On the Usability of Secure Association of Wireless Devices Based On Distance Bounding (CROSBI ID 554432)
Prilog sa skupa u zborniku | izvorni znanstveni rad | međunarodna recenzija
Podaci o odgovornosti
Čagalj, Mario ; Saxena, Nitesh ; Uzun, Ersin
engleski
On the Usability of Secure Association of Wireless Devices Based On Distance Bounding
When users wish to establish wireless communication between their devices, the channel needs to be bootstrapped first. Usually, the channel is desired to be authenticated and confidential, in order to mitigate any malicious control of or eavesdropping over the communication. When there is no prior security context, such as, shared secrets, common key servers or public key certificates, device association necessitates some level of user involvement into the process. A wide variety of user-aided security association techniques have been proposed in the past. A promising set of techniques require out-of-band communication between the devices (e.g., auditory, visual, or tactile). The usability evaluation of such techniques has been an active area of research recently. In this paper, our focus is on the usability of an alternative method of secure association – Integrity regions (Iregions) [40] – based on distance bounding. I-regions achieves secure association by verification of entity proximity through time-to-travel measurements over ultrasonic or radio channels. Security of I-regions crucially relies on the assumption that human users can correctly gauge the distance between two communicating devices. We demonstrate, via a thorough usability study of the I-regions technique and related statistical analysis, that such an assumption does not hold in practice. Our results indicate that I-regions can yield high error rates (both false accept and false reject), undermining its security and usability under common communication scenarios.
Security; Usability; Authentication; Distance Bounding; Wireless Networks
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
Podaci o prilogu
2009.
objavljeno
Podaci o matičnoj publikaciji
Proceedings of the 8th International Conference on CRYPTOLOGY AND NETWORK SECURITY (CANS 2009) - (Lecture Notes in Computer Science)
Springer
Podaci o skupu
The 8th International Conference on CRYPTOLOGY AND NETWORK SECURITY (CANS 2009)
predavanje
12.12.2009-14.12.2009
Ishikawa, Japan; Kanazawa, Japan