Designing the user interface (2nd ed.): strategies for effective human-computer interaction
Designing the user interface (2nd ed.): strategies for effective human-computer interaction
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Service Advertisement and Discovery: Enabling Universal Device Cooperation
IEEE Internet Computing
The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks
Proceedings of the 7th International Workshop on Security Protocols
Secure verification of location claims
WiSe '03 Proceedings of the 2nd ACM workshop on Wireless security
Secure object identification: or: solving the Chess Grandmaster Problem
Proceedings of the 2003 workshop on New security paradigms
Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Secure Device Pairing based on a Visual Channel (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Loud and Clear: Human-Verifiable Authentication Based on Audio
ICDCS '06 Proceedings of the 26th IEEE International Conference on Distributed Computing Systems
Usability analysis of secure pairing methods
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Secure communications over insecure channels based on short authenticated strings
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Efficient mutual data authentication using manually authenticated strings
CANS'06 Proceedings of the 5th international conference on Cryptology and Network Security
Universal device pairing using an auxiliary device
Proceedings of the 4th symposium on Usable privacy and security
HAPADEP: Human-Assisted Pure Audio Device Pairing
ISC '08 Proceedings of the 11th international conference on Information Security
Automated Device Pairing for Asymmetric Pairing Scenarios
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Secure Pairing of "Interface-Constrained" Devices Resistant against Rushing User Behavior
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Authenticating ubiquitous services: a study of wireless hotspot access
Proceedings of the 11th international conference on Ubiquitous computing
A comparative study of secure device pairing methods
Pervasive and Mobile Computing
On the Usability of Secure Association of Wireless Devices Based on Distance Bounding
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Efficient device pairing using "Human-comparable" synchronized audiovisual patterns
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Groupthink: usability of secure group association for wireless devices
Proceedings of the 12th ACM international conference on Ubiquitous computing
Proceedings of the 17th ACM conference on Computer and communications security
Authenticated key agreement with key re-use in the short authenticated strings model
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Pairing devices for social interactions: a comparative usability evaluation
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Secure in-band wireless pairing
SEC'11 Proceedings of the 20th USENIX conference on Security
Go anywhere: user-verifiable authentication over distance-free channel for mobile devices
Personal and Ubiquitous Computing
Hi-index | 0.00 |
Wireless networking is widespread in public places such as cafes. Unsuspecting users may become victims of attacks based on "evil twin" access points. These rogue access points are operated by criminals in an attempt to launch man-in-the-middle attacks. We present a simple protection mechanism against binding to an evil twin. The mechanism leverages short authentication string protocols for the exchange of cryptographic keys. The short string verification is performed by encoding the short strings as a sequence of colors, rendered sequentially by the user's device and by the designated access point of the cafe. The access point must have a light capable of showing two colors and must be mounted prominently in a position where users can have confidence in its authenticity. We conducted a usability study with patrons in several cafes and participants found our mechanism very usable.