usability analysis of secure pairing methods
play

Usability Analysis of Secure Pairing Methods 12 , 3 , 23 Ersin - PowerPoint PPT Presentation

Aug 29, 2023 •215 likes •533 views

Usability Analysis of Secure Pairing Methods 12 , 3 , 23 Ersin Uzun Kristiina Karvonen N. Asokan 1 University Of California, Irvine 2 Nokia Research Center 3 Helsinki University of Technology Outline What is secure pairing and why is it

  1. Usability Analysis of Secure Pairing Methods 12 , 3 , 23 Ersin Uzun Kristiina Karvonen N. Asokan 1 University Of California, Irvine 2 Nokia Research Center 3 Helsinki University of Technology

  2. Outline � What is secure pairing and why is it hard to secure? � Current methods and ongoing efforts � Usability study of different human mediated pairing methods. � Conclusions and guidelines � Discussion points � Future work. (Uzun et al. USEC'07)

  3. Secure pairing of personal devices � Pairing : setting up the communication and security contexts for subsequent communication. E.g., � Pairing a Bluetooth phone and headset � Enrolling a Phone or PC in the home WLAN � More instances to come: Wireless USB, WiMedia � Problem : Secure pairing for personal devices � No prior context (no PKI, key servers etc.) � Ordinary non-expert users � Cost-sensitive commodity devices (Uzun et al. USEC'07)

  4. Current mechanisms are not intuitive SSID? WPA? Passcode! ... and not very secure! (Uzun et al. USEC'07)

  5. Naïve usability measures damage security (Uzun et al. USEC'07)

  6. Naïve security measures damage usability � Bluetooth pairing was designed with moderate security in mind � Car kits allow a car phone to retrieve and use session keys from a mobile phone smartcard � Car kit requires higher level of security users have to enter 16- � character passcodes More secure = Harder to use? (Uzun et al. USEC'07)

  7. Wanted: Secure, intuitive, inexpensive techniques for device pairing � Two (initial) problems to solve � Discovery: finding the other device � Authenticated key agreement : setting up keys for subsequent communication � Assumption: Peer devices are physically identifiable � Idea: Use a secure channel to transport security-critical information � Human user or auxiliary secure channel (Uzun et al. USEC'07)

  8. User-mediated mechanisms for key establishment Key establishment P1: OOB Key agreement credential transfer Asymmetric crypto Symmetric crypto only P2: Unauthenticated Authenticated P9: Unauthenticated P10: Authenticated Authentication by P8: Hybrid Authentication by integrity checking One-way OOB (short) shared secret P3: OOB exchange (Short) integrity of key commitments checksum P4: User-assisted P5: OOB transfer P6: User-assisted P7: OOB transfer Suomalainen, Valkonen, Asokan [NRC-TR-2007-004] (Uzun et al. USEC'07)

  9. Current Standardization Activities � WiFi � WiFi Protected Setup (P1, P2, P3, P6, P8), Jan 2007 Announcement: http://www.wi-fi.org/news/pressrelease-081606- � WiFiProtectedSetup/ � Windows Connect Now (P1, P6) Specifications: http://download.microsoft.com/download/a/f/7/af7777e5- � 7dcd-4800-8a0a-b18336565f5b/WCN-Netspec.doc similar to WiFi Protected Setup � � Bluetooth Secure Simple Pairing, Feb 2007 White paper: http://bluetooth.com/NR/rdonlyres/0A0B3F36-D15F-4470- � 85A6-F2CCFA26F70F/0/SimplePairing_WP_V10r00.pdf � Wireless USB Association Models Supplement, 2006 http://www.usb.org/developers/wusb/wusb_2006_0302.zip (P1, P4) � � Others are in the works (Uzun et al. USEC'07)

  10. “User as the secure channel” cases only � Using a short secret Passkey (P6) � Comparing short non-secret check codes (P4) � Using a short key/code should not hamper long term security � Standard security against offline attacks � Good enough security against man-in-the-middle (Uzun et al. USEC'07)

