Short paper: MVSec: secure and easy-to-use pairing of mobile devices with vehicles

With the increasing popularity of mobile devices, drivers and passengers will naturally want to connect their devices to their cars. Malicious entities can and likely will try to attack such systems in order to compromise other vehicular components or eavesdrop on privacy-sensitive information. It is imperative, therefore, to address security concerns from the onset of these technologies. While guaranteeing secure wireless vehicle-to-mobile communication is crucial to the successful integration of mobile devices in vehicular environments, usability is of equally critical importance. With MVSec, we propose novel approaches to secure vehicle-to-mobile communication tailored specifically for vehicular environments. We present novel security protocols and provide complete implementation and user study results.

[1]  Ersin Uzun,et al.  Usability Analysis of Secure Pairing Methods , 2007, Financial Cryptography.

[2]  Paul Hudak,et al.  Audio Processing and Sound Synthesis in Haskell , 2009 .

[3]  Adrian Perrig,et al.  Low-Cost Manufacturing, Usability, and Security: An Analysis of Bluetooth Simple Pairing and Wi-Fi Protected Setup , 2007, Financial Cryptography.

[4]  Fan Bai,et al.  MVSec: Secure and Easy-to-Use Pairing of Mobile Devices with Vehicles (CMU-CyLab-14-006) , 2014 .

[5]  Arun Kumar,et al.  Pairing devices for social interactions: a comparative usability evaluation , 2011, CHI.

[6]  G. Goertzel An Algorithm for the Evaluation of Finite Trigonometric Series , 1958 .

[7]  Karen A. Scarfone,et al.  Guide to Bluetooth Security , 2008 .

[8]  Sven Laur,et al.  Efficient Mutual Data Authentication Using Manually Authenticated Strings , 2006, CANS.

[9]  A. W. Roscoe,et al.  Usability and security of out-of-band channels in secure device pairing protocols , 2009, SOUPS.

[10]  TsudikGene,et al.  A comparative study of secure device pairing methods , 2009 .

[11]  Avishai Wool,et al.  Cracking the Bluetooth PIN , 2005, MobiSys '05.

[12]  F Guillaume Zipcar, wheels when you want them , 2014 .

[13]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[14]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[15]  Michel Barbeau,et al.  Detecting Impersonation Attacks in Future Wireless and Mobile Networks , 2005, MADNES.

[16]  Serge Vaudenay,et al.  Secure Communications over Insecure Channels Based on Short Authenticated Strings , 2005, CRYPTO.

[17]  Christian Gehrmann,et al.  Manual authentication for wireless devices , 2004 .

[18]  Michael K. Reiter,et al.  Seeing-is-believing: using camera phones for human-verifiable authentication , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[19]  Adrian Perrig,et al.  Message-in-a-bottle: user-friendly and secure key deployment for sensor nodes , 2007, SenSys '07.

[20]  Claudio Soriente,et al.  HAPADEP: Human-Assisted Pure Audio Device Pairing , 2008, ISC.

[21]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[22]  Serge Vaudenay,et al.  SAS-Based Authenticated Key Agreement , 2006, Public Key Cryptography.

[23]  K. Hypponen,et al.  Man-In-The-Middle attacks on bluetooth: a comparative analysis, a novel attack, and countermeasures , 2008, 2008 3rd International Symposium on Communications, Control and Signal Processing.

[24]  Karen A. Scarfone,et al.  Guide to Bluetooth Security , 2008 .