Measuring usability: are effectiveness, efficiency, and satisfaction really correlated?
Proceedings of the SIGCHI conference on Human Factors in Computing Systems
Security Weaknesses in Bluetooth
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Smart-Its Friends: A Technique for Users to Easily Establish Connections between Smart Artefacts
UbiComp '01 Proceedings of the 3rd international conference on Ubiquitous Computing
The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks
Proceedings of the 7th International Workshop on Security Protocols
Public-key support for group collaboration
ACM Transactions on Information and System Security (TISSEC)
Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Secure Device Pairing based on a Visual Channel (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Loud and Clear: Human-Verifiable Authentication Based on Audio
ICDCS '06 Proceedings of the 26th IEEE International Conference on Distributed Computing Systems
A Human-Verifiable Authentication Protocol Using Visible Laser Light
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Network-in-a-box: how to set up a secure wireless network in under a minute
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Simple and effective defense against evil twin access points
WiSec '08 Proceedings of the first ACM conference on Wireless network security
Using audio in secure device pairing
International Journal of Security and Networks
Caveat eptor: A comparative study of secure device pairing methods
PERCOM '09 Proceedings of the 2009 IEEE International Conference on Pervasive Computing and Communications
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Shake well before use: authentication based on accelerometer data
PERVASIVE'07 Proceedings of the 5th international conference on Pervasive computing
Security associations in personal networks: a comparative analysis
ESAS'07 Proceedings of the 4th European conference on Security and privacy in ad-hoc and sensor networks
Usability analysis of secure pairing methods
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Efficient device pairing using "Human-comparable" synchronized audiovisual patterns
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Secure communications over insecure channels based on short authenticated strings
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
SAS-Based authenticated key agreement
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Efficient mutual data authentication using manually authenticated strings
CANS'06 Proceedings of the 5th international conference on Cryptology and Network Security
Influence of user perception, security needs, and social factors on device pairing method choices
Proceedings of the Sixth Symposium on Usable Privacy and Security
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
A concept for a first communication initiation for ambient intelligent industrial environments
AmI'10 Proceedings of the First international joint conference on Ambient intelligence
inTUIt: simple identification on tangible user interfaces
Proceedings of the fifth international conference on Tangible, embedded, and embodied interaction
RhythmLink: securely pairing I/O-constrained devices by tapping
Proceedings of the 24th annual ACM symposium on User interface software and technology
ICDCIT'12 Proceedings of the 8th international conference on Distributed Computing and Internet Technology
Privacy in mobile technology for personal healthcare
ACM Computing Surveys (CSUR)
SAPHE: simple accelerometer based wireless pairing with heuristic trees
Proceedings of the 10th International Conference on Advances in Mobile Computing & Multimedia
How groups of users associate wireless devices
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Towards a secure human-and-computer mutual authentication protocol
AISC '12 Proceedings of the Tenth Australasian Information Security Conference - Volume 125
| Hi-index | 0.00 |
''Secure Device Pairing'' or ''Secure First Connect'' is the process of bootstrapping a secure channel between two previously unassociated devices over some (usually wireless) human-imperceptible communication channel. Absence of prior security context and common trust infrastructure open the door for the so-called Man-in-the-Middle and Evil Twin attacks. Mitigation of these attacks requires some level of user involvement in the device pairing process. Prior research yielded a number of technically sound methods relying on various auxiliary human-perceptible out-of-band channels, e.g., visual, acoustic and tactile. Such methods engage the user in authenticating information exchanged over the human-imperceptible channel, thus defending against MiTM attacks and forming the basis for secure pairing. This paper reports on a comprehensive and comparative evaluation of notable secure device pairing methods. This evaluation was obtained via a thorough analysis of these methods, in terms of both security and usability. The results help us identify methods best-suited for specific combinations of devices and human abilities. This work is an important step in understanding usability in one of the rare settings where a very wide range of users (not just specialists) are confronted with modern security technology.