The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.06 - June (2009 vol.8)
pp: 792-806
Rene Mayrhofer , University of Vienna, Vienna
Hans Gellersen , Lancaster University, Lancaster
ABSTRACT
A challenge in facilitating spontaneous mobile interactions is to provide pairing methods that are both intuitive and secure. Simultaneous shaking is proposed as a novel and easy-to-use mechanism for pairing of small mobile devices. The underlying principle is to use common movement as a secret that the involved devices share for mutual authentication. We present two concrete methods, ShaVe and ShaCK, in which sensing and analysis of shaking movement is combined with cryptographic protocols for secure authentication. ShaVe is based on initial key exchange followed by exchange and comparison of sensor data for verification of key authenticity. ShaCK, in contrast, is based on matching features extracted from the sensor data to construct a cryptographic key. The classification algorithms used in our approach are shown to robustly separate simultaneous shaking of two devices from other concurrent movement of a pair of devices, with a false negative rate of under 12 percent. A user study confirms that the method is intuitive and easy to use, as users can shake devices in an arbitrary pattern.
INDEX TERMS
Algorithm/protocol design and analysis, ubiquitous computing, mobile environments, authentication, human-centered computing, mobile applications.
CITATION
Rene Mayrhofer, Hans Gellersen, "Shake Well Before Use: Intuitive and Secure Pairing of Mobile Devices", IEEE Transactions on Mobile Computing, vol.8, no. 6, pp. 792-806, June 2009, doi:10.1109/TMC.2009.51
REFERENCES
[1] F. Stajano and R. Anderson, “The Resurrecting Duckling: Security Issues for Ad-Hoc Wireless Networks,” Proc. Seventh Int'l Workshop Security Protocols, pp.172-194, Apr. 1999.
[2] T. Kindberg and K. Zhang, “Validating and Securing Spontaneous Associations between Wireless Devices,” Proc. Information Security Conf. (ISC '03), pp.44-53, Oct. 2003.
[3] C. Gehrmann, C.J. Mitchell, and K. Nyberg, “Manual Authentication for Wireless Devices,” RSA Cryptobytes, vol. 7, no. 1, pp.29-37, 2004.
[4] F. Stajano, “Security for Whom?: The Shifting Security Assumptions of Pervasive Computing,” Proc. Int'l Symp. System Synthesis (ISSS '02), pp.16-27, Nov. 2002.
[5] R. Want, T. Pering, G. Danneels, M. Kumar, M. Sundar, and J. Light, “The Personal Server: Changing the Way We Think about Ubiquitous Computing,” Proc. Int'l Conf. Ubiquitous Computing (UbiComp '02), pp.194-209, Sept. 2002.
[6] Bluetooth SIG, “Bluetooth Special Interest Group,” Simple Pairing Whitepaper (Revision V10r00),” 2006.
[7] M. Čagalj, S. Čapkun, and J.-P. Hubaux, “Key Agreement in Peer-to-Peer Wireless Networks,” Proc. IEEE, special issue on cryptography and security, vol.94, pp.467-478, 2006.
[8] A. Perrig and D. Song, “Hash Visualization: A New Technique to Improve Real-World Security,” Proc. Cryptographic Techniques and Electronic Commerce (CrypTEC '99), pp.131-138, 1999.
[9] N. Saxena, J.-E. Ekberg, K. Kostiainen, and N. Asokan, “Secure Device Pairing Based on a Visual Channel,” Report 2006/050, Cryptology ePrint Archive, 2006.
[10] V. Roth, W. Polak, E. Rieffel, and T. Turner, “Simple and Effective Defense against Evil Twin Access Points,” Proc. ACM Conf. Wireless Network Security (WiSec '08), pp.220-235, Mar. 2008.
[11] M.T. Goodrich, M. Sirivianos, J. Solis, G. Tsudik, and E. Uzun, “Loud and Clear: Human Verifiable Authentication Based on Audio,” Proc. Int'l Conf. Distributed Computing Systems (ICDCS '06), p. 10, July 2006.
[12] C. Soriente, G. Tsudik, and E. Uzun, “BEDA: Button-Enabled Device Pairing,” Proc. Int'l Workshop Security for Spontaneous Interaction (IWSSI 2007), pp.443-449, Sept. 2007.
[13] S.N. Patel, J.S. Pierce, and G.D. Abowd, “A Gesture-Based Authentication Scheme for Untrusted Public Terminals,” Proc. ACM Symp. User Interface Software and Technology (UIST '04), pp.157-160, Oct. 2004.
[14] D. Balfanz, D.K. Smetters, P. Stewart, and H.C. Wong, “Talking to Strangers: Authentication in Ad-Hoc Wireless Networks,” Proc. Network and Distributed Systems Security Symp. (NDSS '02), Feb. 2002.
[15] D. Balfanz, G. Durfee, R.E. Grinter, D.K. Smetters, and P. Stewart, “Network-in-a-Box: How to Set up a Secure Wireless Network in under a Minute,” Proc. 13th USENIX Security Symp. pp.207-222, Aug. 2004.
[16] T. Kindberg and K. Zhang, “Secure Spontaneous Device Association,” Proc. Int'l Conf. Ubiquitous Computing (UbiComp '03), pp.124-131, Oct. 2003.
