Usability and security of out-of-band channels in secure device pairing protocols

Kainda, Ronald; Fléchais, Ivan; Roscoe, A. W.

doi:10.1145/1572532.1572547

Cited by 90 publications

(89 citation statements)

References 22 publications

(29 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The aim of the study was not only to evaluate how usable the methods are but also compare our results with those previous studies. To this regard, we designed our laboratory experiment similarly to [7,8,9].…”

Section: Usability Evaluation Of the Methodsmentioning

confidence: 99%

“…Currently proposed OOB channels force one to choose between security and usability. Compare and confirm has been found both a usable and preferred method but also susceptible to security failures [7,8,9]. Other methods such as timing and auxiliary device methods are also susceptible to security failures though they do not offer the same level of usability as compare and confirm.…”

Section: Limitationsmentioning

confidence: 99%

“…Even vigilant users may be distracted, accidentally press a wrong button, or merely miss the comparison. In fact, in their study of pairing methods, Kainda et al [7] reported that some participants were concerned that with compare and confirm it was easy for a security failure to occur because the method did not force them to compare accurately.…”

Section: Limitationsmentioning

confidence: 99%

See 2 more Smart Citations

Secure and Usable Out-Of-Band Channels for Ad Hoc Mobile Device Interactions

Kainda

Fléchais

Roscoe

2010

Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices

Self Cite

View full text Add to dashboard Cite

Abstract. Protocols for bootstrapping security in ad hoc mobile device interactions rely on users' ability to perform specific tasks such as transferring or comparing fingerprints of information between devices. The size of fingerprints depends on the level of technical security 1 required by a given application but, at the same time, is limited by users' inability to deal with large amounts of data with high levels of accuracy. Large fingerprints provide high technical security but potentially reduce usability of protocols which may result in users making mistakes that compromise security. This conflict between technical security and usability requires methods for transferring fingerprints between devices that maximise both to achieve acceptable effective security. In this paper, we propose two methods for transferring fingerprints between devices. We conducted a usability and security evaluation of the methods and our results show that, in contrast to previous proposals, our methods are both usable and resistant to security failures.

show abstract

Section: Usability Evaluation Of the Methodsmentioning

confidence: 99%

Section: Limitationsmentioning

confidence: 99%

Section: Limitationsmentioning

confidence: 99%

See 1 more Smart Citation

Secure and Usable Out-Of-Band Channels for Ad Hoc Mobile Device Interactions

Kainda

Fléchais

Roscoe

2010

Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices

Self Cite

View full text Add to dashboard Cite

show abstract

“…In any case we believe that the use of HISPs in payments should usually be backed up by secondary security as discussed later. 6 digits happens to be the number used in the experiments reported in [35]. 7 A user may simply keep pressing the OK button regardless of what displayed on the mobile phone.…”

Section: The Human Contributionmentioning

confidence: 99%

“…7 A user may simply keep pressing the OK button regardless of what displayed on the mobile phone. 8 [35] examines ways of performing this comparison and conclusively demonstrates that for security the best approach is for the customer to type the digits of the merchant's digest value into mobile phone, which then compares the two.…”

Section: The Human Contributionmentioning

confidence: 99%

Mobile Electronic Identity: Securing Payment on Mobile Phones

Chen¹,

Roscoe²

2011

Information Security Theory and Practice. Security and Privacy of Mobile Devices in Wireless Communication

Self Cite

View full text Add to dashboard Cite

Abstract. The pervasive use of mobile phones has created a dynamic computing platform that a large percentage of the population carries routinely. There is a growing trend of integrating mobile phones with electronic identity, giving the phone the ability to prove or support the identity of the owner by containing, for example, a tuple of name, ID, photo and public key. While this helps phone owners prove who they are, it does not prove to them that they are giving their identities to intended parties. This is important in its own right for reasons of privacy and avoiding cases of "identity theft", but all the more important when identity is being provided to support the transfer of value (e.g. in mobile payment) or information. In this paper we show how Human Interactive Security Protocols can support this type of authentication in cases where PKIs are inappropriate, misunderstood or too expensive, concentrating on the case of payment.

show abstract