The popularity of personal gadgets opens up many new services for ordinary users. Many everyday usage scenarios involve two or more devices "working together". (Emerging scenarios are beginning to involve sensors and personal RFID tags.) Before working together, devices must be securely "paired" to enable secure and private communication.
However, the human-imperceptible nature of wireless communication prompts the very real threat of Man-in-the-Middle (MiTM) attacks. Another challenge arises due to the lack of a global security infrastructure. Consequently, traditional cryptographic means alone are unsuitable, since unfamiliar devices have no prior security context and no common point of trust. Therefore, some human involvement in secure device pairing is unavoidable. At the same time, most devices have limited hardware and/or user interfaces, thus complicating human involvement.
This project?s goals are three-fold: (1) design a set of pairing methods suitable for most common devices and a general user population, based on comprehensive and comparative usability studies, (2) develop secure pairing techniques for personal RFID tags, and (3) construct a set of user-friendly, scalable and secure methods for sensor initialization.
Benefits of this project will include accumulation of valuable expertise in designing truly usable security methods. Notably, the project expects to experimentally assess the value of usable security with respect to the general population. Furthermore, the need for, and the utility of, user-centric secure control of personal RFID tags and sensors will be demonstrated. Since device pairing is one of the very few areas where security directly involves and affects the average user, the greatest impact of proposed research is expected to be the broader participation in security practices and better appreciation of security and its benefits. The project also emphasizes industry outreach and technology transfer by working with manufacturers and industrial consortia.
In addition, students taking part in the project are expected to acquire currently uncommon skills at the cusp of Human-Computer Interaction, Usability and Cyber Trust.
