Security Associations in Personal Networks: A Comparative Analysis

Suomalainen, Jani; Valkonen, Jukka; Asokan, N.

doi:10.1007/978-3-540-73275-4_4

Cited by 46 publications

(39 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Early comparative usability studies such as Suomalainen et al [22], Valkonen et al [24], and Uzun et al [23] involved only simple methods based on string/number entry or comparison. The main emphasis was on measuring completion time and determining the error rate of methods.…”

Section: Related Workmentioning

confidence: 99%

Influence of user perception, security needs, and social factors on device pairing method choices

Ion

Langheinrich

Kumaraguru

et al. 2010

Proceedings of the Sixth Symposium on Usable Privacy and Security

View full text Add to dashboard Cite

Recent years have seen a proliferation of secure device pairing methods that try to improve both the usability and security of today's de-facto standard -PIN-based authentication. Evaluating such improvements is difficult. Most comparative laboratory studies have so far mainly focused on completeness, trying to find the single best method among the dozens of proposed approaches -one that is both rated the most usable by test subjects, and which provides the most robust security guarantees. This search for the "best" pairing method, however, fails to take into account the variety of situations in which such pairing protocols may be used in real life. The comparative study reported here, therefore, explicitly situates pairing tasks in a number of more realistic situations. Our results indicate that people do not always use the easiest or most popular method -they instead prefer different methods in different situations, based on the sensitivity of data involved, their time constraints, and the social conventions appropriate for a particular place and setting. Our study also provides qualitative data on factors influencing the perceived security of a particular method, the users' mental models surrounding security of a method, and their security needs. General TermsHuman Factors, Security.

show abstract

Section: Related Workmentioning

confidence: 99%

Influence of user perception, security needs, and social factors on device pairing method choices

Ion

Langheinrich

Kumaraguru

et al. 2010

Proceedings of the Sixth Symposium on Usable Privacy and Security

View full text Add to dashboard Cite

show abstract

“…Thus, even if the passkey is guessable, SSP in the PE model remains secure unless all of its stages are vulnerable to attack. Suomalainen et al [26] gives a comparative overview of different pairing models in personal networks including Bluetooth. They identify as a potential attack scenario where the security of a more IO-capable device is compromised by having it interact with another device of restricted IO-capability e.g.…”

Section: Related Workmentioning

confidence: 99%

Analyzing the Secure Simple Pairing in Bluetooth v4.0

Phan

Mingard

2010

Wireless Pers Commun

View full text Add to dashboard Cite

This paper analyzes the security of Bluetooth v4.0's Secure Simple Pairing (SSP) protocol, for both the Bluetooth Basic Rate / Enhanced Data Rate (BR/EDR) and Bluetooth Low Energy (LE) operational modes. Bluetooth v4.0 is the latest version of a wireless communication standard for low-speed and low-range data transfer among devices in a human's PAN. It allows increased network mobility among devices such as headsets, PDAs, wireless keyboards and mice. A pairing process is initiated when two devices desire to communicate, and this pairing needs to correctly authenticate devices so that a secret link key is established for secure communication. What is interesting is that device authentication relies on humans to communicate verification information between devices via a human-aided out-of-band channel. Bluetooth v4.0's SSP protocol is designed to offer security against passive eavesdropping and man-inthe-middle (MitM) attacks. We conduct the first known detailed analysis of SSP for all its MitM-secure models. We highlight some issues related to exchange of public keys and use of the passkey in its models and discuss how to treat them properly.

show abstract

“…These keys can be obtained in the same way as in existing secure 802.11 and Bluetooth networks. For example, devices can leverage traditional credentials from trusted authorities (e.g., for RADIUS authentication) or bootstrap symmetric keys using out-of-band pairing techniques [31]. We believe that most private services will be known beforehand (e.g., a home 802.11 AP) and can bootstrap keys using these methods.…”

Section: Threat Modelmentioning

confidence: 99%

Improving wireless privacy with an identifier-free link layer protocol

Greenstein

McCoy

Pang

et al. 2008

Proceedings of the 6th International Conference on Mobile Systems, Applications, and Services

View full text Add to dashboard Cite

We present the design and evaluation of an 802.11-like wireless link layer protocol that obfuscates all transmitted bits to increase privacy. This includes explicit identifiers such as MAC addresses, the contents of management messages, and other protocol fields that the existing 802.11 protocol relies on to be sent in the clear. By obscuring these fields, we greatly increase the difficulty of identifying or profiling users from their transmissions in ways that are otherwise straightforward. Our design, called SlyFi, is nearly as efficient as existing schemes such as WPA for discovery, link setup, and data delivery despite its heightened protections; transmission requires only symmetric key encryption and reception requires a table lookup followed by symmetric key decryption. Experiments using our implementation on Atheros 802.11 drivers show that SlyFi can discover and associate with networks faster than 802.11 using WPA-PSK. The overhead SlyFi introduces in packet delivery is only slightly higher than that added by WPA-CCMP encryption (10% vs. 3% decrease in throughput).

show abstract

Security Associations in Personal Networks: A Comparative Analysis

Cited by 46 publications

References 10 publications

Influence of user perception, security needs, and social factors on device pairing method choices

Influence of user perception, security needs, and social factors on device pairing method choices

Analyzing the Secure Simple Pairing in Bluetooth v4.0

Improving wireless privacy with an identifier-free link layer protocol

Contact Info

Product

Resources

About