research-article

GAnGS: gather, authenticate 'n group securely

Authors:

Chia-Hsin Owen Chen,

Chung-Wei Chen,

Jonathan M. McCune,

Tzong-Chen WuAuthors Info & Claims

MobiCom '08: Proceedings of the 14th ACM international conference on Mobile computing and networking

Pages 92 - 103

https://doi.org/10.1145/1409944.1409957

Published: 14 September 2008 Publication History

Abstract

Establishing secure communication among a group of physically collocated people is a challenge. This problem can be reduced to establishing authentic public keys among all the participants - these public keys then serve to establish a shared secret symmetric key for encryption and authentication of messages. Unfortunately, in most real-world settings, public key infrastructures (PKI) are uncommon and distributing a secret in a public space is difficult. Thus, it is a challenge to exchange authentic public keys in a scalable, secure, and easy to use fashion.

In this paper, we propose GAnGS, a protocol for the secure exchange of authenticated information among a group of people. In contrast to prior work, GAnGS resists Group-in-the-Middle and Sybil attacks by malicious insiders, as well as infiltration attacks by malicious bystanders. GAnGS is designed to be robust to user errors, such as miscounting the number of participants or incorrectly comparing checksums. We have implemented and evaluated GAnGS on Nokia N70 phones. The GAnGS system is viable and achieves a good balance between scalability, security, and ease of use.

References

[1]

Abdalla, M., Bresson, E., Chevassut, O., and Pointcheval, D. Password-based group key exchange in a constant number of rounds. In Public Key Cryptography (PKC) (2006), pp. 427--442.

Digital Library

[2]

Asokan, N., and Ginzboorg, P. Key-agreement in ad-hoc networks. Computer Communications 23, 17 (Nov. 2000), 1627--1637.

Digital Library

[3]

Balfanz, D., Smetters, D., Stewart, P., and Wong, H. Talking to strangers: Authentication in adhoc wireless networks, 2002. In Symposium on Network and Distributed Systems Security (NDSS).

[4]

Brennen, V. A. The keysigning party howto. http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html, 2008.

[5]

Burmester, M., and Desmedt, Y. Efficient and secure conference key distribution. In Security Protocols?International Workshop (Apr. 1997), vol. 1189, pp. 119--129.

Digital Library

[6]

Cagalj, M., Capkun, S., and Hubaux, J.-P. Key agreement in peer-to-peer wireless networks. IEEE (Special Issue on Cryptography) 94 (2006), 467--478.

[7]

Castelluccia, C., and Mutaf, P. Shake them up! a movement-based pairing protocol for cpu-constrained devices. In Proceedings of ACM/Usenix Mobisys (2005).

Digital Library

[8]

Douceur, J. R. The Sybil attack. In First International Workshop on Peer-to-Peer Systems (IPTPS) (Mar. 2002).

Digital Library

[9]

Ellison, C., and Dohrmann, S. Public-key support for group collaboration. ACM Trans. Inf. Syst. Secur. 6, 4 (2003), 547--565.

Digital Library

[10]

Goodrich, M. T., Sirivianos, M., Solis, J., Tsudik, G., and Uzun, E. Loud and clear: Human-verifiable authentication based on audio. In International Conference on Distributed Computing (ICDCS) (2006), p. 10.

Digital Library

[11]

Holmquist, L. E., Mattern, F., Schiele, B., Alahuhta, P., Beigl, M., and Gellersen, H.-W. Smart-its friends: A technique for users to easily establish connections between smart artefacts. In Proceedings of Ubicomp (2001).

Digital Library

[12]

Jay, A. How to run a meeting. Harvard Business Review 54 (1976), 43--57.

[13]

Just, M., and Vaudenay, S. Authenticated multi-party key agreement. In Advances in Cryptology -- (ASIACRYPT) (1996), vol. 1163, pp. 36--49.

Digital Library

[14]

Kim, Y., Perrig, A., and Tsudik, G. Simple and fault-tolerant key agreement for dynamic collaborative groups. In Proceedings of ACM Conference on Computer and Communications Security (CCS) (Nov. 2000), pp. 235--244.

Digital Library

[15]

Kuo, C. Reduction of End User Errors in the Design of Scalable, Secure Communication. PhD thesis, Carnegie Mellon University, 2008.

