Abstract
This article presents a new method for pairing devices securely. The commitment-based authentication uses a fuzzy secret that the devices only know approximately. Its novel feature is time-based opening of commitments in a single round. We also introduce a new source for the fuzzy secret: synchronized drawing with two fingers of the same hand on two touch screens or surfaces. The drawings are encoded as strings and compared with an edit-distance metric. A prototype implementation of this surprisingly simple and natural pairing mechanism shows that it accurately differentiates between true positives and man-in-the-middle attackers.
Original language | English |
---|---|
Pages (from-to) | 205-219 |
Journal | Pervasive and Mobile Computing |
Volume | 16 |
Issue number | Part B |
DOIs | |
Publication status | Published - 2015 |
MoE publication type | A1 Journal article-refereed |
Keywords
- Security
- Device pairing
- Commitment protocol
- Edit distance