secure and usable out of band channels for ad hoc mobile
play

Secure and Usable Out-Of-Band Channels for Ad hoc Mobile Device - PowerPoint PPT Presentation

Sep 04, 2022 •457 likes •650 views

Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Secure and Usable Out-Of-Band Channels for Ad hoc Mobile Device Interactions Ronald Kainda, Ivan Flechais, A.W. Roscoe Workshop in

  1. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Secure and Usable Out-Of-Band Channels for Ad hoc Mobile Device Interactions Ronald Kainda, Ivan Flechais, A.W. Roscoe Workshop in Information Security Theory and Practices (WISTP) University of Passau, Germany 14 April, 2010 Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  2. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Outline Introduction 1 HISP 2 OOB Channels 3 Problem definition 4 Proposed methods 5 Security and usability study 6 Conclusion 7 Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  3. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Ad hoc mobile device interactions Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  4. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Human-Interactive Security Protocols (HISP) OOB N Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  5. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Human-Interactive Security Protocols (HISP) → N ∀ A ′ : A , INFO A , longhash ( A , k A ) 1 ∀ A − → N ∀ A ′ : k A 2 ∀ A − → OOB ∀ A ′ :users compare Digest(k*,INFOs) 3 ∀ A − A s for A ∈ G 1 where k* is the XOR of all the k ′ Security is 2 b Increasing b cost usability 1 Roscoe et al. 2007 Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  6. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Existing OOB methods Manual comparison compare Devices generate fingerprints Fingerprints displayed in appropriate format Users compare fingerprints and indicate on the device a match or lack of it Devices require display and some form of input method Security failures Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  7. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Existing OOB methods Manual copying and entering Bluetooth One device displays a fingerprint User copies and types the fingerprint into one or more devices Requires display and keypad Efficiency of entry depends on affordances of devices involved Scalability, usability Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  8. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Existing OOB methods Auxiliary devices 2D–Barcode Rely on secondary devices to transfer/compare information Proposed devices include camera phone external storage devices data cable etc May require users to carry extra hardware Uniform interfaces, usability Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  9. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Existing OOB Methods Timing methods 2D–Barcode Rely on specialised hardware Proposed devices include Shaking devices Pressing buttons Scalability, usability Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  10. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Existing OOB methods Short range directed channels 2D–Barcode Rely on wireless transmission technologies Proposed methods include Infra-red Light May require specialised hardware Security, scalability Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  11. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Problems with current OOB Channels 2D– Context specific Barcode Requirement for specialised hardware Security and usability Security Usability Scalability Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  12. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Proposed OOB — Word-matching and number-typing whatever Locally stored dictionary proposed two 1024 word dictionaries Phonetically distant less than 40kb file Display and button Scalable, usable, secure Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  13. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Proposed OOB — Word-matching and number-typing Potential problems Prediction failures Word collisions Similar sounding words Scalable, usable, secure Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  14. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Proposed OOB — Repeated numeric comparison Similar to manual comparison Not subject to security failures Display and button Correct response is 2 n Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  15. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Summary of usability study results No statistical significance between the two methods in completion times (12.7 and 13.4s mean) (t(55) = .53, p = .598) Ease-of-use: 93% for WMNT, 89% RC Preferences: 57% WMNT, 25%RC Ratings: no statistical significance (Z = -0.275 and p(2-tailed) = .78) 13.4s for RC compared to 16.4s reported by Uzun et al. for compare and confirm 12.7s for WMNT compared to 13s reported by Uzun et al. for copy and enter Both methods ranked higher than compare and confirm and copy and enter Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  16. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Applications of proposed methods Close/distant devices Input/output constrained devices Group scenarios Larger fingerprints Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  17. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Conclusion Security and usability should both be embedded in OOB channels OOB methods are either secure or usable. Neither are they scalable word-matching and number-typing and repeated numeric comparison achieve all three Aplicable to a range of scenarios that other methods may not Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  18. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion THANK YOU Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Secure Mobile Ad-hoc Interactions: Reasoning About Out-Of-Band (OOB) Channels Ronald Kainda, Ivan

Secure Mobile Ad-hoc Interactions: Reasoning About Out-Of-Band (OOB) Channels Ronald Kainda, Ivan

Introduction Framework Application Conclusion Secure Mobile Ad-hoc Interactions: Reasoning About Out-Of-Band (OOB) Channels Ronald Kainda, Ivan Flechais, A.W. Roscoe International Workshop on Security and Privacy in Spontaneous Interaction

539 views • 17 slides
Usability and Security of Out-Of-Band Channels in Secure Device Pairing Protocols Ronald Kainda,

Usability and Security of Out-Of-Band Channels in Secure Device Pairing Protocols Ronald Kainda,

Outline Introduction HISPs Proposed OOB Methods Experimental Design Results Analysis and Discussion Conclusion Usability and Security of Out-Of-Band Channels in Secure Device Pairing Protocols Ronald Kainda, Ivan Flechais, and A.W.

