secure and usable out of band channels for ad hoc mobile
play

Secure and Usable Out-Of-Band Channels for Ad hoc Mobile Device - PowerPoint PPT Presentation

Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Secure and Usable Out-Of-Band Channels for Ad hoc Mobile Device Interactions Ronald Kainda, Ivan Flechais, A.W. Roscoe Workshop in


  1. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Secure and Usable Out-Of-Band Channels for Ad hoc Mobile Device Interactions Ronald Kainda, Ivan Flechais, A.W. Roscoe Workshop in Information Security Theory and Practices (WISTP) University of Passau, Germany 14 April, 2010 Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  2. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Outline Introduction 1 HISP 2 OOB Channels 3 Problem definition 4 Proposed methods 5 Security and usability study 6 Conclusion 7 Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  3. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Ad hoc mobile device interactions Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  4. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Human-Interactive Security Protocols (HISP) OOB N Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  5. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Human-Interactive Security Protocols (HISP) → N ∀ A ′ : A , INFO A , longhash ( A , k A ) 1 ∀ A − → N ∀ A ′ : k A 2 ∀ A − → OOB ∀ A ′ :users compare Digest(k*,INFOs) 3 ∀ A − A s for A ∈ G 1 where k* is the XOR of all the k ′ Security is 2 b Increasing b cost usability 1 Roscoe et al. 2007 Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  6. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Existing OOB methods Manual comparison compare Devices generate fingerprints Fingerprints displayed in appropriate format Users compare fingerprints and indicate on the device a match or lack of it Devices require display and some form of input method Security failures Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  7. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Existing OOB methods Manual copying and entering Bluetooth One device displays a fingerprint User copies and types the fingerprint into one or more devices Requires display and keypad Efficiency of entry depends on affordances of devices involved Scalability, usability Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  8. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Existing OOB methods Auxiliary devices 2D–Barcode Rely on secondary devices to transfer/compare information Proposed devices include camera phone external storage devices data cable etc May require users to carry extra hardware Uniform interfaces, usability Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  9. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Existing OOB Methods Timing methods 2D–Barcode Rely on specialised hardware Proposed devices include Shaking devices Pressing buttons Scalability, usability Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  10. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Existing OOB methods Short range directed channels 2D–Barcode Rely on wireless transmission technologies Proposed methods include Infra-red Light May require specialised hardware Security, scalability Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  11. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Problems with current OOB Channels 2D– Context specific Barcode Requirement for specialised hardware Security and usability Security Usability Scalability Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  12. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Proposed OOB — Word-matching and number-typing whatever Locally stored dictionary proposed two 1024 word dictionaries Phonetically distant less than 40kb file Display and button Scalable, usable, secure Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  13. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Proposed OOB — Word-matching and number-typing Potential problems Prediction failures Word collisions Similar sounding words Scalable, usable, secure Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  14. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Proposed OOB — Repeated numeric comparison Similar to manual comparison Not subject to security failures Display and button Correct response is 2 n Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  15. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Summary of usability study results No statistical significance between the two methods in completion times (12.7 and 13.4s mean) (t(55) = .53, p = .598) Ease-of-use: 93% for WMNT, 89% RC Preferences: 57% WMNT, 25%RC Ratings: no statistical significance (Z = -0.275 and p(2-tailed) = .78) 13.4s for RC compared to 16.4s reported by Uzun et al. for compare and confirm 12.7s for WMNT compared to 13s reported by Uzun et al. for copy and enter Both methods ranked higher than compare and confirm and copy and enter Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  16. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Applications of proposed methods Close/distant devices Input/output constrained devices Group scenarios Larger fingerprints Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  17. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Conclusion Security and usability should both be embedded in OOB channels OOB methods are either secure or usable. Neither are they scalable word-matching and number-typing and repeated numeric comparison achieve all three Aplicable to a range of scenarios that other methods may not Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

  18. Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion THANK YOU Ronald Kainda, Ivan Flechais, A.W. Roscoe Secure and Usable Out-Of-Band Channels for HISP

Recommend


More recommend