MVSec: Secure and Easy-to-Use Pairing of Mobile Devices with Vehicles (CMU-CyLab-14-006)

With the increasing popularity of mobile devices, drivers and passengers will naturally want to connect their devices to their cars. Malicious entities can and likely will try to attack such systems in order to compromise other vehicular components or eavesdrop on privacy-sensitive information. It is imperative, therefore, to address security concerns from the onset of these technologies. While guaranteeing secure wireless vehicle-to-mobile communication is crucial to the successful integration of mobile devices in vehicular environments, usability is of equally critical importance. Several researchers proposed different methods for key agreement between two devices that share no prior secret. However, many of these proposals do not take advantage of the vehicular environment. With MVSec, we propose several novel approaches to secure vehicle-to-mobile communication tailored specifically for vehicular environments. We present novel security protocols and their security analysis. We also provide complete implementation and user study results demonstrating the feasibility and the usability of MVSec.

[1]  Michel Barbeau,et al.  Detecting Impersonation Attacks in Future Wireless and Mobile Networks , 2005, MADNES.

[2]  Serge Vaudenay,et al.  SAS-Based Authenticated Key Agreement , 2006, Public Key Cryptography.

[3]  Avishai Wool,et al.  Cracking the Bluetooth PIN , 2005, MobiSys '05.

[4]  Claudio Soriente,et al.  HAPADEP: Human-Assisted Pure Audio Device Pairing , 2008, ISC.

[5]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[6]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[7]  K. Hypponen,et al.  Man-In-The-Middle attacks on bluetooth: a comparative analysis, a novel attack, and countermeasures , 2008, 2008 3rd International Symposium on Communications, Control and Signal Processing.

[8]  G. Goertzel An Algorithm for the Evaluation of Finite Trigonometric Series , 1958 .

[9]  A. W. Roscoe,et al.  Usability and security of out-of-band channels in secure device pairing protocols , 2009, SOUPS.

[10]  Serge Vaudenay,et al.  Secure Communications over Insecure Channels Based on Short Authenticated Strings , 2005, CRYPTO.

[11]  Arun Kumar,et al.  Pairing devices for social interactions: a comparative usability evaluation , 2011, CHI.

[12]  Karen A. Scarfone,et al.  Guide to Bluetooth Security , 2008 .

[13]  Adrian Perrig,et al.  Low-Cost Manufacturing, Usability, and Security: An Analysis of Bluetooth Simple Pairing and Wi-Fi Protected Setup , 2007, Financial Cryptography.

[14]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[15]  Ersin Uzun,et al.  Usability Analysis of Secure Pairing Methods , 2007, Financial Cryptography.

[16]  Michael K. Reiter,et al.  Seeing-is-believing: using camera phones for human-verifiable authentication , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[17]  Adrian Perrig,et al.  Message-in-a-bottle: user-friendly and secure key deployment for sensor nodes , 2007, SenSys '07.

[18]  Arun Kumar,et al.  Article in Press Pervasive and Mobile Computing ( ) – Pervasive and Mobile Computing a Comparative Study of Secure Device Pairing Methods , 2022 .