Universal device pairing using an auxiliary device

Symposium On Usable Privacy and Security Pub Date : 2008-07-23 DOI:10.1145/1408664.1408672

Nitesh Saxena, Md. Borhan Uddin, Jonathan Voris

{"title":"Universal device pairing using an auxiliary device","authors":"Nitesh Saxena, Md. Borhan Uddin, Jonathan Voris","doi":"10.1145/1408664.1408672","DOIUrl":null,"url":null,"abstract":"The operation of achieving authenticated key agreement between two human-operated devices over a short-range wireless communication channel (such as Bluetooth or WiFi) is referred to as \"Pairing\". The devices in such a scenario are ad hoc in nature, i.e., they can neither be assumed to have a prior context (such as pre-shared secrets) with each other nor do they share a common trusted on- or off-line authority. However, the devices can generally be connected using auxiliary physical channel(s) (such as audio, visual, etc.) that can be authenticated by the device user(s) and thus form a basis for pairing.\n One of the main challenges of secure device pairing is the lack of good quality output interfaces as well as corresponding receivers on devices. In [13], we presented a pairing scheme which is universally applicable to any pair of devices (such as a WiFi AP and a laptop, a Bluetooth keyboard and a desktop, etc.). The scheme is based upon the device user(s) comparing short and simple synchronized audiovisual patterns, such as \"beeping\" and \"blinking\". In this paper, we automate the (manual) scheme of [13] by making use of an auxiliary, commonly available device such as a personal camera phone. Based on a preliminary user study we conducted, we show that the automated scheme is generally faster and more user-friendly relative to the manual scheme. More importantly, the proposed scheme turns out to be quite accurate in the detection of any possible attacks.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"37 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"40","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Symposium On Usable Privacy and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1408664.1408672","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 40

Abstract

The operation of achieving authenticated key agreement between two human-operated devices over a short-range wireless communication channel (such as Bluetooth or WiFi) is referred to as "Pairing". The devices in such a scenario are ad hoc in nature, i.e., they can neither be assumed to have a prior context (such as pre-shared secrets) with each other nor do they share a common trusted on- or off-line authority. However, the devices can generally be connected using auxiliary physical channel(s) (such as audio, visual, etc.) that can be authenticated by the device user(s) and thus form a basis for pairing. One of the main challenges of secure device pairing is the lack of good quality output interfaces as well as corresponding receivers on devices. In [13], we presented a pairing scheme which is universally applicable to any pair of devices (such as a WiFi AP and a laptop, a Bluetooth keyboard and a desktop, etc.). The scheme is based upon the device user(s) comparing short and simple synchronized audiovisual patterns, such as "beeping" and "blinking". In this paper, we automate the (manual) scheme of [13] by making use of an auxiliary, commonly available device such as a personal camera phone. Based on a preliminary user study we conducted, we show that the automated scheme is generally faster and more user-friendly relative to the manual scheme. More importantly, the proposed scheme turns out to be quite accurate in the detection of any possible attacks.

查看原文本刊更多论文

通用设备配对使用辅助设备

通过短距离无线通信信道(如蓝牙或WiFi)在两个人工操作设备之间实现认证密钥协议的操作称为“配对”。这种场景中的设备本质上是特别的，也就是说，既不能假定它们彼此具有先前的上下文(例如预共享的秘密)，也不能假定它们共享共同的可信在线或离线权限。然而，设备通常可以使用辅助物理通道(如音频、视频等)连接，这些通道可以由设备用户进行身份验证，从而形成配对的基础。安全设备配对的主要挑战之一是缺乏高质量的输出接口以及设备上相应的接收器。在b[13]中，我们提出了一种普遍适用于任何设备对(如WiFi AP和笔记本电脑，蓝牙键盘和台式机等)的配对方案。该方案是基于设备用户比较短的和简单的同步视听模式，如“哔哔声”和“闪烁”。在本文中，我们通过使用辅助的、常用的设备，如个人拍照手机，来实现[13](手动)方案的自动化。根据我们进行的初步用户研究，我们表明，相对于手动方案，自动化方案通常更快，更用户友好。更重要的是，所提出的方案在检测任何可能的攻击方面都是非常准确的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Symposium On Usable Privacy and Security

自引率

0.00%

发文量