115 research outputs found
Shake Well Before Use: Intuitive and Secure Pairing of Mobile Devices
A challenge in facilitating spontaneous mobile interactions is to provide pairing methods that are both intuitive and secure. Simultaneous shaking is proposed as a novel and easy-to-use mechanism for pairing of small mobile devices. The underlying principle is to use common movement as a secret that the involved devices share for mutual authentication. We present two concrete methods, ShaVe and ShaCK, in which sensing and analysis of shaking movement is combined with cryptographic protocols for secure authentication. ShaVe is based on initial key exchange followed by exchange and comparison of sensor data for verification of key authenticity. ShaCK, in contrast, is based on matching features extracted from the sensor data to construct a cryptographic key. The classification algorithms used in our approach are shown to robustly separate simultaneous shaking of two devices from other concurrent movement of a pair of devices, with a false negative rate of under 12 percent. A user study confirms that the method is intuitive and easy to use, as users can shake devices in an arbitrary pattern
Shake well before use: two implementations for implicit context authentication
Secure device pairing is especially di?cult for spontaneous interaction in ubiquitous computing environments because of wireless communication, lack of powerful user interfaces, and scalability issues. We demonstrate a method to address this problem for small, mobile devices that does not require explicit user interfaces like displays or key pads. By shaking devices together in one hand for a few seconds, they are securely paired. Device authentication happens implicitly as part of the pairing process without the need for explicit user interaction �just for security�. Our method has been implemented in two variants: �rst, for high-quality data collection using wired accelerometers; second, using built-in accelerometers in standard Nokia 5500 mobile phones
Using a Spatial Context Authentication Proxy for Establishing Secure Wireless Connections
Spontaneous interaction in wireless ad-hoc networks is often desirable not only between users or devices in direct contact, but also with devices that are accessible only via a wireless network. Secure communication with such devices is difficult because of the required authentication, which is often either password- or certificate-based. An intuitive alternative is context-based authentication, where device authenticity is verified by shared context, and often by direct physical evidence. Devices that are physically separated cannot experience the same context and thus cannot benefit directly from context authentication. We introduce a context authentication proxy that is pre-authenticated with one of the devices and can authenticate with the other by shared context. This concept is applicable to a wide range of application scenarios, context sensing technologies, and trust models. We show its practicality in an implementation for setting up IPSec connections based on spatial reference. Our specific scenario is ad-hoc access of mobile devices to secure 802.11 WLANs using a mobile device as authentication proxy. A user study shows that our method and implementation are intuitive to use and compare favourably to a standard, password-based approach
On the Security of Ultrasound as Out-of-band Channel
Ultrasound has been proposed as out-of-band channel for authentication of peer devices in wireless ad hoc networks. Ultrasound can implicitly contribute to secure communication based on inherent limitations in signal propagation, and can additionally be used explicitly by peers to measure and verify their relative positions. In this paper we analyse potential attacks on an ultrasonic communication channel and peer-to-peer ultrasonic sensing, and investigate how potential attacks translate to application-level threats for peers seeking to establish a secure wireless link. Based on our analysis we propose a novel method for authentic communication of short messages over an ultrasonic channel
Airwriting, a platform for private, mobile, spatial group messaging
Diese Arbeit beschreibt das Projekt Airwriting und seine Software Architektur. Es handelt sich um einen sicheren Nachrichten Service für Mobiltelefone, welcher Nachrichten behandeln kann, die explizit mit speziellen Eigenschaften versehen sind. Mehr als 30 dieser potentiellen Eigenschaften wie der Ort der Nachricht, das Wetter des Ortes als auch der aktuelle Gemütszustand des Empfängers werden präsentiert. Ein Prototyp mit einer ausgewählten Untermenge dieser 30 Eigenschaften wird auf drei unterschiedlichen Plattformen (Android, iPhone, J2ME) vorgestellt. Mehr als 65 ähnliche Projekte werden kurz evaluiert und mit dem Projekt Airwriting verglichen. Die Ergebnisse einer Benutzerstudie mit 20 Benutzern werden dargelegt und zusammengefasst.This thesis describes the project Airwriting and its software architecture. It is a private and mobile messaging service for managing text messages which are explicitly provided with specific attributes.More than 30 potential attributes are presented such as location of the message, the weather of the location and the current mood of the receiver of messages. A prototyp with a selected subset of these attributes is presented on three different mobile platforms (Android, iPhone, J2ME). More than 65 similar projects are shortly evaluated and compared to Airwriting. The results of a usability study with 20 users are discussed and summarize
