EAGER: Establishing Secure Wireless Connections via Playful User Engagement

EAGER：通过有趣的用户参与建立安全的无线连接

• 批准号: 1255919
• 负责人: Nitesh Saxena
• 金额: $ 7.5万
• 依托单位: University of Alabama at Birmingham
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2012
• 资助国家: 美国
• 起止时间: 2012-10-01 至 2015-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1255919&HistoricalAwards=false
• 关键词: EAGER; Establishing; Secure; Wireless; Connections; EAGER; Establishing; Secure; Wireless; Connections

Pairing is a fundamental problem of establishing secure, i.e., authenticated and confidential, connection between two previously unassociated devices over a short-range wireless radio channel. Lack of prior security context or a common trust infrastructure triggers the threat of man-in-the-middle attacks. Addressing this threat necessitates user involvement in the device pairing process. Despite extensive prior research, the pairing problem has not been duly addressed so far. The fundamental difficulty stems from a complete lack of user motivation in the pairing process, which leads to different forms of human errors, undermining the overall security and/or usability of the process. This project aims to address the problem of secure device pairing via playful user engagement. First, it is investigating the use of a rewarding functionality based on the principles of extrinsic motivation to improve the security and usability of traditional device pairing mechanisms. Second, in order to make secure device pairing fun and enjoyable, it is adopting computer games to facilitate user involvement. In other words, the user would be asked to play a simple game which accomplishes the pairing task as a side effect. Specifically, a suite of playful solutions for device pairing are being designed and prototyped in this project. The project is providing advanced mentoring to many students as well as integrating the proposed research with ongoing security curriculum, enabling participants to acquire rare skills at the intersection of Human-Computer Interaction, and Secure and Trustworthy Cyberspace. It is also facilitating outreach to high school and K-12 students, and minority populations. The prototypes arising from this project have the potential to be deployed in practice, making device pairing not only usable but also pleasurable for day-to-day users.

配对是建立安全的，即身份验证和机密的基本问题，即通过短距离无线无线电通道之间的两个先前无关的设备之间的连接。 缺乏先前的安全环境或常见的信任基础架构会触发中间人攻击的威胁。 解决此威胁需要用户参与设备配对过程。尽管事先进行了广泛的研究，但到目前为止，配对问题尚未得到适当解决。基本困难源于配对过程中完全缺乏用户动机，这导致了不同形式的人类错误，破坏了该过程的总体安全性和/或可用性。该项目旨在通过嬉戏的用户参与来解决安全设备配对的问题。 首先，它正在研究基于外在动机的原理来提高传统设备配对机制的安全性和可用性的原理。其次，为了使安全的设备配对变得有趣且令人愉悦，它正在采用计算机游戏来促进用户参与。换句话说，将要求用户玩一个简单的游戏，以完成配对任务作为副作用。 具体而言，该项目正在设计和原型设计用于设备配对的一系列有趣的解决方案。 该项目正在为许多学生提供高级指导，并将拟议的研究与持续的安全课程相结合，使参与者能够在人类计算机交互的交汇处获得稀有技能，并确保可信赖的网络空间。这也促进了与高中和K-12学生以及少数群体的宣传。该项目产生的原型有可能在实践中部署，使设备配对不仅可用，而且可以使日常用户愉悦。