Secure Ad-hoc Pairing with Biometrics: SAfE

The pairing problem is to enable two devices, which share no prior context with each other, to agree upon a security association that they can use to protect their subsequent communication. Secure pairing should o®er guarantees of the association partner's identity and it should be resistant to eavesdropping or to a man-in the middle attack. We propose a user friendly solution to this problem. Keys extracted from images of the participants are used for authentication. Details of the SAfE pairing system are presented along with a discussion of the security features and a usability analysis.

[1]  Raymond N. J. Veldhuis,et al.  Comparing landmarking methods for face recognition , 2005 .

[2]  Tim Kindberg,et al.  Secure Spontaneous Device Association , 2003, UbiComp.

[3]  Pieter H. Hartel,et al.  Fuzzy extractors for continuous distributions , 2006, ASIACCS '07.

[4]  Tsuhan Chen,et al.  Biometrics-based cryptographic key generation , 2004, 2004 IEEE International Conference on Multimedia and Expo (ICME) (IEEE Cat. No.04TH8763).

[5]  Michael K. Reiter,et al.  Seeing-is-believing: using camera phones for human-verifiable authentication , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[6]  Ersin Uzun,et al.  Usability Analysis of Secure Pairing Methods , 2007, Financial Cryptography.

[7]  Pieter H. Hartel,et al.  Feeling Is Believing: A Secure Template Exchange Protocol , 2007, ICB.

[8]  Raymond N. J. Veldhuis,et al.  Practical Biometric Authentication with Template Protection , 2005, AVBPA.

[9]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[10]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[11]  Thomas D. Wu The Secure Remote Password Protocol , 1998, NDSS.

[12]  N. Asokan,et al.  Secure device pairing based on a visual channel , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[13]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[14]  Raymond N. J. Veldhuis,et al.  Verifying a User in a Personal Face Space , 2006, 2006 9th International Conference on Control, Automation, Robotics and Vision.

[15]  Michael Sirivianos,et al.  Loud and Clear: Human-Verifiable Authentication Based on Audio , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[16]  René Mayrhofer,et al.  Shake Well Before Use: Authentication Based on Accelerometer Data , 2007, Pervasive.

[17]  Serge Vaudenay,et al.  Secure Communications over Insecure Channels Based on Short Authenticated Strings , 2005, CRYPTO.

[18]  Jean-Paul M. G. Linnartz,et al.  New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates , 2003, AVBPA.