CT-ISG: User-Aided Secure Association of Wireless Devices

CT-ISG：用户辅助的无线设备安全关联

• 批准号: 0831397
• 负责人: Nitesh Saxena
• 金额: --
• 依托单位: Polytechnic University of New York
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2008
• 资助国家: 美国
• 起止时间: 2008-10-01 至 2012-03-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0831397&HistoricalAwards=false
• 关键词: CT; ISG; User; Aided; Secure

The popularity of personal gadgets opens up many new services for ordinary users. Many everyday usage scenarios involve two or more devices "working together". (Emerging scenarios are beginning to involve sensors and personal RFID tags.) Before working together, devices must be securely "paired" to enable secure and private communication. However, the human-imperceptible nature of wireless communication prompts the very real threat of Man-in-the-Middle (MiTM) attacks. Another challenge arises due to the lack of a global security infrastructure. Consequently, traditional cryptographic means alone are unsuitable, since unfamiliar devices have no prior security context and no common point of trust. Therefore, some human involvement in secure device pairing is unavoidable. At the same time, most devices have limited hardware and/or user interfaces, thus complicating human involvement.This project?s goals are three-fold: (1) design a set of pairing methods suitable for most common devices and a general user population, based on comprehensive and comparative usability studies, (2) develop secure pairing techniques for personal RFID tags, and (3) construct a set of user-friendly, scalable and secure methods for sensor initialization.Benefits of this project will include accumulation of valuable expertise in designing truly usable security methods. Notably, the project expects to experimentally assess the value of usable security with respect to the general population. Furthermore, the need for, and the utility of, user-centric secure control of personal RFID tags and sensors will be demonstrated. Since device pairing is one of the very few areas where security directly involves and affects the average user, the greatest impact of proposed research is expected to be the broader participation in security practices and better appreciation of security and its benefits. The project also emphasizes industry outreach and technology transfer by working with manufacturers and industrial consortia.In addition, students taking part in the project are expected to acquire currently uncommon skills at the cusp of Human-Computer Interaction, Usability and Cyber Trust.

个人小工具的受欢迎程度为普通用户开辟了许多新服务。许多日常用法场景涉及两个或多个“共同努力”的设备。 （新兴方案开始涉及传感器和个人RFID标签。）在共同努力之前，必须将设备“配对”以实现安全和私人通信。但是，无线通信的人类侵蚀性质促使中间人（MITM）攻击的真正威胁。由于缺乏全球安全基础架构，出现了另一个挑战。因此，传统的加密方式是不合适的，因为陌生的设备没有先前的安全环境，也没有共同的信任点。因此，某些人参与安全设备配对是不可避免的。同时，大多数设备的硬件和/或用户界面有限，从而使人类参与变得复杂。该项目的目标是三个方面：（1）设计一组适用于大多数常见设备的配对方法，基于全面和比较可用性研究的一般用户群体，（2）为个人RFID标签和（3）构建的安全配对技术，以及（3）构造的安全配对技术（3）初始化。该项目的效果将包括在设计真正可用的安全方法方面积累宝贵的专业知识。 值得注意的是，该项目希望通过实验评估对普通人群的可用安全价值。 此外，将展示对个人RFID标签和传感器的用户安全控制的需求和实用性。由于设备配对是安全性直接涉及并影响普通用户的极少数领域之一，因此拟议的研究的最大影响预计将是更广泛地参与安全实践，并更好地欣赏安全性及其收益。 该项目还通过与制造商和工业财团合作来强调行业推广和技术转移。此外，参加该项目的学生有望在人类计算机互动，可用性和网络信任的风口浪尖中获得目前不常见的技能。