Digital Library

[16]

Kuo, C., Studer, A., and Perrig, A. Mind your manners: Socially appropriate wireless key establishment for groups. Proceedings of First ACM Conference on Wireless Network Security (WiSec) (Mar. 2008).

Digital Library

[17]

Laur, S., and Nyberg, K. Efficient mutual data authentication using manually authenticated strings. In Cryptology and Network Security (CANS) (2006), pp. 90--107.

Digital Library

[18]

Lester, J., Hannaford, B., and Gaetano, B. Are you with me? - using accelerometers to determine if two devices are carried by the same person. In Proceedings of Pervasive (2004).

[19]

Linksky, J. et al. Simple Pairing Whitepaper, revision v10r00. http://www.bluetooth.com/NR/rdonlyres/0A0B3F36-D15F-4470-85A6-F2CCFA26F70F/0/SimplePairing_WP_V10r00.pdf, August 2006.

[20]

Lortz, V., Roberts, D., Erdmann, B., Dawidowsky, F., Hayes, K., Yee, J. C., and Ishidoshiro, T. Wi-Fi Simple Config Specification, version 1.0a. Now known as Wi-Fi Protected Setup, February 2006.

[21]

McCune, J. M., Perrig, A., and Reiter, M. K. Seeing-is-believing: Using camera phones for human-verifiable authentication. In Proceedings of the IEEE Symposium on Security and Privacy (May 2005).

Digital Library

[22]

NFC Forum. NFC Forum: Specifications. http://www.nfc-forum.org/specs/.

[23]

Perrig, A., and Song, D. Hash visualization: A new technique to improve real-world security. In Proceedings of the 1999 International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC) (July 1999), pp. 131--138.

[24]

Stajano, F., and Anderson, R. J. The resurrecting duckling: Security issues for ad-hoc wireless networks. In Security Protocols Workshop (1999), pp. 172--194.

Digital Library

[25]

Steer, D., Strawczynski, L., Diffie, W., and Wiener, M. A secure audio teleconference system. In Advances in Cryptology (Crypto) (1990), vol. 403, pp. 520--528.

Digital Library

[26]

Steiner, M., Tsudik, G., and Waidner, M. Key agreement in dynamic peer groups. IEEE Transactions on Parallel and Distributed Systems 11, 8 (Aug. 2000), 769--780.

Digital Library

[27]

Tzeng, W., and Tzeng, Z. Round-efficient conference-key agreement protocols with provable security. In Advances in Cryptology -- (ASIACRYPT) (2000), vol. 1976, pp. 614--628.

Digital Library

[28]

Uzun, E., Karvonen, K., and Asokan, N. Usability analysis of secure pairing methods. In Usable Security (USEC) (Feb. 2007).

Digital Library

[29]

Valkonen, J., Asokan, N., and Nyberg, K. Ad hoc security associations for groups. In Security and Privacy in Ad-Hoc and Sensor Networks (ESAS) (2006), pp. 150--164.

Digital Library

[30]

Vaudenay, S. Secure communications over insecure channels based on short authenticated strings. In Advances in Cryptology (Crypto) (2005), pp. 309--326.

Digital Library

Cited By

Xu WZhang JHuang SLuo CLi W(2021)Key Generation for Internet of ThingsACM Computing Surveys10.1145/342974054:1(1-37)Online publication date: 2-Jan-2021
https://dl.acm.org/doi/10.1145/3429740
Striegel MHeyszl JJakobsmeier FMatveev YSigl GMayrhofer RRoland M(2020)Secure and user-friendly over-the-air firmware distribution in a portable faraday cageProceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3395351.3399342(173-183)Online publication date: 8-Jul-2020
https://dl.acm.org/doi/10.1145/3395351.3399342
Ghose NLazos LLi M(2018)Secure Device Bootstrapping Without Secrets Resistant to Signal Manipulation Attacks2018 IEEE Symposium on Security and Privacy (SP)10.1109/SP.2018.00055(819-835)Online publication date: May-2018
https://doi.org/10.1109/SP.2018.00055
Show More Cited By

Index Terms

GAnGS: gather, authenticate 'n group securely
1. Human-centered computing
  1. Human computer interaction (HCI)

Recommendations

An Effective and Robust Secure Remote User Authenticated Key Agreement Scheme Using Smart Cards in Wireless Communication Systems