  11. Authentication using secret short passkeys Executed once P P Choose long random R A Choose long random R B key agreement: exchange PK A , PK B h A ← h(A, PK A |PK’ B , Pi, R A ) h B ← h(B, PK’ A |PK B , Pi, R B ) h A A B h B R A h’ A ≟ h(A, PK’ A |PK B , Pi, R’ A ) R B h’ B ≟ h(B, PK A |PK’ B , Pi, R’ B ) One-time passkey P is split into i parts ( i > 1): next 4-round exchange repeated i times h() is a hiding commitment; in practice SHA-256 Up to 2 -(k-1) (unconditional) security against man-in-the-middle (k is the length of P ) Generalized version of MANAIII by Gehrmann, Nyberg, Mitchell [RSA Cryptobytes 2004] (Uzun et al. USEC'07)

  12. Authentication using non-secret short check codes key agreement: exchange PK A , PK B Choose long random R A Choose long random R B h A ← h(A, R A ) h A R B h’ A ≟ h(A, R’ A ) R A A B Abort on mismatch v B ← H(A, B,PK’ A |PK B , R’ A , R B ) v A ← H(A, B,PK A |PK’ B , R A , R’ B ) v A v B ok/not ok ok/not ok User approves acceptance if v A and v B match h() is a hiding commitment; in practice SHA-256 H () is a mixing function; in practice SHA-256 output truncated to 4 digits MANA IV by Laur, Asokan, Nyberg [IACR ePrint 2005] Laur, Nyberg [CANS 2006] (Uzun et al. USEC'07)

  13. We conducted usability tests � Objectives: Study pairing proposals in emerging standards and � identify possible user-interaction methods � evaluate the methods by comparing them and � find implementation strategies that maximize their usability and security (Uzun et al. USEC'07)

  14. Who Tested the protocols (1/2) � Two groups of forty people with the following main demographics. Sex Distribution Highest Grade Completed Age High 40+ 35-39 School 18-24 3% Doctorate Bachelor 30-34 Female 10% 30% 40% Male 60% Masters 57% 25-29 Highest Grade Completed Sex Distribution Age 40+ N/A 18-24 Other Female High School 5% 35-39 8% 24% 30% Doctorate 15% 30-34 Male Bachelor 70% Masters 23% 25% 25-29 (Uzun et al. USEC'07)

  15. Who Tested the protocols (2/2) � Background of the test participants � On average, spending 7 hr/day in front of a computer. � All are mobile phone or PDA users. � 60% have a mobile device with Bluetooth, WI-FI, Infra- red capability. � 35% use Bluetooth, infrared or WI-FI regularly � Half of who doesn’t have Bluetooth or WI-FI in their device are planning to buy a new one in 6 months. � Well educated and technology-aware user group! (Uzun et al. USEC'07)

  16. Tested user interaction methods � Each pairing method admits different user interaction methods � Comparing short non-secret check codes � Compare-and-Confirm � Select-and-Confirm � Copy-and-Confirm � Using a short secret Passkey � Copy � Choose-and-Enter (Uzun et al. USEC'07)

  17. Choose-and-Enter (1/2) User chooses number as passkey and types it into the both devices. (Like � in current Bluetooth pairing in many phones) Method: Specifically asked for a hard to guess 4-digit passkey � Short secret passkey (Uzun et al. USEC'07)

  18. Choose-and-Enter (2/2) � Results � Participants considered it professional, and they liked it. � 15% percent explicitly complained about the hardness of coming up with a random number. � Took about 32 seconds on average. Longest among tested. � 42.5% used very predictable repeating or in-sequence numbers. More severely, they all admitted reading the warning! � Provided Worst security among the tested. � This method is clearly out of picture for achieving usable security. Short secret passkey (Uzun et al. USEC'07)

  19. Copy-and-Confirm (1/2) One device shows a number and asks user to type it into the second � device. User confirms on the first device after seeing success on the second. Method: first device shows a 4-digit number and a yes/no confirmation question � Short non-secret checksum (Uzun et al. USEC'07)

  20. Copy-and-Confirm (2/2) � Results � Users didn’t like two phase structure (copying first and confirming next) � Took around 27 seconds. � 10% didn’t wait for success indication before confirming on the first device. � Better to use Copy without confirmation phase although Copy requires the passkey to be kept secret. Short non-secret checksum (Uzun et al. USEC'07)

