Figure 1 - uploaded by Yasir Arfat Malkani
Content may be subject to copyright.
1 MiTM attack scenario.  

1 MiTM attack scenario.  

Citations

... Interested reader can find the survey and detailed analysis of these existing paring schemes and protocols in (Malkani et al., 2009aMalkani et al., , 2010a). The key features of the PoP framework are below: ...
... : As stated, the proposed system integrates the device discovery mechanism and a set of several pairing protocols/schemes mainly identified and discussed in (Malkani et al., 2009aMalkani et al., , 2010a). Since none of the discovery systems in their original form were found to be suitable in for integration and prototype implementation of the PoP framework in terms of complexity and the features offered by these systems, Malkani et al., (2009b) developed their own registration and discovery mechanism through combining several features of its own (such as confidentiality and integrity protection) and the existing well known discovery systems. ...
... It is noted that the usability study results of eight pairing schemes are also useful in improving the protocol selection criteria in PoP Framework. Finally, we believe that the results and findings of this work including (Malkani et al., 2009aMalkani et al., , 2009bMalkani et al., , 2010aMalkani et al., , 2010bMalkani et al., ,2012aMalkani et al., ,2012b) motivates the research community to re-think the issue of secure device pairing and come up with a more standardized, common and universal solution. ...
Article
Full-text available
Security and privacy remain to be a major concern for the computing world – from traditional wired networks to modern mobile ad-hoc networks (MANETs) and ubiquitous/pervasive computing systems. Ubiquitous computing systems vary from conventional computing systems due to several reasons, such as ubiquitous computing systems are by nature ad hoc, more dynamic and there is spontaneous interaction among the devices. Most of the time, these systems are composed of modern small, handheld or embedded devices. These modern devices have support for some kind of wireless channel (i.e. WiFi, Infrared, Bluetooth, Laser etc) for communication purposes. As the wireless channels are inherently prone to security risks, the communication among the devices in these systems is not secure and these are susceptible to various attacks, such as MiTM attack. Consequently, in order to secure these systems, we need different tools and techniques than conventional security mechanisms. One of the recently addressed issues in ad-hoc and ubiquitous computing systems is the establishment of a secure channel between two devices. In literature, it is called secure device pairing. This issue is addressed by many researchers and several solutions have been proposed. We also realized the importance of this issue and proposed a framework based approach to secure device pairing. The focus of this paper is the performance evaluation and extended usability analysis of the proposed Proof-of-Proximity (PoP) framework.
... The main goal of the research community working on the secure device pairing issue has been to provide mechanisms that give assurance of the identity of the devices participating in the pairing process and to secure them from being victims of eavesdropping attacks, such as MiTM attack. Achieving this goal is a challenging problem from both the security and the usability points of view [32][33]. Consequently, Malkani et. ...
... The proposed system integrates device discovery, several pairing schemes and a protocol selection mechanism into a single model that facilitates association of any pair of devices in a wide range of scenarios by using the devices' existing capabilities and user preferences, and also assists the user to select an appropriate pairing protocol and relieves him/her from choosing between more than two dozen of pairing schemes. The interested readers can find the detailed analysis of these existing schemes in [32][33] and the detailed system architecture of the proposed system in [1]. The focus of this paper is the usability study of eight pairing schemes as well as the proposed system, which integrates them. ...
Article
Full-text available
Ubiquitous computing systems are becoming more common nowadays. Usually, these systems are composed of several modern hand-held devices, which support wireless communication in some form, such as WiFi, IrDA, Bluetooth, etc. Since wireless communication is open to everyone, the issue is how to pair two unassociated devices securely. Consequently, a wide community of industrial as well as academic researchers have proposed more than two dozen schemes and protocols that use various forms of out-ofband channels to pair the two devices securely. The main goal of the research community working on this issue has been to develop and/or propose such pairing systems/schemes, which should be automatic, secure and usable. One such system is proposed by Malkani et. al. [1]. The main goal of this research was to design a generic system that facilitates association of two co-located devices by demonstration of physical proximity in ubiquitous computing environments. In this paper, we are presenting the usability study of several pairing schemes and the proposed system, which was carried out to evaluate the overall system.
... The main goal of the research community working on the secure device pairing issue is to provide mechanisms that give assurance of the identity of the devices participating in the pairing process and to secure them from being victims of eavesdropping attacks, such as MiTM attack. Achieving this goal is a challenging problem from both the security and the usability points of view [43,44]. ...
