GAnGS: gather, authenticate 'n group securely
Proceedings of the 14th ACM international conference on Mobile computing and networking
SPATE: small-group PKI-less authenticated trust establishment
Proceedings of the 7th international conference on Mobile systems, applications, and services
OTO: online trust oracle for user-centric trust establishment
Proceedings of the 2012 ACM conference on Computer and communications security
| Hi-index | 0.00 |
Handling human error is one of the most difficult challenges in computer security. This thesis work enhances the security of communication mechanisms by minimizing the incidence and impact of end user errors. The first part of this thesis examines the challenges in securing communication when two or more parties are physically present. We rely on physical presence to establish a secure channel: users physically manipulate their devices in such a way that they are certain which devices are communicating. This enables user-friendly, secure key distribution over wireless channels. Secure key distribution is the foundation for secure communication; without it, future communications cannot be presumed secure. Key distribution systems are presented for a disparate set of use cases. First, Message-In-a-Bottle combines cryptography with a Faraday cage to secure key distribution to one or more wireless sensor nodes. Second, a configuration interface for wireless network configuration asks users to answer high-level, goal-based questions. These questions help users develop a security policy for their wireless network, and the interface implements the policy. Third, Gather, Authenticate 'n Group Securely enables large groups of users to exchange public keys (or establish a group key) with minimal assumptions about users' behavior. The second part of this thesis considers the authentication problem: how can two parties who have never met be certain that they are communicating with their intended party? On the Internet, communicating parties are often located in different geographical areas. Websites authenticate users using information such as passwords or IP addresses. However, end users rarely verify websites' credentials. Thus, online communication is vulnerable to error: end users may mistake an imposter website for a legitimate website. We present the design of Firefox Phishing Protection, a warning system that prevents users from accessing fraudulent websites. This thesis demonstrates that the design of usable, secure communication systems is context dependent. Context determines the requirements for secure communication systems, and communication occurs in diverse settings. Despite this variability, we draw some generalizations to aid the design of future technologies. Applied judiciously, these guidelines can help communication systems maintain their security properties—even if end users err.