Smart-Its Friends: A Technique for Users to Easily Establish Connections between Smart Artefacts
UbiComp '01 Proceedings of the 3rd international conference on Ubiquitous Computing
The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks
Proceedings of the 7th International Workshop on Security Protocols
Moving Target Classification and Tracking from Real-time Video
WACV '98 Proceedings of the 4th IEEE Workshop on Applications of Computer Vision (WACV'98)
Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Shake them up!: a movement-based pairing protocol for CPU-constrained devices
Proceedings of the 3rd international conference on Mobile systems, applications, and services
Secure Device Pairing based on a Visual Channel (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Loud and Clear: Human-Verifiable Authentication Based on Audio
ICDCS '06 Proceedings of the 26th IEEE International Conference on Distributed Computing Systems
Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Shake Well Before Use: Intuitive and Secure Pairing of Mobile Devices
IEEE Transactions on Mobile Computing
SPATE: small-group PKI-less authenticated trust establishment
Proceedings of the 7th international conference on Mobile systems, applications, and services
Caveat eptor: A comparative study of secure device pairing methods
PERCOM '09 Proceedings of the 2009 IEEE International Conference on Pervasive Computing and Communications
ACM SIGCOMM Computer Communication Review
Usability analysis of secure pairing methods
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Authentication technologies for the blind or visually impaired
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
Proceedings of the 17th ACM conference on Computer and communications security
TouchLogger: inferring keystrokes on touch screen from smartphone motion
HotSec'11 Proceedings of the 6th USENIX conference on Hot topics in security
(sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers
Proceedings of the 18th ACM conference on Computer and communications security
Secure communications over insecure channels based on short authenticated strings
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Efficient mutual data authentication using manually authenticated strings
CANS'06 Proceedings of the 5th international conference on Cryptology and Network Security
Sonoba: on-the-spot information sharing
Proceedings of the 2013 conference on Computer supported cooperative work companion
SafeSlinger: easy-to-use and secure public-key exchange
Proceedings of the 19th annual international conference on Mobile computing & networking
Hi-index | 0.00 |
As the capabilities of smartphones increase, users are beginning to rely on these mobile and ubiquitous platforms to perform more tasks. In addition to traditional computing tasks, people are beginning to use smartphones to interact with people they meet. Often this interaction begins with an exchange, e.g., of cryptographic keys. Hence, a number of protocols have been developed to facilitate this exchange. Unfortunately, those protocols that provide strong security guarantees often suffer from usability problems, and easy-to-use protocols may lack the desired security guarantees. In this work, we highlight the danger of relying on usable-but-perhaps-not-secure protocols by demonstrating an easy-to-carry-out man-in-the-middle attack against Bump, the most popular exchange protocol for smartphones. We then present Shake on It (Shot), a new exchange protocol that is both usable and provides strong security properties. In Shot, the phones use vibrators and accelerometers to exchange information in a fashion that demonstratively identifies to the users that the two phones in physical contact are communicating. The vibrated information allows the phones to authenticate subsequent messages, which are exchanged using a server. Our implementation of Shot on DROID smartphones demonstrates that Shot can provide a secure exchange with a similar level of execution time and user effort as Bump.