ETH Zurich : Computer Science : Pervasive Computing : Distributed Systems : Education : Student Projects : Abstract

Implementation and Evaluation of a Secure Device Pairing Protocol (M)

Status: Abgeschlossen

In a world full of ambient intelligence and smart services, the secure pairing of two devices is of prime importance: without being able to authenticate whom our smart phone is transmitting its access keys or credit card information to, no real security is possible. While a number of proposals have recently emerged in the literature, it is unclear whether these approaches are not only cryptographically secure, but also usable. After all, if using these methods is cumbersome or complicated, people will not bother with them, as the many unsecured wireless networks aptly demonstrate.

The goal of this thesis is to extend the OpenUAT toolkit (https://www.openuat.org) to implement a particular device authentication protocol, the Button-Enabled Device Pairing (BEDA) protocol. BEDA protocols can accommodate pairing scenarios where one (or even both) devices only have a single button as their user interface. The usability of this device pairing protocols should be examined and compared to, e.g., implementations that use visual, audio channels or shaking as auxiliary physically authenticatable channels. Questions that should be answered in the evaluation might be: How easy is it to use the system for securely associating two devices? Which parameters offer the best balance between ease-of-use and security requirements? How susceptible is the protocol to social engineering attacks?