  21. Select & Confirm (1/2) � One device shows a number and the other device shows a set of numbers. User selects the matching value and confirms on the first device after seeing success indication. � Method 1: 4-Digit number, 4 item selection list � Results 7.5% error on choosing the correct value. � 12.5% confirmation without seeing the success indication. � Short non-secret checksum (Uzun et al. USEC'07)

  22. Select & Confirm (2/2) Method 2: 6-digit number, 4 item selection list, improved UI. � Results � Despite GUI improvements, still 5% didn’t wait for the success indication. � 2.5% error on choosing the correct value. � Users find it fun to use but two-phase interaction is still confusing for some users � Short non-secret checksum (Uzun et al. USEC'07)

  23. Compare-and-Confirm (1/2) Each device shows a number and asks user to compare shown values. � Method 1: 4-digit numbers; straight-forward implementation of YES/NO � question. Results � Takes around 15 seconds. � 85% found it easiest but only 10% found it professional! � 20% pressed “yes” on non-matching values without reading instructions! � Short non-secret checksum (Uzun et al. USEC'07)

  24. Compare-and-Confirm (2/2) Method 2 � 6-digits � Different question, uncommon answers (same/different). � Putting the negative answer as default key action. � Results � Takes around 17 seconds � 100% security achieved, nobody said “same” on non-matching values. � 2.5% erroneously cancelled the connection (still on the safe side!) � Short non-secret checksum (Uzun et al. USEC'07)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Usability and Security of Out-Of-Band Channels in Secure Device Pairing Protocols Ronald Kainda,

Usability and Security of Out-Of-Band Channels in Secure Device Pairing Protocols Ronald Kainda,

Outline Introduction HISPs Proposed OOB Methods Experimental Design Results Analysis and Discussion Conclusion Usability and Security of Out-Of-Band Channels in Secure Device Pairing Protocols Ronald Kainda, Ivan Flechais, and A.W.

670 views • 41 slides
Secure Device Pairing What is device pairing? What is

Secure Device Pairing What is device pairing? What is

Secure Device Pairing What is device pairing? What is device pairing? What is the problem? The wireless communica8on channel is rela8vely easy to

298 views • 9 slides
T2Pair: Secure and Usable Pairing for Heterogeneous IoT Devices Xiaopeng Li, Qiang Zeng , Lannan

T2Pair: Secure and Usable Pairing for Heterogeneous IoT Devices Xiaopeng Li, Qiang Zeng , Lannan

T2Pair: Secure and Usable Pairing for Heterogeneous IoT Devices Xiaopeng Li, Qiang Zeng , Lannan Luo, Tongbo Luo CCS 2020 IoT Pairing Pairing is supposed to establish a secure communication channel IoT pairing is important for adding

345 views • 21 slides
Secure Pairing Getting from nothing to something Johannes Gilger

Secure Pairing Getting from nothing to something Johannes Gilger

Secure Pairing Getting from nothing to something Johannes Gilger <Gilger@UMIC.RWTH-Aachen.de> RWTH Aachen University Smart Object Security Workshop, 23 March 2012 Introduction Definition / Terminology Secure Pairing:

711 views • 4 slides
Pairing Pairing is the process by which we condition ourselves, the teaching materials, and

Pairing Pairing is the process by which we condition ourselves, the teaching materials, and

Pairing & Manding Vincent J. Carbone Ed.D., BCBA-D NYS Licensed Behavior Analyst Carbone Clinic New York Boston Dubai www.CarboneClinic.com www.TheCarboneclinic.ae IESCUM Parma, Italy December 1,2 & 3, 2016 1 Pairing

622 views • 35 slides
Usability Engineering Secure Software Last Revised: October 28, 2020 SWEN-331: Engineering

Usability Engineering Secure Software Last Revised: October 28, 2020 SWEN-331: Engineering

Usability Engineering Secure Software Last Revised: October 28, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Quote: Taher El-Gamal, Inventor of SSL Security professionals always struggle with the general public because

