Secure device pairing using audio

Secure device pairing between mobile devices is a challenging task. The lack of a trusted authority and low computational power make it difficult for mobile devices to establish secure communication channels in ubiquitous computing environments. Solutions have been proposed using locationlimited channels to transmit secure pairing information that can be verified as originating from the intended device, enabling users to establish secure channels over insecure mediums. Of particular interest is using audio as a location-limited channel, due to the widespread deployment of audio capabilities on mobile devices. We describe a solution for secure device pairing using audio, called UbiSound, which only requires a single audio transmission to authenticate both devices. We describe our communication protocol, implementation details and results, and discuss how our solution is resistant to a number of attacks. Additionally, we emphasize how our solution is usable for visually impaired users.

[1]  Sven Laur,et al.  Efficient Mutual Data Authentication Using Manually Authenticated Strings , 2006, CANS.

[2]  Claudio Soriente,et al.  Using audio in secure device pairing , 2009, Int. J. Secur. Networks.

[3]  Tim Kindberg,et al.  Secure Spontaneous Device Association , 2003, UbiComp.

[4]  Pieter H. Hartel,et al.  Feeling Is Believing: A Secure Template Exchange Protocol , 2007, ICB.

[5]  Pieter H. Hartel,et al.  Secure Ad-hoc Pairing with Biometrics: SAfE , 2007 .

[6]  Dongwan Shin,et al.  Visual Device identification for Security Services in Ad-Hoc Wireless Networks , 2005, New Trends in Computer Networks.

[7]  N. Asokan,et al.  Secure device pairing based on a visual channel , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[8]  Claudio Soriente,et al.  HAPADEP: Human-Assisted Pure Audio Device Pairing , 2008, ISC.

[9]  Michael K. Reiter,et al.  Seeing-is-believing: using camera phones for human-verifiable authentication , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[10]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[11]  Dongwan Shin Securing spontaneous communications in wireless pervasive computing environments , 2005, Seventh IEEE International Symposium on Multimedia (ISM'05).

[12]  William R. Claycomb,et al.  Using A Two Dimensional Colorized Barcode Solution for Authentication in Pervasive Computing , 2006, 2006 ACS/IEEE International Conference on Pervasive Services.

[13]  Frank Stajano,et al.  Multi-channel Protocols , 2005, Security Protocols Workshop.

[14]  Seunghyun Im Validating Secure Connections between Wireless Devices in Pervasive Computing Using Data Matrix , 2008, 2008 International Conference on Multimedia and Ubiquitous Engineering (mue 2008).

[15]  Srdjan Capkun,et al.  Key Agreement in Peer-to-Peer Wireless Networks , 2006, Proceedings of the IEEE.

[16]  Tim Kindberg,et al.  Validating and Securing Spontaneous Associations between Wireless Devices , 2003, ISC.

[17]  John Wawrzynek,et al.  RTP Payload Format for MIDI , 2006, RFC.

[18]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[19]  Dongwan Shin,et al.  Secure Real World Interaction Using Mobile Devices , 2006 .

[20]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[21]  René Mayrhofer,et al.  A Human-Verifiable Authentication Protocol Using Visible Laser Light , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[22]  Michael Sirivianos,et al.  Loud and Clear: Human-Verifiable Authentication Based on Audio , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[23]  Adi Shamir,et al.  How to expose an eavesdropper , 1984, CACM.

[24]  Serge Vaudenay,et al.  Secure Communications over Insecure Channels Based on Short Authenticated Strings , 2005, CRYPTO.