Security Associations in Personal Networks: A Comparative Analysis

  • Jani Suomalainen
  • Jukka Valkonen
  • N. Asokan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4572)


Introducing a new device to a network or to another device is one of the most security critical phases of communication in personal networks. There have been several different proposals to make this process of associating devices both easy-to-use and secure. Some of them have been adapted by emerging standard specifications. In this paper, we first present a taxonomy of protocols for creating security associations in personal networks. We then make use of this taxonomy in surveying and comparing association models proposed in several emerging standards. We also identify new potential attack scenarios.


Personal networks security association survey 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Balfanz, D. et al.: Talking to strangers: authentication in ad-hoc wireless networks. In: Proceedings of the Network and Distributed System Security Symposium (2002)Google Scholar
  2. 2.
    Barker, E. et al.: Recommendation for key management - part 1: General (revised), (2006),
  3. 3.
    Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: Steven, M. (ed.) Proceedings of the 1992 IEEE Symposium on Security and Privacy, pp. 72–84 (1992)Google Scholar
  4. 4.
    Diffie, W., Hellman, M.E.: New Directions In Cryptography. IEEE Transactions on Information Theory IT-22, 644–654 (1976)CrossRefMathSciNetGoogle Scholar
  5. 5.
    Gehrmann, C. et al.: Manual authentication for wireless devices. RSA CryptoBytes (2004)Google Scholar
  6. 6.
    Kivinen, T., Kojo, M.: RFC3526: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE) (May 2003),
  7. 7.
    Laur, S. et al.: Efficient Mutual Data Authentication Using Manually Authenticated Strings. Cryptology ePrint Archive, Report 2005/424 (2005)Google Scholar
  8. 8.
    Laur, S., Nyberg, K.: Efficient mutual data authentication using manually authenticated strings. In: Proceedings of the 5th International Conference on Cryptology and Network Security, pp. 90–107 (2006)Google Scholar
  9. 9.
    Newman, R., et al.: Protecting domestic power-line communications. In: Proc. of The Second Symposium on Usable Privacy and Security, pp. 122–132 (2006)Google Scholar
  10. 10.
    NIST: National Institute of Standards and Technology. Digital Signature Standard (DSS). U.S. Department of Commerce (January 2000)Google Scholar
  11. 11.
    Pasini, S., Vaudenay, S.: SAS-based Authenticated Key Agreement. In: Proceedings of The 9th International Workshop on Theory and Practice in Public Key Cryptography, pp. 395–409 (2006)Google Scholar
  12. 12.
    Saxena, N., et al.: Secure device pairing based on a visual channel (short paper). In: Proc. of the 2006 IEEE Symposium on Security and Privacy, pp. 306–313 (2006)Google Scholar
  13. 13.
    Simple Pairing Whitepaper. Bluetooth Special Interest Group (2006),
  14. 14.
    Suomalainen, J. et al.: Security associations in personal networks: A comparative analysis. Technical Report NRC-TR-2007-004, Nokia Research Center (2007),
  15. 15.
    Vaudenay, S.: Secure communications over insecure channels based on short authenticated strings. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 309–326. Springer, Heidelberg (2005)Google Scholar
  16. 16.
    Čagalj, M., Čapkun, S., Hubaux, J.-P.: Key agreement in peer-to-peer wireless networks. In: Proceedings of the IEEE (Special Issue on Cryptography and Security), pp. 467–478 (2006)Google Scholar
  17. 17.
    Wi-Fi Alliance. Wi-Fi Protected Setup Specification. Wi-Fi Alliance Document (January 2007)Google Scholar
  18. 18.
    Wireless USB Specification. Association Models Supplement. Revision 1.0. USB Implementers Forum (2006),

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Jani Suomalainen
    • 1
  • Jukka Valkonen
    • 2
    • 3
  • N. Asokan
    • 2
    • 3
  1. 1.VTT Technical Research Centre ofFinland
  2. 2.Helsinki University of Technology 
  3. 3.Nokia Research Center 

Personalised recommendations