BEDA : Button-Enabled Device Association

Secure initial pairing of electronic gadgets is a challenging problem because of the usual lack of a common security infrastructure and the threat of so-called Man-in-theMiddle (MiTM) attacks, whereby an attacker inserts itself into the pairing protocol by impersonating one of the legitimate parties. A number of interesting techniques have been proposed, all of which involve the user in the pairing process. However, they are inapplicable to many common scenarios where devices to-be-paired do not possess required interfaces, such as displays, speakers, cameras or microphones. In this paper, we introduce BEDA (Button-Enabled Device Association), a protocol suite for secure pairing devices with minimal user interfaces. The most common and minimal interface available on wide variety of devices is a single button. BEDA protocols can accommodate pairing scenarios where one (or even both) devices only have a single button as their “user interface”. Our usability study demonstrates that BEDA protocols involve very little human burden and are quite suitable for ordinary users.

[1]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[2]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[3]  Dawn Song,et al.  Hash Visualization: a New Technique to improve Real-World Security , 1999 .

[4]  Bernt Schiele,et al.  Smart-Its Friends: A Technique for Users to Easily Establish Connections between Smart Artefacts , 2001, UbiComp.

[5]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[6]  Assar Westerlund,et al.  Demonstration Abstract: Spontaneous networking for secure collaborative applications in an infrastructureless environment. : International Conference on Pervasive Computing (Pervasive 2002) , 2002 .

[7]  Tim Kindberg,et al.  Validating and Securing Spontaneous Associations between Wireless Devices , 2003, ISC.

[8]  Tim Kindberg,et al.  Secure Spontaneous Device Association , 2003, UbiComp.

[9]  Carl M. Ellison,et al.  Public-key support for group collaboration , 2003, TSEC.

[10]  Christian Gehrmann,et al.  Manual authentication for wireless devices , 2004 .

[11]  Michael K. Reiter,et al.  Seeing-is-believing: using camera phones for human-verifiable authentication , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[12]  N. Asokan,et al.  Secure device pairing based on a visual channel , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[13]  Michael Sirivianos,et al.  Loud and Clear: Human-Verifiable Authentication Based on Audio , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[14]  René Mayrhofer,et al.  Shake Well Before Use: Authentication Based on Accelerometer Data , 2007, Pervasive.

[15]  Ersin Uzun,et al.  Usability Analysis of Secure Pairing Methods , 2007, Financial Cryptography.

[16]  Claudio Soriente,et al.  HAPADEP: Human-Assisted Pure Audio Device Pairing , 2008, ISC.