Skip to main content
SpringerLink
Log in

HAPADEP: Human-Assisted Pure Audio Device Pairing

  • Conference paper
Information Security (ISC 2008)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5222))

Included in the following conference series:

Abstract

The number and diversity of personal electronic gadgets have been steadily increasing but there has been fairly little progress in secure pairing of such devices. The pairing challenge revolves around establishing on-the-fly secure communication without any trusted (on- or off-line) third parties between devices that have no prior association. One basic approach to counter Man-in-the-Middle (MiTM) attacks in such setting is to involve the user in the pairing process. Previous research yielded some interesting secure pairing techniques, some of which ask too much of the human user, while others assume availability of specialized equipment (e.g., wires, photo or video cameras) on personal devices. Furthermore, all prior methods assumed an established insecure channel over a common digital (human-imperceptible) communication medium, such as infrared, 802.11 or Bluetooth.

In this paper we introduce a very simple technique called HAPADEP (Human-Assisted Pure Audio Device Pairing). HAPADEP uses the audio channel to exchange both data and verification information among devices without requiring any other means of common electronic communication. Despite its simplicity, a number of interesting issues arise in the design of HAPADEP. We discuss design and implementation highlights as well as usability features and limitations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bouncy Castle Crypto APIs, http://www.bouncycastle.org/

  2. HAPADEP website, http://sconce.ics.uci.edu/hapadep/

  3. Perrig, A., Song, D.: Hash visualization: A new technique to improve real-world security. In: Proceedings of the 1999 International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC 1999), pp. 131–138 (July 1999)

    Google Scholar 

  4. Alliance, W.: Wi-fi protected setup specification. WiFi Alliance Document (January 2007)

    Google Scholar 

  5. Balfanz, D., Smetters, D.K., Stewart, P., Wong, H.C.: Talking to strangers: Authentication in ad-hoc wireless networks. In: Symposium on Network and Distributed Systems Security (NDSS 2002) (February 2002)

    Google Scholar 

  6. Ellison, C.M., Dohrmann, S.: Public-key support for group collaboration. ACM Trans. Inf. Syst. Secur. 6(4), 547–565 (2003)

    Article  Google Scholar 

  7. Feeney, L.M., Ahlgren, B., Westerlund, A.: Demonstration abstract: Spontaneous networking for secure collaborative applications in an infrastructureless environment. In: International conference on pervasive computing (pervasive 2002) (2002)

    Google Scholar 

  8. Stajano, F., Anderson, R.: The resurrecting duckling: Security issues for ad-hoc wireless networks. In: Security Protocols, 7th International Workshop (1999)

    Google Scholar 

  9. Goldberg, I.: Visual Key Fingerprint Code (1996), http://www.cs.berkeley.edu/iang/visprint.c

  10. Goodrich, M.T., Sirivianos, M., Solis, J., Tsudik, G., Uzun, E.: Loud and clear: Human-verifiable authentication based on audio. In: ICDCS 2006: Proceedings of the 26th IEEE International Conference on Distributed Computing Systems (2006)

    Google Scholar 

  11. B. S. I. Group.Simple pairing whitepaper (2006), http://www.bluetooth.com/Bluetooth/Apply/Technology/Research/Simple_Pairing.htm

  12. Holmquist, L.E., Mattern, F., Schiele, B., Alahuhta, P., Beigl, M., Gellersen, H.-W.: Smart-its friends: A technique for users to easily establish connections between smart artefacts. In: UbiComp 2001: Proceedings of the 3rd international conference on Ubiquitous Computing, Atlanta, Georgia, USA, pp. 116–122. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  13. McCune, J.M., Perrig, A., Reiter, M.K.: Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication. In: 2005 IEEE Symposium on Security and Privacy, pp. 110–124 (2005)

    Google Scholar 

  14. Kindberg, T., Zhang, K.: Secure spontaneous device association. In: Dey, A.K., Schmidt, A., McCarthy, J.F. (eds.) UbiComp 2003. LNCS, vol. 2864, pp. 124–131. Springer, Heidelberg (2003)

    Google Scholar 

  15. Kindberg, T., Zhang, K.: Validating and securing spontaneous associations between wireless devices. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 44–53. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  16. Kostiainen, K., Uzun, E.: Framework for comparative usability testing of distributed applications, http://sconce.ics.uci.edu/CUF/

  17. Laur, S., Nyberg, K.: Efficient mutual data authentication using manually authenticated strings. In: Pointcheval, D., Mu, Y., Chen, K. (eds.) CANS 2006. LNCS, vol. 4301, pp. 90–107. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  18. Lopes, C.: The digital voices project home page, http://www.isr.uci.edu/~lopes/dv/dv.html

  19. Lopes, C.V., Aguiar, P.M.: Acoustic modems for ubiquitous computing. IEEE Pervasive Computing 02(3), 62–71 (2003)

    Article  Google Scholar 

  20. Lopes, P., Aguiar, C.V.: Aerial acoustic communications. In: 2001 IEEE Workshop on the Applications of Signal Processing to Audio and Acoustics, pp. 219–222 (2001)

    Google Scholar 

  21. Mayrhofer, R., Gellersen, H.: Shake well before use: Authentication based on accelerometer data. In: Proc. Pervasive 2007: 5th International Conference on Pervasive Computing (2007)

    Google Scholar 

  22. Microsoft. Windows connect now-ufd and windows vista specification. version 1.0 (2006), http://www.microsoft.com/whdc/Rally/WCN-UFDVistaspec.mspx

  23. Saxena, N., Ekberg, J.-E., Kostiainen, K., Asokan, N.: Secure Device Pairing based on a Visual Channel. In: 2006 IEEE Symposium on Security and Privacy (2006)

    Google Scholar 

  24. Pasini, S., Vaudenay, S.: Sas-based authenticated key agreement. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 395–409. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  25. Prasad, R., Saxena, N.: Efficient device pairing using human-comparable synchronized audiovisual patterns. In: Applied Cryptography and Network Security (ACNS) (June 2008)

    Google Scholar 

  26. Roth, V., Polak, W., Rieffel, E.G., Turner, T.: Simple and effective defense against evil twin access points. In: WISEC, short paper, pp. 220–235 (2008)

    Google Scholar 

  27. Soriente, C., Tsudik, G., Uzun, E.: BEDA: Button-Enabled Device Association. In: IWSSI (2007)

    Google Scholar 

  28. Uzun, E., Karvonen, K., Asokan, N.: Usability Analysis of Secure Pairing Methods. In: Dietrich, S., Dhamija, R. (eds.) USEC 2007. LNCS, vol. 4886. Springer, Heidelberg (2007)

    Google Scholar 

  29. Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory IT–22(6), 644–654 (1976)

    Article  MathSciNet  Google Scholar 

  30. Wireless USB Specification. Association models supplement. revision 1.0. USB Implementers Forum (2006), http://www.usb.org/developers/wusb/

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, University of California, Irvine,  

    Claudio Soriente, Gene Tsudik & Ersin Uzun

Authors
  1. Claudio Soriente
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gene Tsudik
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ersin Uzun
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Tzong-Chen Wu Chin-Laung Lei Vincent Rijmen Der-Tsai Lee

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Soriente, C., Tsudik, G., Uzun, E. (2008). HAPADEP: Human-Assisted Pure Audio Device Pairing. In: Wu, TC., Lei, CL., Rijmen, V., Lee, DT. (eds) Information Security. ISC 2008. Lecture Notes in Computer Science, vol 5222. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85886-7_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-85886-7_27

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-85884-3

  • Online ISBN: 978-3-540-85886-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation