Advertisement

Usability Analysis of Secure Pairing Methods

  • Ersin Uzun
  • Kristiina Karvonen
  • N. Asokan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4886)

Abstract

Setting up security associations between end-user devices is a challenging task when it needs to be done by ordinary users. The increasing popularity of powerful personal electronics with wireless communication abilities has made the problem more urgent than ever before. During the last few years, several solutions have appeared in the research literature. Several standardization bodies have also been working on improved setup procedures. All these protocols provide certain level of security, but several new questions arise, such as ”how to implement this protocol so that it is easy to use?” and ”is it still secure when used by a non-technical person?” In this paper, we attempt to answer these questions by carrying out a comparative usability evaluation of selected methods to derive some insights into the usability and security of these methods as well as strategies for implementing them.

Keywords

Near Field Communication Usability Analysis Pairing Method Security Association Error Rate Total 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Near field communications forum (2004), www.nfc-forum.org/
  2. 2.
    Bluetooth special interest group: simple pairing whitepaper (2006), http://www.bluetooth.com/Bluetooth/Apply/Technology/Research/Simple_Pairing.htm
  3. 3.
    Windows connect now-ufd and windows vista specification (2006), http://www.microsoft.com/whdc/Rally/WCN-UFDVistaspec.mspx
  4. 4.
    Wireless usb specification: Association models supplement. revision 1.0. USB Implementers Forum (2006), http://www.usb.org/developers/wusb/
  5. 5.
    Wi-fi protected setup specification (January 2007), http://www.wi-fi.org/published_specifications.php
  6. 6.
    Balfanz, D., Durfee, G., Grinter, R.E., Smetters, D.K., Stewart, P.: Network-in-a-box: how to set up a secure wireless network in under a minute. In: SSYM 2004. Proceedings of the 13th conference on USENIX Security Symposium, Berkeley, CA, USA, pp. 207–222. USENIX Association (2004)Google Scholar
  7. 7.
    Cagalj, M., Capkun, S., Hubaux, J.: Key agreement in peer-to-peer wireless networks. In: Proceedings of the IEEE (Special Issue on Cryptography and Security) (2006)Google Scholar
  8. 8.
    Balfanz, D., Smetters, D.K., Stewart, P., Chi Wong, H.: Talking to strangers: Authentication in ad-hoc wireless networks. In: Symposium on Network and Distributed Systems Security (NDSS 2002) (February 2002)Google Scholar
  9. 9.
    Gehrmann, C., Mitchell, C., Nyberg, K.: Manual authentication for wireless devices. RSA Cryptobytes 7(1), 2937 (2004)Google Scholar
  10. 10.
    Goodrich, M.T., Sirivianos, M., Solis, J., Tsudik, G., Uzun, E.: Loud and clear: Human-verifiable authentication based on audio. In: ICDCS 2006. Proceedings of the 26th IEEE International Conference on Distributed Computing Systems (2006)Google Scholar
  11. 11.
    Hammer, R., Hochstein, S., Weinshall, D.: Category learning from equivalence constraints. In: XXVII Annual Conference of the Cognitive Science Society (CogSci 2005) (July 2005)Google Scholar
  12. 12.
    McCune, J.M., Perrig, A., Reiter, M.K.: Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication. In: 2005 IEEE Symposium on Security and Privacy, pp. 110–124 (2005)Google Scholar
  13. 13.
    Kostiainen, K., Uzun, E., Asokan, N., Ginzboorg, P.: Framework for comparative usability of distributed applications. Technical Report NRC-TR-2007-005, Nokia Research Center (2007)Google Scholar
  14. 14.
    Kuo, C., Perrig, A., Walker, J.: Designing an evaluation method for security user interfaces: Lessons from studying secure wireless network configuration. interactions 13(3), 28–31 (2006)CrossRefGoogle Scholar
  15. 15.
    Laur, S., Nyberg, K.: Efficient mutual data authentication using manually authenticated strings. In: Pointcheval, D., Mu, Y., Chen, K. (eds.) CANS 2006. LNCS, vol. 4301, pp. 90–107. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  16. 16.
    Miller, G.A.: The magical number seven, plus or minus two: Some limtis on our capacity for processing information. Psycological Review 63, 81–97 (1956)CrossRefGoogle Scholar
  17. 17.
    Saxena, N., Ekberg, J.-E., Kostiainen, K., Asokan, N.: Secure Device Pairing based on a Visual Channel. In: 2006 IEEE Symposium on Security and Privacy (2006)Google Scholar
  18. 18.
    Norman, D.A.: The Design of Everyday Things, Basic Books (September 2002)Google Scholar
  19. 19.
    Palmer, J.: Attentional limits on the perception and memory of visual information. Journal of Experimental Psychology: Human Perception and Performance 16(2), 332–350 (1990)Google Scholar
  20. 20.
    Suomalainen, J., Valkonen, J., Asokan, N.: Security associations in personal networks: A comparative analysis. Technical Report NRC-TR-2007-004, Nokia Research Center (2007)Google Scholar
  21. 21.
    Vaudenay, S.: Secure communications over insecure channels based on short authenticated strings. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 309–326. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Ersin Uzun
    • 1
    • 3
  • Kristiina Karvonen
    • 2
  • N. Asokan
    • 2
    • 3
  1. 1.University of CaliforniaIrvineUSA
  2. 2.Helsinki University of TechnologyHelsinkiFinland
  3. 3.Nokia Research CenterHelsinkiFinland

Personalised recommendations