[17] R. Mayrhofer and M. Welch, “A Human-Verifiable Authentication Protocol Using Visible Laser Light,” Proc. Int'l Conf. Availability, Reliability and Security (ARES '07), pp.1143-1147, Apr. 2007.
[18] R. Mayrhofer, H. Gellersen, and M. Hazas, “Security by Spatial Reference: Using Relative Positioning to Authenticate Devices for Spontaneous Interaction,” Proc. Int'l Conf. Ubiquitous Computing (Ubicomp '07), pp.199-216, Sept. 2007.
[19] A. Varshavsky, A. Scannell, A. LaMarca, and E. de Lara, “Amigo: Proximity-Based Authentication of Mobile Devices,” Proc. Int'l Conf. Ubiquitous Computing (UbiComp '07), pp.253-270, Sept. 2007.
[20] J. Rekimoto, Y. Ayatsuka, and M. Kohno, “SyncTap: An Interaction Technique for Mobile Networking,” Proc. Int'l Conf. Mobile Human-Computer Interaction (MOBILE HCI '03), pp.104-115, Sept. 2003.
[21] J.M. McCune, A. Perrig, and M.K. Reiter, “Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication,” Proc. IEEE Symp. Security and Privacy, pp.110-124, 2005.
[22] L.E. Holmquist, F. Mattern, B. Schiele, P.A., M. Beigl, and H.-W. Gellersen, “Smart-Its Friends: A Technique for Users to Easily Establish Connections between Smart Artefacts,” Proc. Int'l Conf. Ubiquitous Computing (UbiComp '01), pp.116-122, Sept. 2001.
[23] K. Hinckley, “Synchronous Gestures for Multiple Persons and Computers,” Proc. ACM Symp. User Interface Software and Technology (UIST '03), pp.149-158. Nov. 2003.
[24] J. Lester, B. Hannaford, and G. Borriello, “Are You with Me?—Using Accelerometers to Determine If Two Devices Are Carried by the Same Person,” Proc. Pervasive Computing Int'l Conf. (PERVASIVE '04), pp.33-50, 2004.
[25] R. Marin-Perianu, M. Marin-Perianu, P. Havinga, and H. Scholten, “Movement-Based Group Awareness with Wireless Sensor Networks,” Proc. Pervasive Computing Int'l Conf. (PERVASIVE '07), pp.298-315, 2007.
[26] K. Fujinami and S. Pirttikangas, “A Study on a Correlation Coefficient to Associate an Object with Its User,” Proc. AAAI Spring Symp. Intelligent Environments (IE '07), pp.288-295, Sept. 2007.
[27] R. Mayrhofer and H. Gellersen, “Shake Well Before Use: Authentication Based on Accelerometer Data,” Proc. Pervasive Computing Int'l Conf. (PERVASIVE '07), pp.144-161, May 2007.
[28] D. Kirovski, M. Sinclair, and D. Wilson, “The Martini Synch,” Technical Report MSR-TR-2007-123, Microsoft Research, Sept. 2007.
[29] D. Bichler, G. Stromberg, M. Huemer, and M. Löw, “Key Generation Based on Acceleration Data of Shaking Processes,” Proc. Int'l Conf. Ubiquitous Computing (UbiComp '07), pp.304-317, 2007.
[30] C. Castelluccia and P. Mutaf, “Shake Them Up! A Movement-Based Pairing Protocol for CPU-Constrained Devices,” Proc. Int'l Conf. Mobile Systems, Applications, and Services (MobiSys '05), pp.51-64, June 2005.
[31] L. Batina, N. Mentens, and I. Verbauwhede, “Side Channel Issues for Designing Secure Hardware Implementations,” Proc. IEEE Online Testing Symp. (IOLTS '05), pp.118-121, 2005.
[32] T. Huynh and B. Schiele, “Analyzing Features for Activity Recognition,” Proc. Joint Conf. Smart Objects and Ambient Intelligence: Innovative Context-Aware Services: Usages and Technologies (Soc-EUSAI '05), pp.159-163, Oct. 2005.
[33] W. Diffie and M.E. Hellman, “New Directions in Cryptography,” IEEE Trans. Information Theory, vol. IT-22, no. 6, pp.644-654, 1976.
[34] R.L. Rivest and A. Shamir, “How to Expose an Eavesdropper,” Comm. ACM, vol. 27, no. 4, pp.393-394, 1984.
[35] R. Mayrhofer, “The Candidate Key Protocol for Generating Secret Shared Keys from Similar Sensor Data Streams,” Proc. European Workshop Security and Privacy in Ad Hoc and Sensor Networks (ESAS '07), pp.1-15, July 2007.
[36] S. Vaudenay, “Secure Communications Over Insecure Channels Based on Short Authenticated Strings,” Proc. Ann. Int'l Cryptology Conf. (CRYPTO '05). Aug. 2005.
[37] S. Laur and K. Nyberg, “Efficient Mutual Data Authentication Using Manually Authenticated Strings,” Proc. Int'l Conf. Cryptology and Network Security (CANS '06), pp.90-107, Dec. 2006.
26 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool