Pairing devices for social interactions: a comparative usability evaluation

When users wish to establish wireless radio communication between/among their devices, the channel has to be bootstrapped first. The process of setting up a secure communication channel between two previously unassociated devices is referred to as "Secure Device Pairing". The focus of prior research on this topic has mostly been limited to "personal pairing" scenarios, whereby a single user controls both the devices. In this paper, we instead consider "social pairing" scenarios, whereby two different users establish pairing between their respective devices. We present a comprehensive study to identify methods suitable for social pairing, and comparatively evaluate the usability and security of these methods. Our results identify methods best-suited for users, in terms of efficiency, error-tolerance and of course, usability. Our work provides insights on the applicability and usability of methods for emerging social pairing scenarios, a topic largely ignored so far.

[1]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[2]  Bernt Schiele,et al.  Smart-Its Friends: A Technique for Users to Easily Establish Connections between Smart Artefacts , 2001, UbiComp.

[3]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[4]  Yang Wang,et al.  Serial hook-ups: a comparative usability study of secure device pairing methods , 2009, SOUPS.

[5]  Nitesh Saxena,et al.  Efficient Device Pairing Using "Human-Comparable" Synchronized Audiovisual Patterns , 2008, ACNS.

[6]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[7]  Arun Kumar,et al.  Caveat Emptor: A Comparative Study of Secure Device Pairing Methods , 2009, PerCom.

[8]  Serge Vaudenay,et al.  Secure Communications over Insecure Channels Based on Short Authenticated Strings , 2005, CRYPTO.

[9]  Diana K. Smetters,et al.  Network-in-a-Box: How to Set Up a Secure Wireless Network in Under a Minute , 2004, USENIX Security Symposium.

[10]  René Mayrhofer,et al.  A Human-Verifiable Authentication Protocol Using Visible Laser Light , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[11]  Tim Kindberg,et al.  Validating and Securing Spontaneous Associations between Wireless Devices , 2003, ISC.

[12]  Michael K. Reiter,et al.  Seeing-is-believing: using camera phones for human-verifiable authentication , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[13]  René Mayrhofer,et al.  Shake Well Before Use: Authentication Based on Accelerometer Data , 2007, Pervasive.

[14]  Srdjan Capkun,et al.  Influence of user perception, security needs, and social factors on device pairing method choices , 2010, SOUPS.

[15]  Michael Sirivianos,et al.  Loud and Clear: Human-Verifiable Authentication Based on Audio , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[16]  N. Asokan,et al.  Secure device pairing based on a visual channel , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[17]  Volker Roth,et al.  Simple and effective defense against evil twin access points , 2008, WiSec '08.

[18]  Claudio Soriente,et al.  HAPADEP: Human-Assisted Pure Audio Device Pairing , 2008, ISC.

[19]  A. W. Roscoe,et al.  Two heads are better than one: security and usability of device associations in group scenarios , 2010, SOUPS.

[20]  Carl M. Ellison,et al.  Public-key support for group collaboration , 2003, TSEC.

[21]  Shensheng Zhang,et al.  xShare: supporting impromptu sharing of mobile phones , 2009, MobiSys '09.

[22]  Dawn Song,et al.  Hash Visualization: a New Technique to improve Real-World Security , 1999 .

[23]  Stuart E. Schechter,et al.  Can i borrow your phone?: understanding concerns when sharing mobile phones , 2009, CHI.

[24]  Serge Vaudenay,et al.  SAS-Based Authenticated Key Agreement , 2006, Public Key Cryptography.

[25]  R. Likert “Technique for the Measurement of Attitudes, A” , 2022, The SAGE Encyclopedia of Research Design.

[26]  Sven Laur,et al.  Efficient Mutual Data Authentication Using Manually Authenticated Strings , 2006, CANS.

[27]  A. W. Roscoe,et al.  Usability and security of out-of-band channels in secure device pairing protocols , 2009, SOUPS.

[28]  Gene Tsudik,et al.  Groupthink: usability of secure group association for wireless devices , 2010, UbiComp.

[29]  H. Kaiser The Application of Electronic Computers to Factor Analysis , 1960 .

[30]  Kar Yan Tam,et al.  Mobile data service fuels the desire for uniqueness , 2006, CACM.

[31]  Jacob Cohen,et al.  Applied multiple regression/correlation analysis for the behavioral sciences , 1979 .

[32]  Ersin Uzun,et al.  Usability Analysis of Secure Pairing Methods , 2007, Financial Cryptography.

[33]  E. Uzun,et al.  BEDA : Button-Enabled Device Association , 2007 .