Caveat eptor: A comparative study of secure device pairing methods Conference Paper

abstract

• ldquoSecure Device Pairingrdquo is the process of bootstrapping a secure channel between two previously unassociated devices over a (usually wireless) human-imperceptible communication channel. Lack of prior security context and common trust infrastructure open the door for Man-in-the-Middle (also known as Evil Twin) attacks. Mitigation of these attacks requires user involvement in the device pairing process. Prior research yielded a number of interesting methods utilizing various auxiliary human-perceptible channels, e.g., visual, acoustic or tactile. These methods engage the user in authenticating information exchanged over human-imperceptible channels, thus mitigating MiTM attacks and forming the basis for secure pairing. We present the first comprehensive comparative evaluation of notable secure device pairing methods. Our results identify methods best-suited for a given combination of devices and human abilities. This work is both important and timely, since it sheds light on usability in one of the very few settings where a wide range of users (not just specialists) are confronted with security techniques.

name of conference

• 2009 IEEE International Conference on Pervasive Computing and Communications

authors

• Saxena, Nitesh

published proceedings

• 2009 IEEE International Conference on Pervasive Computing and Communications

author list (cited authors)

• A. Kumar, .., N. Saxena, .., G. Tsudik, .., & E. Uzun.

publication date

• January 2009

keywords

• Bluetooth
• Cameras
• Communication System Security
• Computer Science
• Hardware
• Humans
• Personal Digital Assistants
• Usability
• Wireless Communication
• Wireless Sensor Networks

start page

• 1

end page

• 10