753 views • 30 slides
DESIGN & ANALYSIS METHODS DESIGN & ANALYSIS METHODS FOR DESIGN & ANALYSIS METHODS

DESIGN & ANALYSIS METHODS DESIGN & ANALYSIS METHODS FOR DESIGN & ANALYSIS METHODS

SNAME Philadelphia Section Meeting May 2013 y USA (originally presented at MTU Naval Symposium, September 2011, GERMANY) DESIGN & ANALYSIS METHODS DESIGN & ANALYSIS METHODS FOR DESIGN & ANALYSIS METHODS DESIGN & ANALYSIS

1.11k views • 80 slides
AdHocPairing Spontaneous audio based secure device pairing for Android mobile devices Stephan

AdHocPairing Spontaneous audio based secure device pairing for Android mobile devices Stephan

Information Systems Architecture Science Research Division AdHocPairing Spontaneous audio based secure device pairing for Android mobile devices Stephan Sigg, Ngu Nguyen, An Huynh and Yusheng Ji iwssi 2012, 18.06.2012, Newcastle Motivation

349 views • 12 slides
Security and Usability: Analysis and Evaluation Ronald Kainda, Ivan Flechais, and A.W. Roscoe

Security and Usability: Analysis and Evaluation Ronald Kainda, Ivan Flechais, and A.W. Roscoe

Introduction Security-usability threat model Security and usability evaluation Summary Security and Usability: Analysis and Evaluation Ronald Kainda, Ivan Flechais, and A.W. Roscoe Oxford University Computing Laboratory Availability,

829 views • 23 slides
Beyond the Pile of Knobs: Usability and Design for Privacy, Security, Safety & Consent

Beyond the Pile of Knobs: Usability and Design for Privacy, Security, Safety & Consent

Beyond the Pile of Knobs: Usability and Design for Privacy, Security, Safety & Consent Georgia Bullen // @georgiamoon Executive Director Simply Secure FOSDEM // 2 February 2020 Everyone deserves technology they can trust. Simply Secure

437 views • 28 slides
Rigorous Evaluation Analysis and Reporting Structure is from A Practical Guide to Usability

Rigorous Evaluation Analysis and Reporting Structure is from A Practical Guide to Usability

Rigorous Evaluation Analysis and Reporting Structure is from A Practical Guide to Usability Testing by J. Dumas, J. Redish Results from Usability Tests Quantitative data: Performance data - times, error rates, etc. Subjective

392 views • 26 slides
Human-Computer Interaction Termin 8: Statistical analysis Model-based usability evaluation 1

Human-Computer Interaction Termin 8: Statistical analysis Model-based usability evaluation 1

Human-Computer Interaction Termin 8: Statistical analysis Model-based usability evaluation 1 MMI/SS06 Evaluation W hy ? Need Usability and Efficiency What ? Usability c riteri a W here ? F i eld stud y or lab experiment W ho ?

683 views • 32 slides
Secure and Usable Out-Of-Band Channels for Ad hoc Mobile Device Interactions Ronald Kainda, Ivan

Secure and Usable Out-Of-Band Channels for Ad hoc Mobile Device Interactions Ronald Kainda, Ivan

Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Secure and Usable Out-Of-Band Channels for Ad hoc Mobile Device Interactions Ronald Kainda, Ivan Flechais, A.W. Roscoe Workshop in

650 views • 18 slides
How MPC Enables Secure Public Cloud Usability Avi Rose, vHSM Business Development - Europe

How MPC Enables Secure Public Cloud Usability Avi Rose, vHSM Business Development - Europe

How MPC Enables Secure Public Cloud Usability Avi Rose, vHSM Business Development - Europe November 2018 The Perimeter is Dead 2 Keys: The Foundation of the Foundation The foundation of any security model is the crypto layer. *

571 views • 19 slides
Part 5 Usability and Security Cognitive Errors, Usability vs. Security, Groupware Antonio Cerone

Part 5 Usability and Security Cognitive Errors, Usability vs. Security, Groupware Antonio Cerone

Phd course on Formal modelling and analysis of interactive systems Part 5 Usability and Security Cognitive Errors, Usability vs. Security, Groupware Antonio Cerone United Nations University International Institute for Software Technology