670 views • 41 slides
3 Short review Lecture no: NARROW-BAND CHANNELS WIDE-BAND CHANNELS Radio signals and

3 Short review Lecture no: NARROW-BAND CHANNELS WIDE-BAND CHANNELS Radio signals and

RADIO SYSTEMS ETI 051 Contents 3 Short review Lecture no: NARROW-BAND CHANNELS WIDE-BAND CHANNELS Radio signals and complex Delay (time) dispersion notation Narrow- versus wide-band Large-scale fading channels

558 views • 12 slides
GLOBAL SYSTEM FOR MOBILE COMMUNICATION ARFCNS, CHANNELS ECE 2526 Monday, February 10, 2020 1

GLOBAL SYSTEM FOR MOBILE COMMUNICATION ARFCNS, CHANNELS ECE 2526 Monday, February 10, 2020 1

GLOBAL SYSTEM FOR MOBILE COMMUNICATION ARFCNS, CHANNELS ECE 2526 Monday, February 10, 2020 1 GLOBAL GSM FREQUENCY USAGE 2 EXAMPLE: GSM FREQUENCY ALLOCATION Generally, countries with large land mass would prefer to use dual-band

1.05k views • 25 slides
Payment Channels Designing Secure Watchtowers Zeta Avarikioti ETH Zurich Distributed

Payment Channels Designing Secure Watchtowers Zeta Avarikioti ETH Zurich Distributed

Payment Channels Designing Secure Watchtowers Zeta Avarikioti ETH Zurich Distributed Computing www.disco.ethz.ch Can cryptocurrencies scale? 7 tx/s 20 tx/s 65.000 tx/s Payment Channels Payment Channels Payment Channels Funding

482 views • 37 slides
Secure Mobile Mobile Gambling Gambling Secure RSA Conference 2001 San Francisco,

Secure Mobile Mobile Gambling Gambling Secure RSA Conference 2001 San Francisco,

Secure Mobile Mobile Gambling Gambling Secure RSA Conference 2001 San Francisco, California, April 2001 Markus Jakobsson David Pointcheval David Pointcheval Adam Young Dept dInformatique Lockheed Martin Bell Laboratories Lucent

429 views • 7 slides
T2Pair: Secure and Usable Pairing for Heterogeneous IoT Devices Xiaopeng Li, Qiang Zeng , Lannan

T2Pair: Secure and Usable Pairing for Heterogeneous IoT Devices Xiaopeng Li, Qiang Zeng , Lannan

T2Pair: Secure and Usable Pairing for Heterogeneous IoT Devices Xiaopeng Li, Qiang Zeng , Lannan Luo, Tongbo Luo CCS 2020 IoT Pairing Pairing is supposed to establish a secure communication channel IoT pairing is important for adding

345 views • 21 slides
Building Secure Channels Kenny Paterson Information Security Group

Building Secure Channels Kenny Paterson Information Security Group

Building Secure Channels Kenny Paterson Information Security Group Overview Why do we need secure channels? What properties should they have?

480 views • 31 slides
Secure Scalable CCT Secure Scalable CCTV, Mobile, and W Mobile, and Wearable earable Video F

Secure Scalable CCT Secure Scalable CCTV, Mobile, and W Mobile, and Wearable earable Video F

WSB-2017 17 J January 2 2017 17 Secure Scalable CCT Secure Scalable CCTV, Mobile, and W Mobile, and Wearable earable Video F Video Face R ce Recognition cognition Brian Lo Brian Lovell ll The Univer The Univ ersity of Queensland

784 views • 62 slides
GSM CHANNELS ECE 2526-MOBILE COMMUNICATIONS Tuesday, 19 February 2020 LINKS BETWEEN BTS, BSC

GSM CHANNELS ECE 2526-MOBILE COMMUNICATIONS Tuesday, 19 February 2020 LINKS BETWEEN BTS, BSC

GSM CHANNELS ECE 2526-MOBILE COMMUNICATIONS Tuesday, 19 February 2020 LINKS BETWEEN BTS, BSC & MSC Sector 1 Sector 2 E1 at 2048 Kbps Sector 3 GSM PHYSICAL CHANNELS Physical channels in GSM are as a result of Frequency Division

383 views • 21 slides
Data Security: The art of providing secure communication over insecure channels. Not a problem

Data Security: The art of providing secure communication over insecure channels. Not a problem

Data Security: The art of providing secure communication over insecure channels. Not a problem that suddenly arose when computers were invented - its as old as mankind. Data Security falls naturally into two cathegories: * Confidentiality

542 views • 16 slides
From Intent to Action: Nudging Users Towards Secure Mobile Payments Peter Story , Daniel Smullen,

From Intent to Action: Nudging Users Towards Secure Mobile Payments Peter Story , Daniel Smullen,

From Intent to Action: Nudging Users Towards Secure Mobile Payments Peter Story , Daniel Smullen, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, Florian Schaub 1 Experts Advice Users Behavior Low adoption of secure mobile

632 views • 19 slides
Making the invisible visible Method Results A theory of security culture for secure and usable

Making the invisible visible Method Results A theory of security culture for secure and usable

Making the invisible visible S. Faily, I. Flchais Introduction Making the invisible visible Method Results A theory of security culture for secure and usable grids Cases What is Security Culture? Guidelines Future work S. Faily I.

