Simple and effective defense against evil twin access points

Authors:
Volker Roth;Wolfgang Polak;Eleanor Rieffel;Thea Turner
Affiliations:
FX Palo Alto Laboratory, Palo Alto, CA;FX Palo Alto Laboratory, Palo Alto, CA;FX Palo Alto Laboratory, Palo Alto, CA;FX Palo Alto Laboratory, Palo Alto, CA
Venue:
WiSec '08 Proceedings of the first ACM conference on Wireless network security
Year:
2008

Citing 13
Cited 14

Designing the user interface (2nd ed.): strategies for effective human-computer interaction

Designing the user interface (2nd ed.): strategies for effective human-computer interaction
Distance-bounding protocols

EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Service Advertisement and Discovery: Enabling Universal Device Cooperation

IEEE Internet Computing
The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks

Proceedings of the 7th International Workshop on Security Protocols
Secure verification of location claims

WiSe '03 Proceedings of the 2nd ACM workshop on Wireless security
Secure object identification: or: solving the Chess Grandmaster Problem

Proceedings of the 2003 workshop on New security paradigms
Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Secure Device Pairing based on a Visual Channel (Short Paper)

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Loud and Clear: Human-Verifiable Authentication Based on Audio

ICDCS '06 Proceedings of the 26th IEEE International Conference on Distributed Computing Systems
Usability analysis of secure pairing methods

FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Low-cost manufacturing, usability, and security: an analysis of bluetooth simple pairing and Wi-Fi protected setup

FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Secure communications over insecure channels based on short authenticated strings

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Efficient mutual data authentication using manually authenticated strings

CANS'06 Proceedings of the 5th international conference on Cryptology and Network Security

Universal device pairing using an auxiliary device

Proceedings of the 4th symposium on Usable privacy and security
HAPADEP: Human-Assisted Pure Audio Device Pairing

ISC '08 Proceedings of the 11th international conference on Information Security
Automated Device Pairing for Asymmetric Pairing Scenarios

ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Secure Pairing of "Interface-Constrained" Devices Resistant against Rushing User Behavior

ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Authenticating ubiquitous services: a study of wireless hotspot access

Proceedings of the 11th international conference on Ubiquitous computing
A comparative study of secure device pairing methods

Pervasive and Mobile Computing
On the Usability of Secure Association of Wireless Devices Based on Distance Bounding

CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Efficient device pairing using "Human-comparable" synchronized audiovisual patterns

ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Groupthink: usability of secure group association for wireless devices

Proceedings of the 12th ACM international conference on Ubiquitous computing
On pairing constrained wireless devices based on secrecy of auxiliary channels: the case of acoustic eavesdropping

Proceedings of the 17th ACM conference on Computer and communications security
Authenticated key agreement with key re-use in the short authenticated strings model

SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Pairing devices for social interactions: a comparative usability evaluation

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Secure in-band wireless pairing

SEC'11 Proceedings of the 20th USENIX conference on Security
Go anywhere: user-verifiable authentication over distance-free channel for mobile devices

Personal and Ubiquitous Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Wireless networking is widespread in public places such as cafes. Unsuspecting users may become victims of attacks based on "evil twin" access points. These rogue access points are operated by criminals in an attempt to launch man-in-the-middle attacks. We present a simple protection mechanism against binding to an evil twin. The mechanism leverages short authentication string protocols for the exchange of cryptographic keys. The short string verification is performed by encoding the short strings as a sequence of colors, rendered sequentially by the user's device and by the designated access point of the cafe. The access point must have a light capable of showing two colors and must be mounted prominently in a position where users can have confidence in its authenticity. We conducted a usability study with patrons in several cafes and participants found our mechanism very usable.