Authentication protocol in wireless communication systems is important to protect the sensitive information against a malicious adversary by means of providing a variety of services, such as user credentials' privacy, session key security (we call it as ...
Password-based authenticated key establishment for wireless group communications in an ad-hoc mode

With the advancement of wireless technology and the increasing demand for mobile devices, secure and efficient password authenticated key establishment technologies are needed for various kinds of secure communications among wireless devices. In this ...
A secure and efficient ECC-based user anonymity preserving single sign-on scheme for distributed computer networks

A user authentication in the distributed computer networks DCNs plays a crucial rule to verify whether the user is a legal user and can therefore be granted access to the requested services to that user. In recent years, several RSA-based single sign-on ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

MobiCom '08: Proceedings of the 14th ACM international conference on Mobile computing and networking

September 2008

374 pages

ISBN:9781605580968

DOI:10.1145/1409944

General Chair:
J. J. Garcia-Luna-Aceves
University of California, Santa Cruz, USA & Palo Alto Research Center, USA
,
Program Chairs:
Raghupathy Sivakumar
Georgia Institute of Technology, USA
,
Peter Steenkiste
Carnegie Mellon University, USA

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 September 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

MobiCom08

Sponsor:

MobiCom08: Annual International Conference on Mobile Computing and Networking

September 14 - 19, 2008

California, San Francisco, USA

Acceptance Rates

Overall Acceptance Rate 440 of 2,972 submissions, 15%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

46
Total Citations
View Citations
738
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)1

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Xu WZhang JHuang SLuo CLi W(2021)Key Generation for Internet of ThingsACM Computing Surveys10.1145/342974054:1(1-37)Online publication date: 2-Jan-2021
https://dl.acm.org/doi/10.1145/3429740
Striegel MHeyszl JJakobsmeier FMatveev YSigl GMayrhofer RRoland M(2020)Secure and user-friendly over-the-air firmware distribution in a portable faraday cageProceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3395351.3399342(173-183)Online publication date: 8-Jul-2020
https://dl.acm.org/doi/10.1145/3395351.3399342
Ghose NLazos LLi M(2018)Secure Device Bootstrapping Without Secrets Resistant to Signal Manipulation Attacks2018 IEEE Symposium on Security and Privacy (SP)10.1109/SP.2018.00055(819-835)Online publication date: May-2018
https://doi.org/10.1109/SP.2018.00055
Mane PDesale P(2018)A Novel Approaches for Visual Authentication Protocols2018 3rd International Conference on Inventive Computation Technologies (ICICT)10.1109/ICICT43934.2018.9034460(182-184)Online publication date: Nov-2018
https://doi.org/10.1109/ICICT43934.2018.9034460
Kusen EStrembeck M(2016)A decade of security research in ubiquitous computing: results of a systematic literature reviewInternational Journal of Pervasive Computing and Communications10.1108/IJPCC-03-2016-001812:2(216-259)Online publication date: 6-Jun-2016
https://doi.org/10.1108/IJPCC-03-2016-0018
Kovačević TPerković TČagalj M(2016)Flashing displaysSecurity and Communication Networks10.1002/sec.14009:10(1050-1071)Online publication date: 10-Jul-2016
https://dl.acm.org/doi/10.1002/sec.1400
Divya RMuthukumarasamy S(2015)An impervious QR-based visual authentication protocols to prevent black-bag cryptanalysis2015 IEEE 9th International Conference on Intelligent Systems and Control (ISCO)10.1109/ISCO.2015.7282330(1-6)Online publication date: Jan-2015
https://doi.org/10.1109/ISCO.2015.7282330
Chong MMayrhofer RGellersen H(2014)A Survey of User Interaction for Spontaneous Device AssociationACM Computing Surveys10.1145/259776847:1(1-40)Online publication date: 1-May-2014
https://dl.acm.org/doi/10.1145/2597768
Kumar UHelmy A(2014)Social discovery using longitudinal spatial smartphone sensing2014 IEEE Wireless Communications and Networking Conference (WCNC)10.1109/WCNC.2014.6953114(3355-3360)Online publication date: Apr-2014
https://doi.org/10.1109/WCNC.2014.6953114
Nyang DMohaisen AKang J(2014)Keylogging-Resistant Visual Authentication ProtocolsIEEE Transactions on Mobile Computing10.1109/TMC.2014.230733113:11(2566-2579)Online publication date: Nov-2014
https://doi.org/10.1109/TMC.2014.2307331
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents