HAPADEP: Human-Assisted Pure Audio Device Pairing

Authors:
Claudio Soriente;Gene Tsudik;Ersin Uzun
Affiliations:
Computer Science Department, University of California, Irvine,;Computer Science Department, University of California, Irvine,;Computer Science Department, University of California, Irvine,
Venue:
ISC '08 Proceedings of the 11th international conference on Information Security
Year:
2008

Citing 13
Cited 15

Smart-Its Friends: A Technique for Users to Easily Establish Connections between Smart Artefacts

UbiComp '01 Proceedings of the 3rd international conference on Ubiquitous Computing
The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks

Proceedings of the 7th International Workshop on Security Protocols
Public-key support for group collaboration

ACM Transactions on Information and System Security (TISSEC)
Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Secure Device Pairing based on a Visual Channel (Short Paper)

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Loud and Clear: Human-Verifiable Authentication Based on Audio

ICDCS '06 Proceedings of the 26th IEEE International Conference on Distributed Computing Systems
Simple and effective defense against evil twin access points

WiSec '08 Proceedings of the first ACM conference on Wireless network security
Acoustic Modems for Ubiquitous Computing

IEEE Pervasive Computing
Shake well before use: authentication based on accelerometer data

PERVASIVE'07 Proceedings of the 5th international conference on Pervasive computing
Usability analysis of secure pairing methods

FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Efficient device pairing using "Human-comparable" synchronized audiovisual patterns

ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
SAS-Based authenticated key agreement

PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Efficient mutual data authentication using manually authenticated strings

CANS'06 Proceedings of the 5th international conference on Cryptology and Network Security

Secure Pairing of "Interface-Constrained" Devices Resistant against Rushing User Behavior

ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Blink 'Em All: Scalable, User-Friendly and Secure Initialization of Wireless Sensor Nodes

CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
On the Usability of Secure Association of Wireless Devices Based on Distance Bounding

CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Groupthink: usability of secure group association for wireless devices

Proceedings of the 12th ACM international conference on Ubiquitous computing
Pairing devices for social interactions: a comparative usability evaluation

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Secure negotiation for manual authentication protocols

CMS'11 Proceedings of the 12th IFIP TC 6/TC 11 international conference on Communications and multimedia security
Trust extension as a mechanism for secure code execution on commodity computers

Trust extension as a mechanism for secure code execution on commodity computers
Body sensor network key distribution using human interactive channels

Proceedings of the 4th International Symposium on Applied Sciences in Biomedical and Communication Technologies
Fast track article: Looking ahead in pervasive computing: Challenges and opportunities in the era of cyber-physical convergence

Pervasive and Mobile Computing
Fast track article: Looking ahead in pervasive computing: Challenges and opportunities in the era of cyber-physical convergence

Pervasive and Mobile Computing
Usability classification for spontaneous device association

Personal and Ubiquitous Computing
SHAKE: Single HAsh key establishment for resource constrained devices

Ad Hoc Networks
Data-minimizing authentication goes mobile

CMS'12 Proceedings of the 13th IFIP TC 6/TC 11 international conference on Communications and Multimedia Security
MultiNet: reducing interaction overhead in domestic wireless networks

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
User-aided reader revocation in PKI-based RFID systems

Journal of Computer Security - ESORICS 2010

Quantified Score

Hi-index	0.00

Visualization

Abstract

The number and diversity of personal electronic gadgets have been steadily increasing but there has been fairly little progress in secure pairing of such devices. The pairing challenge revolves around establishing on-the-fly secure communication without any trusted (on- or off-line) third parties between devices that have no prior association. One basic approach to counter Man-in-the-Middle (MiTM) attacks in such setting is to involve the user in the pairing process. Previous research yielded some interesting secure pairing techniques, some of which ask too much of the human user, while others assume availability of specialized equipment (e.g., wires, photo or video cameras) on personal devices. Furthermore, all prior methods assumed an established insecure channel over a common digital (human-imperceptible) communication medium, such as infrared, 802.11 or Bluetooth.In this paper we introduce a very simple technique called HAPADEP (Human-Assisted Pure Audio Device Pairing). HAPADEP uses the audio channel to exchange both data and verification information among devices without requiring any other means of common electronic communication. Despite its simplicity, a number of interesting issues arise in the design of HAPADEP. We discuss design and implementation highlights as well as usability features and limitations.