, 2007.
[38]
}}V. Roth et al. Simple and effective defense against evil twin access points. In ACM Conference on Wireless Network Security (WiSec), pages 220--235, 2008.
[39]
}}J. Valkonen, N. Asokan, and K. Nyberg. Ad hoc security associations for groups. In Security and Privacy in Ad-Hoc and Sensor Networks (ESAS), 2006.
[40]
}}S. Vaudenay. Secure communications over insecure channels based on short authenticated strings. In International Cryptology Conference (CRYPTO), 2005.

Cited By

View all
  • (2024)Sounds Good? Fast and Secure Contact Exchange in GroupsProceedings of the ACM on Human-Computer Interaction10.1145/36869648:CSCW2(1-44)Online publication date: 8-Nov-2024
  • (2019)An Asynchronous Serial Communication Learning Media: Usability EvaluationJournal of Physics: Conference Series10.1088/1742-6596/1413/1/0120181413(012018)Online publication date: 17-Dec-2019
  • (2018)Secure Device Bootstrapping Without Secrets Resistant to Signal Manipulation Attacks2018 IEEE Symposium on Security and Privacy (SP)10.1109/SP.2018.00055(819-835)Online publication date: May-2018
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
UbiComp '10: Proceedings of the 12th ACM international conference on Ubiquitous computing
September 2010
366 pages
ISBN:9781605588438
DOI:10.1145/1864349
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

In-Cooperation

  • University of Florida: University of Florida

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 September 2010

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. device pairing
  2. group association
  3. usability

Qualifiers

  • Research-article

Conference

Ubicomp '10
Ubicomp '10: The 2010 ACM Conference on Ubiquitous Computing
September 26 - 29, 2010
Copenhagen, Denmark

Acceptance Rates

UbiComp '10 Paper Acceptance Rate 39 of 202 submissions, 19%;
Overall Acceptance Rate 764 of 2,912 submissions, 26%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)13
  • Downloads (Last 6 weeks)0
Reflects downloads up to 09 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Sounds Good? Fast and Secure Contact Exchange in GroupsProceedings of the ACM on Human-Computer Interaction10.1145/36869648:CSCW2(1-44)Online publication date: 8-Nov-2024
  • (2019)An Asynchronous Serial Communication Learning Media: Usability EvaluationJournal of Physics: Conference Series10.1088/1742-6596/1413/1/0120181413(012018)Online publication date: 17-Dec-2019
  • (2018)Secure Device Bootstrapping Without Secrets Resistant to Signal Manipulation Attacks2018 IEEE Symposium on Security and Privacy (SP)10.1109/SP.2018.00055(819-835)Online publication date: May-2018
  • (2017)Measuring the Usability of Home Healthcare Devices Using Retrospective MeasuresProceedings of the Human Factors and Ergonomics Society Annual Meeting10.1177/154193121360180161:1(1281-1285)Online publication date: 20-Oct-2017
  • (2017)Lights, Camera, Action! Exploring Effects of Visual Distractions on Completion of Security TasksApplied Cryptography and Network Security10.1007/978-3-319-61204-1_7(124-144)Online publication date: 26-Jun-2017
  • (2016)The Relationship between Subjective and Objective Usability Metrics for Home Healthcare DevicesProceedings of the Human Factors and Ergonomics Society Annual Meeting10.1177/154193121559128659:1(1001-1005)Online publication date: 20-Dec-2016
  • (2016)Flashing displaysSecurity and Communication Networks10.1002/sec.14009:10(1050-1071)Online publication date: 10-Jul-2016
  • (2015)An architecture for secure mobile devicesSecurity and Communication Networks10.1002/sec.10288:10(1958-1970)Online publication date: 10-Jul-2015
  • (2014)Wiretapping via MimicryProceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security10.1145/2660267.2660274(868-879)Online publication date: 3-Nov-2014
  • (2014)FlexiGroupsProceedings of the 16th international conference on Human-computer interaction with mobile devices & services10.1145/2628363.2628376(369-378)Online publication date: 23-Sep-2014
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media