A Context Authentication Proxy for IPSec Using Spatial Reference
Spontaneous interaction in ad-hoc networks is often desirable not only between users or devices in direct contact, but also with devices that are accessible only via a wireless network. Secure communication with such devices is di#cult because of the required authentication, which is often either password- or certificate-based. An intuitive alternative is context-based authentication, where device authenticity is verified by shared context, and often by direct physical evidence. Devices that are physically separated can not experience the same context and can thus not benefit directly from context authentication. We introduce a context authentication proxy that is pre-authenticated with one of the devices and can authenticate with the other by shared context. This concept is applicable to a wide range of application scenarios, context sensing technologies, and trust models. We show its practicality in an implementation for setting up IPSec connections based on spatial reference. Our specific scenario is ad-hoc access of mobile devices to secure 802.11 WLANs using a PDA as authentication proxy
Eine Architektur zur Kontextvorhersage
So genannte “kontextsensitive Systeme” haben zum Ziel, die eingesetzten Computersysteme automatisch an die aktuellen Situationen anzupassen und damit bessere Interaktion mit der Umgebung zu ermöglichen. Diese Arbeit befasst sich mit dem nächsten logischen Schritt nach der Erkennung des jeweils aktuellen Kontextes, nämlich der Vorhersage zukünftiger Kontexte. Zu diesem Zweck wurde eine mehrschrittige Software-Architektur entwickelt, welche aus den Daten mehrerer einfacher Sensoren die aktuellen und zukünftig erwarteten Kontexte gewinnt. Die entwickelte Architektur wurde bereits in Form eines flexiblen Software-Frameworks umgesetzt und mit aufgezeichneten Daten aus alltäglichen Situationen evaluiert. Diese Betrachtung zeigt, dass die Vorhersage abstrakter Kontexte in Grenzen bereits möglich ist, jedoch noch Raum für Verbesserungen der Vorhersagequalität in zukünftigen Arbeiten offen bleibt
When Users Cannot Verify Digital Signatures: On the Difficulties of Securing Mobile Devices
A New Approach to Fast Simulation of Spiking . . .
... – sie stellen den direkten Nachfolger der Künstlichen Neuronalen Netzwerke dar. Obwohl die Eigenschaften dieses neuen Typs Neuronaler Netzwerke derzeit nur in begrenztem Maße bekannt sind, ist er dennoch eindeutig leistungsfähiger als sein Vorgänger; außer der möglichen Simulation Künstlicher Neuronaler Netzwerke in Echtzeit können neue, zuvor unbekannte Berechnungselemente in der Modellierung verwendet werden. Allerdings erfordern aktuelle Implementierung zur Simulation Spikender Neuronaler Netzwerke bisher den Einsatz kontinuierlicher Simulationstechniken, durch die Skalierbarkeit auf große Netzwerke mit vielen Neuronen erschweren. Diese Diplomarbeit führt ein neues Modell für Spikende Neuronale Netzwerke ein, welches die Anwendung von schneller, diskreter ereignisbasierter Simulation erlaubt; dadurch entstehen möglicherweise enorme Vorteile in Flexibilität und Skalierbarkeit, ohne die qualitative Berechnungsleistung zu mindern. Das neue Modell wurde außerdem in einem Plattform-unabhängigen, in Java geschriebenen Prototyp-Simulationsframework implementiert. Durch die ausschließliche Verwendung diskreter ereignisbasierter Simulation beweist das Framework die Funktionsfähigkeit de
The candidate key protocol for generating secret shared keys from similar sensor data streams
Abstract. Secure communication over wireless channels necessitates authentication of communication partners to prevent man-in-the-middle attacks. For spontaneous interaction between independent, mobile devices, no a priori information is available for authentication purposes. However,traditionalapproachesbasedonmanualpasswordinputorverificationofkeyfingerprintsdonotscaletotenstohundredsofinteractions a day, as envisioned by future ubiquitous computing environments. One possibility to solve this problem is authentication based on similar sensor data: when two (or multiple) devices are in the same situation, and thus experience the same sensor readings, this constitutes shared, (weakly) secret information. This paper introduces the Candidate Key Protocol (CKP) to interactively generate secret shared keys from similar sensor data streams. It is suitable for two-party and multi-party authentication, and supports opportunistic authentication.
- …
