CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Measuring usability: preference vs. performance
Communications of the ACM
IBM computer usability satisfaction questionnaires: psychometric evaluation and instructions for use
International Journal of Human-Computer Interaction
Pretty good persuasion: a first step towards effective password security in the real world
Proceedings of the 2001 workshop on New security paradigms
Security Weaknesses in Bluetooth
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
A method to standardize usability metrics into a single score
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Secure Device Pairing based on a Visual Channel (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Loud and Clear: Human-Verifiable Authentication Based on Audio
ICDCS '06 Proceedings of the 26th IEEE International Conference on Distributed Computing Systems
Pictures at the ATM: exploring the usability of multiple graphical passwords
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Authenticating ad hoc networks by comparison of short digests
Information and Computation
Serial hook-ups: a comparative usability study of secure device pairing methods
Proceedings of the 5th Symposium on Usable Privacy and Security
Usability analysis of secure pairing methods
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Secure communications over insecure channels based on short authenticated strings
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Serial hook-ups: a comparative usability study of secure device pairing methods
Proceedings of the 5th Symposium on Usable Privacy and Security
On the Usability of Secure Association of Wireless Devices Based on Distance Bounding
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Two heads are better than one: security and usability of device associations in group scenarios
Proceedings of the Sixth Symposium on Usable Privacy and Security
Influence of user perception, security needs, and social factors on device pairing method choices
Proceedings of the Sixth Symposium on Usable Privacy and Security
Groupthink: usability of secure group association for wireless devices
Proceedings of the 12th ACM international conference on Ubiquitous computing
How users associate wireless devices
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Pairing devices for social interactions: a comparative usability evaluation
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Mobile electronic identity: securing payment on mobile phones
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
Usability of display-equipped RFID tags for security purposes
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Using mobile device screens for authentication
Proceedings of the 23rd Australian Computer-Human Interaction Conference
An amulet for trustworthy wearable mHealth
Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications
Secure and usable out-of-band channels for ad hoc mobile device interactions
WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices
Analyzing the Secure Simple Pairing in Bluetooth v4.0
Wireless Personal Communications: An International Journal
Using a 2DST waveguide for usable, physically constrained out-of-band Wi-Fi authentication
Proceedings of the 2013 ACM international joint conference on Pervasive and ubiquitous computing
Reverse Authentication in Financial Transactions and Identity Management
Mobile Networks and Applications
Can Jannie verify? Usability of display-equipped RFID tags for security purposes
Journal of Computer Security - Research in Computer Security and Privacy: Emerging Trends
Hi-index | 0.00 |
Initiating and bootstrapping secure, yet low-cost, ad-hoc transactions is an important challenge that needs to be overcome if the promise of mobile and pervasive computing is to be fulfilled. For example, mobile payment applications would benefit from the ability to pair devices securely without resorting to conventional mechanisms such as shared secrets, a Public Key Infrastructure (PKI), or trusted third parties. A number of methods have been proposed for doing this based on the use of a secondary out-of-band (OOB) channel that either authenticates information passed over the normal communication channel or otherwise establishes an authenticated shared secret which can be used for subsequent secure communication. A key element of the success of these methods is dependent on the performance and effectiveness of the OOB channel, which usually depends on people performing certain critical tasks correctly. In this paper, we present the results of a comparative usability study on methods that propose using humans to implement the OOB channel and argue that most of these proposals fail to take into account factors that may seriously harm the security and usability of a protocol. Our work builds on previous research in the usability of pairing methods and the accompanying recommendations for designing user interfaces that minimise human mistakes. Our findings show that the traditional methods of comparing and typing short strings into mobile devices are still preferable despite claims that new methods are more usable and secure, and that user interface design alone is not sufficient in mitigating human mistakes in OOB channels.