This paper reports on the challenge of designing an application for bootstrapping secure communications in ad-hoc situations. The starting point of this work was based on prior work in “spontaneous security”: making use of Human-Interactive Security Protocols (HISPs) which exploit a human-based unspoofable channel to bootstrap secure comunications. Our approach was to develop a realistic scenario in which spontaneous and secure communications are necessary, and to use this to drive the development of the application. We settled on exploring how to provide secure communications in disasters: situations where existing communication and security infrastructures may be unavailable. Using the disaster scenario to guide development, we implemented a mobile application which allows users to create ad-hoc WiFi networks and bootstrap secure communications over these networks. Disaster, Spontaneous security, Human-Interactive Security Protocol
[1]
A. W. Roscoe,et al.
Efficient group authentication protocols based on human interaction
,
2009,
IACR Cryptol. ePrint Arch..
[2]
A. W. Roscoe,et al.
Authenticating ad hoc networks by comparison of short digests
,
2008,
Inf. Comput..
[3]
Bo-Yin Yang,et al.
GAnGS: gather, authenticate 'n group securely
,
2008,
MobiCom '08.
[4]
Danny Dolev,et al.
On the security of public key protocols
,
1981,
22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).
[5]
A. W. Roscoe,et al.
Reverse Authentication in Financial Transactions and Identity Management
,
2013,
Mob. Networks Appl..
[6]
A. W. Roscoe,et al.
Usability and security of out-of-band channels in secure device pairing protocols
,
2009,
SOUPS.