1.76k views • 109 slides
Pairing-Based Cryptography & Generic Groups Lecture 21 Bilinear Pairing Bilinear Pairing

Pairing-Based Cryptography & Generic Groups Lecture 21 Bilinear Pairing Bilinear Pairing

Pairing-Based Cryptography & Generic Groups Lecture 21 Bilinear Pairing Bilinear Pairing Two (or three) groups with an efficient pairing operation, e: G x G G T that is bilinear Bilinear Pairing Two (or three) groups with an

1.67k views • 118 slides
Lab 2: Connecting and Sending Data Marco Zennaro and Antoine Bagula ICTP and UWC Italy and

Lab 2: Connecting and Sending Data Marco Zennaro and Antoine Bagula ICTP and UWC Italy and

Lab 2: Connecting and Sending Data Marco Zennaro and Antoine Bagula ICTP and UWC Italy and South Africa Goals of this Lab Learn how to connect to the Internet via WiFi Excercises about: scanning available WiFi networks

277 views • 24 slides
Security of Wireless Protocols Mati Vait December 15, 2010 1 / 21 Security of Wireless

Security of Wireless Protocols Mati Vait December 15, 2010 1 / 21 Security of Wireless

Security of Wireless Protocols Mati Vait December 15, 2010 1 / 21 Security of Wireless Protocols Contents WPA and WPA2? Common parts in WPA & WPA2 WPA Encryption and Decryption WPA2 Encryption and Decryption Attacks on WPA Attacks on

235 views • 21 slides
Modern Configuration API for Wireless Networking John W. Linville Linux Plumbers Conference

Modern Configuration API for Wireless Networking John W. Linville Linux Plumbers Conference

Introduction Configuration Participation Conclusion Modern Configuration API for Wireless Networking John W. Linville Linux Plumbers Conference 23 September 2009 John W. Linville cfg80211 Introduction Configuration Who am I?

163 views • 12 slides
Final Exam Review CS461/ECE422 Fall 2009 Exam guidelines A single page of supplementary notes

Final Exam Review CS461/ECE422 Fall 2009 Exam guidelines A single page of supplementary notes

Final Exam Review CS461/ECE422 Fall 2009 Exam guidelines A single page of supplementary notes is allowed Closed book No calculator Students should show work on the exam. They can use supplementary sheets of paper if they run out

505 views • 13 slides
New concepts emerging from a linear response theory for nonequilibrium Marco Baiesi Physics

New concepts emerging from a linear response theory for nonequilibrium Marco Baiesi Physics

New concepts emerging from a linear response theory for nonequilibrium Marco Baiesi Physics and Astronomy Department Galileo Galilei, University of Padova, and INFN in co lm aboration with Christian Maes, Urna Basu,

654 views • 28 slides
Inelastic neutron scattering cross- section measurements on 7 Li and 63,65 Cu Markus Nyman

Inelastic neutron scattering cross- section measurements on 7 Li and 63,65 Cu Markus Nyman

Inelastic neutron scattering cross- section measurements on 7 Li and 63,65 Cu Markus Nyman ICTP2017, Trieste, October 2-13, 2017 Joint Research Centre the European Commission's in-house science service The GELINA facility G eel E lectron

409 views • 11 slides
Thinking beyond Entropy Christian Maes Instituut voor Theoretische Fysica, KU Leuven - Belgium

Thinking beyond Entropy Christian Maes Instituut voor Theoretische Fysica, KU Leuven - Belgium

Thinking beyond Entropy Christian Maes Instituut voor Theoretische Fysica, KU Leuven - Belgium YIPQS Symposium - Kyoto, February 6, 2012 1 There are many entropies : Clausius, Boltzmann, Gibbs, Shannon, von Neumann, R enyi,...,

1.01k views • 63 slides
Nonequilibrium variational principles Nonequilibrium variational principles from dynamical

Nonequilibrium variational principles Nonequilibrium variational principles from dynamical

Nonequilibrium variational principles Nonequilibrium variational principles from dynamical fluctuations from dynamical fluctuations Karel Neto n Institute of Physics AS CR MRC, Warwick University, 18 May 2010 To be discussed Min- and

498 views • 39 slides

More recommend