Serial hook-ups: A comparative usability study of secure device pairing methods

Alfred Kobsa, Rahim Sonawalla, Gene Tsudik, Ersin Uzun, Yang Wang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

44 Scopus citations

Abstract

Secure Device Pairing is the bootstrapping of secure communication between two previously unassociated devices over a wireless channel. The human-imperceptible nature of wireless communication, lack of any prior security context, and absence of a common trust infrastructure open the door for Man-in-the-Middle (aka Evil Twin) attacks. A number of methods have been proposed to mitigate these attacks, each requiring user assistance in authenticating information exchanged over the wireless channel via some human-perceptible auxiliary channels, e.g., visual, acoustic or tactile. In this paper, we present results of the first comprehensive and comparative study of eleven notable secure device pairing methods. Usability measures include: task performance times, ratings on System Usability Scale (SUS), task completion rates, and perceived security. Study subjects were controlled for age, gender and prior experience with device pairing. We present overall results and identify problematic methods for certain classes of users as well as methods best-suited for various device configurations.

Original languageEnglish (US)
Title of host publicationSOUPS 2009 - Proceedings of the 5th Symposium On Usable Privacy and Security
DOIs
StatePublished - Nov 10 2009
Event5th Symposium On Usable Privacy and Security, SOUPS 2009 - Mountain View, CA, United States
Duration: Jul 15 2009Jul 17 2009

Publication series

NameSOUPS 2009 - Proceedings of the 5th Symposium On Usable Privacy and Security

Other

Other5th Symposium On Usable Privacy and Security, SOUPS 2009
CountryUnited States
CityMountain View, CA
Period7/15/097/17/09

ASJC Scopus subject areas

  • Human-Computer Interaction
  • Software

Fingerprint Dive into the research topics of 'Serial hook-ups: A comparative usability study of secure device pairing methods'. Together they form a unique fingerprint.

Cite this