This article presents a new method for pairing devices securely. The commitment-based authentication uses a fuzzy secret that the devices only know approximately. Its novel feature is time-based opening of commitments in a single round. We also introduce a new source for the fuzzy secret: synchronized drawing with two fingers of the same hand on two touch screens or surfaces. The drawings are encoded as strings and compared with an edit-distance metric. A prototype implementation of this surprisingly simple and natural pairing mechanism shows that it accurately differentiates between true positives and man-in-the-middle attackers.
|Julkaisu||Pervasive and Mobile Computing|
|Tila||Julkaistu - 2015|
|OKM-julkaisutyyppi||A1 Julkaistu artikkeli, soviteltu|