Universal one-way hash functions and their cryptographic applications
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Authentication and authenticated key exchanges
Designs, Codes and Cryptography
Towards the Equivalence of Breaking the Diffie-Hellman Protocol and Computing Discrete Algorithms
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Combining World Wide Web and Wireless Security
Proceedings of the IFIP TC11 WG11.4 First Annual Working Conference on Network Security: Advances in Network and Distributed Systems Security
Mobility helps security in ad hoc networks
Proceedings of the 4th ACM international symposium on Mobile ad hoc networking & computing
Foundations of SMS Commerce Success: Lessons from SMS Messaging and Co-Opetition
HICSS '03 Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 3 - Volume 3
Decentralized user authentication in a global file system
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
How to make secure email easier to use
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Hardening Web browsers against man-in-the-middle and eavesdropping attacks
WWW '05 Proceedings of the 14th international conference on World Wide Web
Proceedings of the 3rd international conference on Mobile systems, applications, and services
Audio Networking: The Forgotten Wireless Technology
IEEE Pervasive Computing
Exploiting Mobility for Key Establishment
WMCSA '06 Proceedings of the Seventh IEEE Workshop on Mobile Computing Systems & Applications
Peer-to-peer communication across network address translators
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Using the domain name system for system break-ins
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
Social disclosure of place: from location technology to communication practices
PERVASIVE'05 Proceedings of the Third international conference on Pervasive Computing
A Case (Study) For Usability in Secure Email Communication
IEEE Security and Privacy
Spontaneous mobile device authentication based on sensor data
Information Security Tech. Report
Proximity-based authentication of mobile devices
International Journal of Security and Networks
Virtual individual servers as privacy-preserving proxies for mobile devices
Proceedings of the 1st ACM workshop on Networking, systems, and applications for mobile handhelds
Shake well before use: authentication based on accelerometer data
PERVASIVE'07 Proceedings of the 5th international conference on Pervasive computing
Amigo: proximity-based authentication of mobile devices
UbiComp '07 Proceedings of the 9th international conference on Ubiquitous computing
Sybil attacks against mobile users: friends and foes to the rescue
INFOCOM'10 Proceedings of the 29th conference on Information communications
Usability classification for spontaneous device association
Personal and Ubiquitous Computing
Hi-index | 0.00 |
People increasingly depend on the digital world to communicate with one another, but such communication is rarely secure. Users typically have no common administrative control to provide mutual authentication, and sales of certified public keys to individuals have made few inroads. The only remaining mechanism is key exchange. Because they are not authenticated, users must verify the exchanged keys through some out-of-band mechanism. Unfortunately, users appear willing to accept any key at face value, leaving communication vulnerable. This paper describes LoKey, a system that leverages the Short Message Service (SMS) to verify keys on users' behalf. SMS messages are small, expensive, and slow, but they utilize a closed network, between devices—phones—that are nearly ubiquitous and authenticate with the network operator. Our evaluation shows LoKey can establish and verify a shared key in approximately 30 seconds, provided only that one correspondent knows the other's phone number. By verifying keys asynchronously, two example applications—an instant messaging client and a secure email service—can provide assurances of message privacy, integrity, and source authentication while requiring only that users know the phone number of their correspondent.