Authenticating ubiquitous services: a study of wireless hotspot access

This paper concerns the problem of phishing attacks in ubiquitous computing environments. The embedding of ubiquitous services into our everyday environments may make fake services seem plausible but it also enables us to authenticate them with respect to those environments. We propose physical and virtual linkage as two types of authenticating evidence in ubiquitous environments and two protocols based on them. We describe an experiment to test hypotheses concerning user responses to physical and virtual linkage with respect to fake Wi-Fi hotspots. Based on our experience we derive an improved protocol for authenticating spontaneously accessed ubiquitous services.

[1]  Volker Roth,et al.  Simple and effective defense against evil twin access points , 2008, WiSec '08.

[2]  Armando Fox,et al.  System Software for Ubiquitous Computing , 2022 .

[3]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[4]  Tim Kindberg,et al.  Measuring trust in wi-fi hotspots , 2008, CHI.

[5]  B. J. Fogg,et al.  Persuasive technology: using computers to change what we think and do , 2002, UBIQ.

[6]  N. Asokan,et al.  Secure device pairing based on a visual channel , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[7]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[8]  Tim Kindberg,et al.  Evidently secure device associations , 2005 .

[9]  Christian Gehrmann,et al.  Manual authentication for wireless devices , 2004 .

[10]  Michael K. Reiter,et al.  Seeing-is-believing: using camera phones for human-verifiable authentication , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[11]  Jens Riegelsberger,et al.  Trustbuilders and Trustbusters - The Role of Trust Cues in Interfaces to e-Commerce Applications , 2001, I3E.

[12]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[13]  Serge Vaudenay,et al.  Secure Communications over Insecure Channels Based on Short Authenticated Strings , 2005, CRYPTO.

[14]  Ersin Uzun,et al.  Usability Analysis of Secure Pairing Methods , 2007, Financial Cryptography.

[15]  Adi Shamir,et al.  How to expose an eavesdropper , 1984, CACM.