692 views • 17 slides
Introduction to Computer Security Session 1.5 Usable Security and Secure Messaging Prof. Nadim

Introduction to Computer Security Session 1.5 Usable Security and Secure Messaging Prof. Nadim

CSCI-UA.9480 Introduction to Computer Security Session 1.5 Usable Security and Secure Messaging Prof. Nadim Kobeissi 1.5a Usable Security: Then and Now 2 CSCI-UA.9480: Introduction to Computer Security Nadim Kobeissi Humans are

1.24k views • 67 slides
Radio/microwave band The electromagnetic spectrum Infra red band Optical band UV band X-ray

Radio/microwave band The electromagnetic spectrum Infra red band Optical band UV band X-ray

The he mul ulti ti-wavele elength ngth mul ulti ti-tempor temporal al sk sky Radio/microwave band The electromagnetic spectrum Infra red band Optical band UV band X-ray band -ray band TeV band Radio/microwave band Infra red

692 views • 42 slides
3 Lecture no: Narrow- and wideband channels Ove Edfors, Department of Electrical and

3 Lecture no: Narrow- and wideband channels Ove Edfors, Department of Electrical and

RADIO SYSTEMS ETIN15 3 Lecture no: Narrow- and wideband channels Ove Edfors, Department of Electrical and Information technology Ove.Edfors@eit.lth.se 2012-03-19 Ove Edfors - ETIN15 1 Contents Short review NARROW-BAND CHANNELS

801 views • 49 slides
CDW CORPORATION Second Quarter 2014 Webcast Conference Call July 31, 2014 www.cdw.com |

CDW CORPORATION Second Quarter 2014 Webcast Conference Call July 31, 2014 www.cdw.com |

CDW CORPORATION Second Quarter 2014 Webcast Conference Call July 31, 2014 www.cdw.com | investor.cdw.com AGENDA 2nd Quarter Results Key Performance Drivers Financial Results Outlook Questions and Answers 2 2 This

465 views • 18 slides
Python Channel Access Bindings Review of a conversation on EPICS tech-talk 4 different

Python Channel Access Bindings Review of a conversation on EPICS tech-talk 4 different

Python Channel Access Bindings Review of a conversation on EPICS tech-talk 4 different interfaces CaPython (FNAL) http://www-d0online.fnal.gov/www/groups/ctl/epics/epics_python.html A faithful reproduction of the low level channel access API.

466 views • 8 slides
Lecture 3.3 CUDA Parallelism Model Color-to-Grayscale Image Processing Example Objective

Lecture 3.3 CUDA Parallelism Model Color-to-Grayscale Image Processing Example Objective

GPU Teaching Kit GPU Teaching Kit Accelerated Computing Lecture 3.3 CUDA Parallelism Model Color-to-Grayscale Image Processing Example Objective To gain deeper understanding of multi-dimensional grid kernel configurations through a

1.18k views • 9 slides
Week 1: Intro, Marks and Channels 6 weeks, Sep 15 - Oct 20 Instructor: Tamara Munzner

Week 1: Intro, Marks and Channels 6 weeks, Sep 15 - Oct 20 Instructor: Tamara Munzner

Whos who Class time Structure Week 1: Intro, Marks and Channels 6 weeks, Sep 15 - Oct 20 Instructor: Tamara Munzner participation 1 3-hr session per week UBC Computer Science attendance and discussion in class,

369 views • 3 slides
Chapter: 16 p 16 LTE Time-Frequency structure Downlink L1/L2 control signaling/processing

Chapter: 16 p 16 LTE Time-Frequency structure Downlink L1/L2 control signaling/processing

3G Evolution Outline Chapter: 16 p 16 LTE Time-Frequency structure Downlink L1/L2 control signaling/processing Donwlink Transmission Donwlink Transmission Downlink transport channel processing Scheme Multi-Antenna

600 views • 12 slides
.NET Remoting Module Subtitle Building distributed applications and implementing

.NET Remoting Module Subtitle Building distributed applications and implementing

.NET Remoting Module Subtitle Building distributed applications and implementing attribute-driven behaviors with Microsoft .NET Contents Section 1: Overview Section 2: Remoting Architecture Section 3: Context and Interception

399 views • 38 slides
Bringing Your Content to the User, not the User to Your Content A lightweight approach towards

Bringing Your Content to the User, not the User to Your Content A lightweight approach towards

Bringing Your Content to the User, not the User to Your Content A lightweight approach towards integrating external content via the EEXCESS framework Martin Hffernig, Werner Bailer JOANNEUM RESEARCH SWIB 2015, Hamburg, 2015-11-23 Outline

1.45k views • 97 slides
Introduction to Constrained Estimation Graham C. Goodwin September 2004 Centre for Complex

Introduction to Constrained Estimation Graham C. Goodwin September 2004 Centre for Complex

Introduction to Constrained Estimation Graham C. Goodwin September 2004 Centre for Complex Dynamic Systems and Control 2.1 Background Constraints are also often present in estimation problems. A classical example of a constrained estimation

778 views • 30 slides

More recommend