... This notion contradicts with the usability goal of secure device pairing schemes. As a motivating example towards this, consider the following scenario, which is reproduced from [43]. ...
... The proposed system integrates device discovery, several pairing schemes and a selection mechanism into a single model that facilitates association of any pair of devices in a wide range of scenarios by using the devices' existing capabilities and user preferences, and also assists the user to select an appropriate pairing protocols and relieves him/her from choosing between more than two dozen of pairing schemes. The interested readers can find the detailed analysis of these existing schemes in [43,44]. ...
Article
Full-text available
Recently secure device pairing has had significant attention from a wide community of academic as well as industrial researchers and a plethora of schemes and protocols have been proposed, which use various forms of out-of-band exchange to form an association between two unassociated devices. These protocols and schemes have different strengths and weaknesses – often in hardware requirements, strength against various attacks or usability in particular scenarios. From ordinary user's point of view, the problem then becomes which to choose or which is the best possible scheme in a particular scenario. We advocate that in a world of modern heterogeneous devices and requirements, there is a need for mechanisms that allow automated selection of the best protocols without requiring the user to have an in-depth knowledge of the minutiae of the underlying technologies. Towards this, the main argument forming the basis of this research work is that the integration of a discovery mechanism and several pairing schemes into a single system is more efficient from a usability point of view as well as security point of view in terms of dynamic choice of pairing schemes. In pursuit of this, we have proposed a generic system for secure device pairing by demonstration of physical proximity. The contributions presented in this paper include the design and prototype implementation of the proposed framework along with a novel Co-Location protocol.
... The main goal of secure pairing research is to provide assurance of the identity of the devices participating in the pairing process and to secure them from being victims of eavesdropping attacks, such as MiTM attack. Achieving this goal is a challenging problem from both the security and the usability or user interaction points of view [1]. Towards, this we advocated that a common device pairing infrastructure could be an effective (from usability point of view) approach for ubiquitous computing environments. ...
... Previously we have presented a detailed survey of the state-of-theart in secure device pairing [1]. Each of the proposed schemes we have surveyed has strengths and weaknesses often in hardware requirements, strength against various attacks or usability in particular scenarios. ...
... schemes and/or their variations that are used to demonstrate the physical proximity of devices through the use of out-of-band channels. For a detailed survey of pairing schemes, refer [1]. We are presenting the overview of the overall system as below: ...
Conference Paper
Full-text available
Ad-hoc interactions between devices over wireless networks present a security problem: the generation of shared secrets to initialize secure communication over a medium that is inherently vulnerable to various attacks. However, these scenarios can also build on physical security of spaces by using protocols in which users visibly demonstrate their presence to generate an association. As a consequence, secure device pairing has received significant attention. A plethora of schemes and protocols have been proposed, which use various forms of out-of-band exchange to form an association between two devices. These protocols and schemes have different strengths and weaknesses -- often in hardware requirements, strength against various attacks or usability in particular scenarios. From ordinary user's point of view, the problem then becomes which to choose or which is the best possible scheme in a particular scenario. This problem could be relieved by automation. We advocate that the integration of a discovery mechanism, several pairing schemes and a selection protocol into a single system is more efficient for users. In this paper, we present such a system along with its implementation details.
Article
Wireless mesh networks provide long-distance wireless network connectivity over heterogeneous devices for greater scalability and availability. However, protecting legitimate long-distance wireless links from wormhole attacks is an important yet challenging security issue in wireless mesh networks. In this paper, we propose a reputation-based cross-layer intrusion detection system to effectively detect various wormhole attacks. The proposed system analyses the behaviours of the routing paths in wireless mesh networks to correctly isolate the malicious wormhole paths from legitimate long-distance wireless links. It uses reputation and cross-layer parameters for comprehensive ability to isolate the wormhole attacks in routing paths. This isolation ensures full utilisation of legitimate long-distance wireless links in wireless mesh networks, which is not possible with the existing wormhole attack detection approaches. Experimental results show that the proposed system increases the detection rate, decreases the false alarm rate, and secures legitimate long-distance wireless links in wireless mesh networks. Copyright © 2014 John Wiley & Sons, Ltd.