Usability Analysis of Secure Pairing Methods

Setting up security associations between end-user devices is a challenging task when it needs to be done by ordinary users. The increasing popularity of powerful personal electronics with wireless communication abilities has made the problem more urgent than ever before. During the last few years, several solutions have appeared in the research literature. Several standardization bodies have also been working on improved setup procedures. All these protocols provide certain level of security, but several new questions arise, such as "how to implement this protocol so that it is easy to use?" and "is it still secure when used by a non-technical person?" In this paper, we attempt to answer these questions by carrying out a comparative usability evaluation of selected methods to derive some insights into the usability and security of these methods as well as strategies for implementing them.

[1]  N. Asokan,et al.  Secure device pairing based on a visual channel , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[2]  N. Asokan,et al.  Security Associations in Personal Networks: A Comparative Analysis , 2007, ESAS.

[3]  Serge Vaudenay,et al.  Secure Communications over Insecure Channels Based on Short Authenticated Strings , 2005, CRYPTO.

[4]  J. Palmer Attentional limits on the perception and memory of visual information. , 1990, Journal of experimental psychology. Human perception and performance.

[5]  Rubi Hammer,et al.  Category learning from equivalence constraints , 2009, Cognitive Processing.

[6]  Diana K. Smetters,et al.  Network-in-a-Box: How to Set Up a Secure Wireless Network in Under a Minute , 2004, USENIX Security Symposium.

[7]  Sven Laur,et al.  Efficient Mutual Data Authentication Using Manually Authenticated Strings , 2006, CANS.

[8]  Christian Gehrmann,et al.  Manual authentication for wireless devices , 2004 .

[9]  Michael K. Reiter,et al.  Seeing-is-believing: using camera phones for human-verifiable authentication , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[10]  Srdjan Capkun,et al.  Key Agreement in Peer-to-Peer Wireless Networks , 2006, Proceedings of the IEEE.

[11]  Michael Sirivianos,et al.  Loud and Clear: Human-Verifiable Authentication Based on Audio , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[12]  Colin Potts,et al.  Design of Everyday Things , 1988 .

[13]  Adrian Perrig,et al.  Designing an evaluation method for security user interfaces: lessons from studying secure wireless network configuration , 2006, INTR.

[14]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[15]  G. A. Miller THE PSYCHOLOGICAL REVIEW THE MAGICAL NUMBER SEVEN, PLUS OR MINUS TWO: SOME LIMITS ON OUR CAPACITY FOR PROCESSING INFORMATION 1 , 1956 .

[16]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.