RhythmLink: securely pairing I/O-constrained devices by tapping

We present RhythmLink, a system that improves the wireless pairing user experience. Users can link devices such as phones and headsets together by tapping a known rhythm on each device. In contrast to current solutions, RhythmLink does not require user interaction with the host device during the pairing process; and it only requires binary input on the peripheral, making it appropriate for small devices with minimal physical affordances. We describe the challenges in enabling this user experience and our solution, an algorithm that allows two devices to compare imprecisely-entered tap sequences while maintaining the secrecy of those sequences. We also discuss our prototype implementation of RhythmLink and review the results of initial user tests.

[1]  Tracy L. Westeyn,et al.  Recognizing song-based blink patterns: applications for restricted and universal access , 2004, Sixth IEEE International Conference on Automatic Face and Gesture Recognition, 2004. Proceedings..

[2]  Claudio Soriente,et al.  Secure pairing of interface constrained devices , 2009, Int. J. Secur. Networks.

[3]  TsudikGene,et al.  A comparative study of secure device pairing methods , 2009 .

[4]  James H. Aylor,et al.  Computer for the 21st Century , 1999, Computer.

[5]  Francisco Rodríguez-Henríquez,et al.  A parallel architecture for fast computation of elliptic curve scalar multiplication over GF(2/sup m/) , 2004, 18th International Parallel and Distributed Processing Symposium, 2004. Proceedings..

[6]  Rodrigo Roman,et al.  KeyLED - transmitting sensitive data over out-of-band channels in wireless sensor networks , 2008, 2008 5th IEEE International Conference on Mobile Ad Hoc and Sensor Systems.

[7]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  Matt Anderson,et al.  FreeDigiter: a contact-free device for gesture control , 2004, Eighth International Symposium on Wearable Computers.

[9]  Bernt Schiele,et al.  Smart-Its Friends: A Technique for Users to Easily Establish Connections between Smart Artefacts , 2001, UbiComp.

[10]  Ahmad-Reza Sadeghi,et al.  TASTY: tool for automating secure two-party computations , 2010, CCS '10.

[11]  Jun Rekimoto SyncTap: synchronous user operation for spontaneous network connection , 2004, Personal and Ubiquitous Computing.

[12]  Arun Kumar,et al.  Article in Press Pervasive and Mobile Computing ( ) – Pervasive and Mobile Computing a Comparative Study of Secure Device Pairing Methods , 2022 .

[13]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[14]  Patrick Baudisch,et al.  Disappearing mobile devices , 2009, UIST '09.

[15]  Karl M. Newell,et al.  Force and Timing Variability in Rhythmic Unimanual Tapping , 2000, Journal of motor behavior.

[16]  René Mayrhofer,et al.  Spontaneous mobile device authentication based on sensor data , 2008, Inf. Secur. Tech. Rep..

[17]  Ersin Uzun,et al.  Usability Analysis of Secure Pairing Methods , 2007, Financial Cryptography.

[18]  Jun Rekimoto,et al.  ProxNet: Secure Dynamic Wireless Connection by Proximity Sensing , 2004, Pervasive.

[19]  Sean White,et al.  Nenya: subtle and eyes-free mobile input with a magnetically-tracked finger ring , 2011, CHI.

[20]  Ahmad-Reza Sadeghi,et al.  From Dust to Dawn: Practically Efficient Two-Party Secure Function Evaluation Protocols and their Modular Design , 2010, IACR Cryptol. ePrint Arch..

[21]  Michael Kreutzer,et al.  Pre-Authentication Using Infrared , 2005 .

[22]  Thomas Falck,et al.  Plug 'n Play Simplicity for Wireless Medical Body Sensors , 2006, 2006 Pervasive Health Conference and Workshops.

[23]  Hans-Werner Gellersen,et al.  GesturePIN: using discrete gestures for associating mobile devices , 2010, Mobile HCI.

[24]  Jacob O. Wobbrock,et al.  TapSongs: tapping rhythm-based passwords on a single binary sensor , 2009, UIST '09.