Secure Pairing of “Interface-Constrained” Devices Resistant against Rushing User Behavior

  • Nitesh Saxena
  • Md. Borhan Uddin
Conference paper

DOI: 10.1007/978-3-642-01957-9_3

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5536)
Cite this paper as:
Saxena N., Uddin M.B. (2009) Secure Pairing of “Interface-Constrained” Devices Resistant against Rushing User Behavior. In: Abdalla M., Pointcheval D., Fouque PA., Vergnaud D. (eds) Applied Cryptography and Network Security. ACNS 2009. Lecture Notes in Computer Science, vol 5536. Springer, Berlin, Heidelberg

Abstract

“Secure Device Pairing” is the process of bootstrapping secure communication between two devices over a short- or medium-range wireless channel (such as Bluetooth, WiFi). The devices in such a scenario can neither be assumed to have a prior context with each other nor do they share a common trusted authority. Fortunately, the devices can generally be connected using auxiliary physical channel(s) (such as audio, visual, tactile) that can be authenticated by the device user(s), thus forming the basis for pairing. However, lack of good quality output interfaces (e.g, a speaker, display) and/or receivers (e.g., microphone, camera) on certain devices makes pairing a very challenging problem in practice.

We consider the problem of “rushing user” behavior in device pairing. A rushing user is defined as a user who in a rush to connect her devices, would skip through the pairing process, if possible. Most prior pairing methods, in which the user decides the final outcome of pairing, are vulnerable to rushing user behavior – the user can simply “accept” the pairing, without having to correctly take part in the decision process. In this paper, we concentrate on most common pairing scenarios (such as pairing of a WiFi laptop and an access point), whereby one device (access point) is constrained in terms output interfaces, while the other (laptop) has a decent quality output interface but no receiver. We present the design and usability analysis of two novel pairing methods, which are resistant to a rushing user and require only minimal device interfaces on the constrained device. One of the most appealing applications of our proposal is in defending against common threat of “Evil Twin” attacks in public places (e.g, cyber-cafes, airport lounges).

Keywords

Device Pairing Authentication Usability Security Evil Twin Attacks Wireless Communication 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Nitesh Saxena
    • 1
  • Md. Borhan Uddin
    • 1
  1. 1.Computer Science and EngineeringPolytechnic Institute of New York University 

Personalised recommendations