PIggy-backed key exchange using online services (PIKE)

Abstract

This demonstration presents PIKE, a piggybacked key exchange protocol that uses social networks (like Facebook) or business tools (like Google Calendar) to enable secure personal interaction. PIKE minimizes the configuration effort that is necessary to set up a secure communication channel among a set of devices. To do this, it piggybacks the exchange of cryptographic keys on existing online services which perform user authentication and enable the (secure) sharing of resources. To support encryption or authentication without Internet connection, PIKE relies on the automatic detection of triggers for upcoming personal interactions and exchanges keys before they take place. To demonstrate the broad applicability of PIKE, we present two example applications that show how its secure key exchange can be used in the real world. The first application uses PIKE to automatically share resources - in our case the readings of a GPS receiver - among a set of devices, when an event takes place. The second application relies on PIKE to enable the secure and automatic identification of individual visitors at the registration desk of a conference.