Skip to main content
SpringerLink
Log in

LoKey: Leveraging the SMS Network in Decentralized, End-to-End Trust Establishment

  • Conference paper
Pervasive Computing (Pervasive 2006)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3968))

Included in the following conference series:

Abstract

People increasingly depend on the digital world to communicate with one another, but such communication is rarely secure. Users typically have no common administrative control to provide mutual authentication, and sales of certified public keys to individuals have made few inroads. The only remaining mechanism is key exchange. Because they are not authenticated, users must verify the exchanged keys through some out-of-band mechanism. Unfortunately, users appear willing to accept any key at face value, leaving communication vulnerable. This paper describes LoKey, a system that leverages the Short Message Service (SMS) to verify keys on users’ behalf. SMS messages are small, expensive, and slow, but they utilize a closed network, between devices—phones—that are nearly ubiquitous and authenticate with the network operator. Our evaluation shows LoKey can establish and verify a shared key in approximately 30 seconds, provided only that one correspondent knows the other’s phone number. By verifying keys asynchronously, two example applications—an instant messaging client and a secure email service—can provide assurances of message privacy, integrity, and source authentication while requiring only that users know the phone number of their correspondent.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. CCITT, Draft Recommendation X.509: The Directory-Authentication Framework. Consultation Committee, International Telecommunications Union, Geneva (1989)

    Google Scholar 

  2. Freier, A., Karlton, P., Kocher, P.: Secure Socket Layer 3.0. Internet Draft (1996)

    Google Scholar 

  3. Warner, B.: Billions of “phishing” scam emails sent monthly. Reuters News Service (2004)

    Google Scholar 

  4. Bellovin, S.M.: Using the Domain Name System for system break-ins. In: Proceedings of the 5th USENIX Security Symposium (1995)

    Google Scholar 

  5. Xia, H., Brustoloni, J.C.: Hardening web browsers against man-in-the-middle and eavesdropping attacks. In: Proceedings of the 14th International World Wide Web Conference, WWW 2005 (2005)

    Google Scholar 

  6. Neuman, B., Ts’o, T.: Kerberos: An authentication service for computer networks. IEEE Communications Magazine 32, 33–38 (1994)

    Article  Google Scholar 

  7. Whitten, A., Tygar, J.D.: Why Johnny can’t encrypt: A usability evaluation of PGP 5.0. In: Proceedings of the 8th USENIX Security Symposium (1999)

    Google Scholar 

  8. Dohrmann, S., Ellison, C.: Public-key Support for Collaborative Groups. In: Proceedings of the First Annual PKI Research Workshop (2002)

    Google Scholar 

  9. Garfinkel, S., Margrave, D., Schiller, J., Nordlander, E., Miller, R.: How to make secure email easier to use. In: Proceedings of the Conference on Human Factors in Computing Systems, CHI (2005)

    Google Scholar 

  10. Perrig, A., Song, D.: Hash Visualization: A New Technique to Improve Real-World Security. In: Proceedings of the International Workshop on Cryptographic Techniques and E-Commerce, CryptEC (1999)

    Google Scholar 

  11. Peersman, C., Cvetkovic, S.: The global system for mobile communications: Short Message Service. IEEE Personal Communications 7, 15–23 (2000)

    Article  Google Scholar 

  12. Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory 6, 644–654 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  13. Maurer, U.M.: Towards the Equivalence of Breaking the Diffie-Hellman Protocol and Computing Discrete Logarithms. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 271–281. Springer, Heidelberg (1994)

    Google Scholar 

  14. Diffie, W., Oorschot, P., Wiener, M.: Authentication and Authenticated Key Exchanges. Designs, Codes, and Cryptography 2, 107–125 (1992)

    Article  MathSciNet  Google Scholar 

  15. Kaminsky, M., Savvides, G., Mazieres, D., Kaashoek, M.: Decentralized User Authentication in a Global File System. In: Proceedings of the 19th ACM Symposium on Operating Systems Principles (2003)

    Google Scholar 

  16. Burkholder, P.: SSL Man-in-the-middle Attacks. The SANS Institute (2002)

    Google Scholar 

  17. Xu, H., Teo, H., Wang, H.: Foundations of SMS Commerce Success: Lessions from SMS Messaging and Co-opetition. In: Proceedings of the 36th Hawaii International Conference on System Sciences, HICSS (2003)

    Google Scholar 

  18. Naor, M., Yung, M.: Universal one-way hash functions and their crytographic applications. In: Proceedings of the 21st ACM Symposium on the Theory of Computing, STOC 1989 (1989)

    Google Scholar 

  19. National Institute of Standards and Technology (NIST): Secure Hash Standard (SHS). National Technical Information Service (2002)

