Abstract
Setting up security associations between end-user devices is a challenging task when it needs to be done by ordinary users. The increasing popularity of powerful personal electronics with wireless communication abilities has made the problem more urgent than ever before. During the last few years, several solutions have appeared in the research literature. Several standardization bodies have also been working on improved setup procedures. All these protocols provide certain level of security, but several new questions arise, such as ”how to implement this protocol so that it is easy to use?” and ”is it still secure when used by a non-technical person?” In this paper, we attempt to answer these questions by carrying out a comparative usability evaluation of selected methods to derive some insights into the usability and security of these methods as well as strategies for implementing them.
The full version of this paper appears as Nokia Research Center technical report NRC-TR-2007-002.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-3-540-77366-5_37
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Near field communications forum (2004), www.nfc-forum.org/
Bluetooth special interest group: simple pairing whitepaper (2006), http://www.bluetooth.com/Bluetooth/Apply/Technology/Research/Simple_Pairing.htm
Windows connect now-ufd and windows vista specification (2006), http://www.microsoft.com/whdc/Rally/WCN-UFDVistaspec.mspx
Wireless usb specification: Association models supplement. revision 1.0. USB Implementers Forum (2006), http://www.usb.org/developers/wusb/
Wi-fi protected setup specification (January 2007), http://www.wi-fi.org/published_specifications.php
Balfanz, D., Durfee, G., Grinter, R.E., Smetters, D.K., Stewart, P.: Network-in-a-box: how to set up a secure wireless network in under a minute. In: SSYM 2004. Proceedings of the 13th conference on USENIX Security Symposium, Berkeley, CA, USA, pp. 207–222. USENIX Association (2004)
Cagalj, M., Capkun, S., Hubaux, J.: Key agreement in peer-to-peer wireless networks. In: Proceedings of the IEEE (Special Issue on Cryptography and Security) (2006)
Balfanz, D., Smetters, D.K., Stewart, P., Chi Wong, H.: Talking to strangers: Authentication in ad-hoc wireless networks. In: Symposium on Network and Distributed Systems Security (NDSS 2002) (February 2002)
Gehrmann, C., Mitchell, C., Nyberg, K.: Manual authentication for wireless devices. RSA Cryptobytes 7(1), 2937 (2004)
Goodrich, M.T., Sirivianos, M., Solis, J., Tsudik, G., Uzun, E.: Loud and clear: Human-verifiable authentication based on audio. In: ICDCS 2006. Proceedings of the 26th IEEE International Conference on Distributed Computing Systems (2006)
Hammer, R., Hochstein, S., Weinshall, D.: Category learning from equivalence constraints. In: XXVII Annual Conference of the Cognitive Science Society (CogSci 2005) (July 2005)
McCune, J.M., Perrig, A., Reiter, M.K.: Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication. In: 2005 IEEE Symposium on Security and Privacy, pp. 110–124 (2005)
Kostiainen, K., Uzun, E., Asokan, N., Ginzboorg, P.: Framework for comparative usability of distributed applications. Technical Report NRC-TR-2007-005, Nokia Research Center (2007)
Kuo, C., Perrig, A., Walker, J.: Designing an evaluation method for security user interfaces: Lessons from studying secure wireless network configuration. interactions 13(3), 28–31 (2006)
Laur, S., Nyberg, K.: Efficient mutual data authentication using manually authenticated strings. In: Pointcheval, D., Mu, Y., Chen, K. (eds.) CANS 2006. LNCS, vol. 4301, pp. 90–107. Springer, Heidelberg (2006)
Miller, G.A.: The magical number seven, plus or minus two: Some limtis on our capacity for processing information. Psycological Review 63, 81–97 (1956)
Saxena, N., Ekberg, J.-E., Kostiainen, K., Asokan, N.: Secure Device Pairing based on a Visual Channel. In: 2006 IEEE Symposium on Security and Privacy (2006)
Norman, D.A.: The Design of Everyday Things, Basic Books (September 2002)
Palmer, J.: Attentional limits on the perception and memory of visual information. Journal of Experimental Psychology: Human Perception and Performance 16(2), 332–350 (1990)
Suomalainen, J., Valkonen, J., Asokan, N.: Security associations in personal networks: A comparative analysis. Technical Report NRC-TR-2007-004, Nokia Research Center (2007)
Vaudenay, S.: Secure communications over insecure channels based on short authenticated strings. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 309–326. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Uzun, E., Karvonen, K., Asokan, N. (2007). Usability Analysis of Secure Pairing Methods. In: Dietrich, S., Dhamija, R. (eds) Financial Cryptography and Data Security. FC 2007. Lecture Notes in Computer Science, vol 4886. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77366-5_29
Download citation
DOI: https://doi.org/10.1007/978-3-540-77366-5_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77365-8
Online ISBN: 978-3-540-77366-5
eBook Packages: Computer ScienceComputer Science (R0)