    Google Scholar 

  20. Bluetooth SIG: Specification of the Bluetooth System (2005), http://www.bluetooth.org/spec/

  21. Shaked, Y., Wool, A.: Cracking the Bluetooth PIN. In: Proceedings of the Third International Conference on Mobile Systems, Applications, and Services, MobiSys 2005 (2005)

    Google Scholar 

  22. Anderson, R.: Security Engineering. Wiley, Chichester (2001)

    Google Scholar 

  23. Nicholson, A.J., Han, J., Watson, D., Noble, B.D.: Exploiting Mobility for Key Establishment. In: Proceedings of the Seventh IEEE Workshop on Mobile Computing Systems and Applications, WMCSA 2006 (2006)

    Google Scholar 

  24. Smith, I., Consolvo, S., LaMarca, A., Hightower, J., Scott, J., Sohn, T., Hughes, J., Iachello, G., Abowd, G.D.: Social disclosure of place: From location technology to communication practices. In: Gellersen, H.-W., Want, R., Schmidt, A. (eds.) PERVASIVE 2005. LNCS, vol. 3468, pp. 134–151. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  25. Biggadike, A., Ferullo, D., Wilson, G., Perrig, A.: NATBLASTER: Establishing TCP Connections Between Hosts Behind NATs. In: Proceedings of the SIGCOMM Asia Workshop (2005)

    Google Scholar 

  26. Ford, B., Srisuresh, P., Kegel, D.: Peer-to-Peer Communication Across Network Address Translators. In: Proceedings of the USENIX Annual Technical Conference (2005)

    Google Scholar 

  27. Daemen, J., Rijmen, V.: AES Proposal: Rijndael. NIST (2000)

    Google Scholar 

  28. Fischer, K.: Bluetooth Wireless Technology. In: Proceedings of the IEEE EMC Wireless Workshop (2000)

    Google Scholar 

  29. Thompson, K.: A Security Review of the ASB Bank Netcode Authentication System (2004), http://www.crypt.gen.nz/papers/asb_netcode.html

  30. Claessens, J., Preneel, B., Vandewalle, J.: Combining World Wide Web and Wireless Security. In: Proceedings of IFIP Network Security (2001)

    Google Scholar 

  31. Maher, D.: Secure communication method and apparatus. U.S. Patent Number 5,450,493 (1995)

    Google Scholar 

  32. Gehrmann, C., Mitchell, C., Nyberg, K.: Manual Authentication for Wireless Devices. RSA Cryptobytes 7 (2004)

    Google Scholar 

  33. Hoepman, J.H.: The Ephemeral Pairing Problem. In: Proceedings of the 8th International Conference on Financial Cryptography (2004)

    Google Scholar 

  34. Madhavapeddy, A., Sharp, R., Scott, D., Tse, A.: Audio Networking: The Forgotten Wireless Technology. IEEE Pervasive Computing 4 (2005)

    Google Scholar 

  35. Stajano, F., Anderson, R.: The Resurrecting Duckling. In: Proceedings of the 7th International Workshop on Security Protocols (1999)

    Google Scholar 

  36. Balfanz, D., Smetters, D., Stewart, P., Wong, H.C.: Talking to Strangers: Authentication in Ad-Hoc Wireless Networks. In: Proceedings of the Network and Distributed System Security Symposium (NDSS 2002), San Diego, California, USA (2002)

    Google Scholar 

  37. Capkun, S., Hubaux, J.P., Buttyan, L.: Mobility Helps Security in Ad Hoc Networks. In: Proceedings of the Fourth ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc 2003), Annapolis, Maryland, USA (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Michigan, USA

    Anthony J. Nicholson & Brian D. Noble

  2. Intel Research, Seattle, USA

    Ian E. Smith

  3. University of Washington, USA

    Jeff Hughes

Authors
  1. Anthony J. Nicholson
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ian E. Smith
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jeff Hughes
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Brian D. Noble
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Google, Inc., 720 4th Ave. #400, 98033, Kirkland, WA, USA

    Kenneth P. Fishkin

  2. Computer Science Department, TU Darmstadt, Germany

    Bernt Schiele

  3. System Research Group, School of Computer Science and Informatics, UCD, Dublin, Ireland

    Paddy Nixon

  4. Imaging, Visualisation & Graphics Lab, Systems Research Group, School of Computer Science & Informatics, University College Dublin, Dublin 4, Ireland

    Aaron Quigley

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Nicholson, A.J., Smith, I.E., Hughes, J., Noble, B.D. (2006). LoKey: Leveraging the SMS Network in Decentralized, End-to-End Trust Establishment. In: Fishkin, K.P., Schiele, B., Nixon, P., Quigley, A. (eds) Pervasive Computing. Pervasive 2006. Lecture Notes in Computer Science, vol 3968. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11748625_13

Download citation

  • DOI: https://doi.org/10.1007/11748625_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-33894-9

  • Online ISBN: 978-3-540-33895-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation