Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Low-cost Manufacturing, Usability, and Security: An Analysis of Bluetooth Simple Pairing and Wi-Fi Protected Setup Cynthia KuoCarnegie Mellon University.

Published byAngel Flynn Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Low-cost Manufacturing, Usability, and Security: An Analysis of Bluetooth Simple Pairing and Wi-Fi Protected Setup Cynthia KuoCarnegie Mellon University."— Presentation transcript:

1 1 Low-cost Manufacturing, Usability, and Security: An Analysis of Bluetooth Simple Pairing and Wi-Fi Protected Setup Cynthia KuoCarnegie Mellon University Jesse WalkerIntel Corporation Adrian PerrigCarnegie Mellon University

2 2 Device Introduction Goal: Establish authentication credentials between two devices that have not yet done so Terminology Introduction = setup = pairing

3 3 Device Introduction BluetoothWi-Fi Pair two devices in a master/slave relationship Enroll one device into an existing network, assuming initial network setup completed

4 4 Overview Define secure and usable device introduction Summarize setup methods in Bluetooth Simple Pairing and Wi-Fi Protected Setup Discuss potential causes of poor security and usability Recommend improvements

5 5 Device 1 Device 2 Secure Introduction Criteria 1.Conforms to standard model In-band Channel Active Attacker Out-of-band Channel (e.g., Cable, NFC)

6 6 Secure Introduction Criteria 1.Conforms to standard model Accepted by cryptographers 2.Provides high level of security –No more than 2 -30 probability of success 2 80 cryptographic operations required through 2010 Assume attackers can perform 2 50 operations 3.Preserves simplicity –Easier to find and correct vulnerabilities in simpler systems

7 7 Usable Introduction Criteria 1.Verifies in-band connection between devices 2.Handles errors –User experience interoperability  better application design and better support 3.Maintains a consistent user experience across devices –Learning

8 8 Overview Define secure and usable device introduction Summarize setup methods in Bluetooth Simple Pairing and Wi-Fi Protected Setup Discuss potential causes of poor security and usability Recommend improvements

9 9 Setup Methods BluetoothWi-Fi CopyPasskey EntryPIN CompareNumeric Comparison - AutoJust WorksPush Button Configuration Out-of-band

10 10 Evaluating Each Setup Model Secure Usable [Overall]3. Simplicity Probability of attack success2. Security Out-of-band channel1. Standard model [Overall]3. Consistent UX Error handling2. Error handling Connection verification1. Connection verification

11 11 “Copy” Setup Methods Out-of-band channelVisual & Human Probability of attack success> 2 -20 (6) / > 2 -14 (4); > 2 -27 (8) Connection verification? (Implementation issue) Error handlingStart over / ?

12 12 “Compare” Setup Method Out-of-band channelVisual & Human Probability of attack success> 2 -20 Connection verification? Error handlingStart over Bluetooth only

13 13 “Auto” Setup Methods Out-of-band channelNone Probability of attack successVery likely  Connection verification? Error handlingStart over / ?

14 14 Out-of-Band Setup Method Out-of-band channel Probability of attack successDepends on channel Connection verification? Error handlingStart over / ?

15 15 Overview Define secure and usable device introduction Summarize setup methods in Bluetooth Simple Pairing and Wi-Fi Protected Setup Discuss causes of poor security and usability Recommend improvements

16 16 Evaluating Each Setup Model Secure Usable [Overall]3. Simplicity Probability of attack success2. Security Out-of-band channel1. Standard model [Overall]3. Consistent UX Error handling2. Error handling Connection verification1. Connection verification [Overall] Probability of attack success Out-of-band channel [Overall] Error handling Connection verification

17 17 Preserving Simplicity Complex systems harder to fully analyze for vulnerabilities Each setup mode has its own issues Multiple setup modes per device leads to many possible setup combinations

18 18 Combinations of Setup Methods BluetoothWi-Fi Possible combinations between any two devices 120 Possible combinations per device 15 Pairing models 4 3 7 Possible combinations per device 28 Possible combinations between any two devices

19 19 Interactive Complexity Difficult to consider all the potential system states during design, implementation, and evaluation Difficult to handle so many different possible situations (especially a rare situation or error)

20 20 Reducing Complexity Reduce number of combinations by prioritizing setup models Reduce number of setup models

21 21 Auto Setup Methods Works if –No other devices in setup mode in wireless range –No errors Never secure against malicious device within range –Active attacker must be physically present Bluetooth Just Works and Wi-Fi Push Button Configuration supported for low-cost manufacturing Devices with no screens

22 22 Combinations of Setup Methods BluetoothWi-Fi Possible combinations between any two devices 120 Possible combinations per device 15 Pairing models 4 3 7 Possible combinations per device 28 Possible combinations between any two devices 3 Pairing models 7 Possible combinations per device 28 Possible combinations between any two devices 2 Pairing models 3 Possible combinations per device 6 Possible combinations between any two devices

23 23 Evaluating Each Setup Model Secure Usable [Overall]3. Simplicity Probability of attack success2. Security Out-of-band channel1. Standard model [Overall]3. Consistent UX Error handling2. Error handling Connection verification1. Connection verification [Overall] Probability of attack success Out-of-band channel [Overall] Error handling Connection verification

24 24 Issues in UX Consistency Wording User interaction flow Setup initiation –Device or user? Entering and exiting setup mode Basic checks –Wireless enabled? Timeout values for PINs Prioritization of setup methods Connection verification Error handling –Recovery –Messages –Technical support –Documentation Absent from specifications:

25 25 Importance of Consistency Fewer setup methods improves consistency –Rewards learning –Raises quality of error handling, documentation, and technical support Cross-vendor, cross-product –Reduces confusion about level of security assurance –Minimizes implementation work

26 26 Overview Define secure and usable device introduction Summarize setup methods in Bluetooth Simple Pairing and Wi-Fi Protected Setup Discuss causes of poor security and usability Recommend improvements

27 27 In-band Setup Copy: Bluetooth Passkey Entry or Wi-Fi PIN Static Copy: PIN entry using a PIN on a sticker Compare: Bluetooth Numeric Comparison Auto: Bluetooth Just Works or Wi-Fi Push Button Configuration Copy or Compare CopyStatic Copy Compare CopyAuto CopyAuto Static Copy Auto

28 28 P(Attack Success): In-band 2 -14 – 2 -27 First time only (2 -20 – 2 -27 ) No real security (no out-of-band channel) At least 2 buttons Out-of-band capability (visual & human)

29 29 P(Attack Success): Out-of-band Only mode capable of attack success probability ~ 2 -30 –Assumes that selected out-of-band method is a good one –Assumes same setup mode can be used for all devices

30 30 Recommendations 1.Common denominator of hardware features –At least 2 buttons –Out-of-band capability

31 31 Usability: Feedback Capability Screens used to confirm setup or display error messages Applies to in-band and out-of-band Good Passable None

32 32 Example: LED / One Button Plantronics Discovery 640 Bluetooth Headset User Guide

33 33 Recommendations 1.Common denominator of hardware features –At least 2 buttons –Out-of-band capability –Screen on at least one device (both preferable) 2.Common user experience –Common menu options, wording, user interaction flow, error logging –Promotes Consistency across devices and protocols Interoperability of user interfaces Error handling and recovery

34 34 Selected Related Work Usability evaluation of different pairing schemes (Uzun et al.) Setup in HomePlug (Newman et al.) Interactive complexity (Leveson) Importance of consistency (Endsley et al.) Schemes for exchanging authentication credentials using demonstrative identification –Resurrecting Duckling (Stajano et al.) –Talking to Strangers (Balfanz et al.) –Seeing-Is-Believing (McCune et al.)

35 35 Conclusion Networking relies on interoperability For security applications, UI should not be product differentiator Standardization of certain UX aspects can benefit technology in the same way as protocol standardization

36 36 Thank you! Questions? Comments? cykuo@cmu.edu

Download ppt "1 Low-cost Manufacturing, Usability, and Security: An Analysis of Bluetooth Simple Pairing and Wi-Fi Protected Setup Cynthia KuoCarnegie Mellon University."

Similar presentations

Usable Bootstrapping of Secure Ad Hoc Communication Ersin Uzun PARC 1.

Usable Bootstrapping of Secure Ad Hoc Communication Ersin Uzun PARC 1.
Information Document 18-E ITU-T Study Group 2 May 2002 QUESTION:Q.1/2 SOURCE:TSB TITLE:UNIVERSAL COMMUNICATIONS IDENTIFIER (UCI) (by Mike Pluke, ETSI)

Information Document 18-E ITU-T Study Group 2 May 2002 QUESTION:Q.1/2 SOURCE:TSB TITLE:UNIVERSAL COMMUNICATIONS IDENTIFIER (UCI) (by Mike Pluke, ETSI)
ITU-T SG13 futures session – July 25, 2003 - D1 Present document contains informations proprietary to France Telecom. Accepting this document means for.

ITU-T SG13 futures session – July 25, D1 Present document contains informations proprietary to France Telecom. Accepting this document means for.
HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014.

HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014.
IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.

IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.
Secure In-Band Wireless Pairing Shyamnath Gollakota Nabeel Ahmed Nickolai Zeldovich Dina Katabi.

Secure In-Band Wireless Pairing Shyamnath Gollakota Nabeel Ahmed Nickolai Zeldovich Dina Katabi.
Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.

Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.
Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig Carnegie Mellon University Message-In-a-Bottle: User-Friendly and Secure Cryptographic Key Deployment.

Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig Carnegie Mellon University Message-In-a-Bottle: User-Friendly and Secure Cryptographic Key Deployment.
KAIS T Message-In-a-Bottle: User-Friendly and Secure Key Deployment for Sensor Nodes Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig(CMU), Sensys07 2007.

KAIS T Message-In-a-Bottle: User-Friendly and Secure Key Deployment for Sensor Nodes Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig(CMU), Sensys
User Interface Design Yonsei University 2 nd Semester, 2013 Sanghyun Park.

User Interface Design Yonsei University 2 nd Semester, 2013 Sanghyun Park.
Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
SOUPS July 24, 2008 Universal Device Pairing using an Auxiliary Device Nitesh Saxena, Md. Borhan Uddin and Jonathan Voris Polytechnic Institute of New.

SOUPS July 24, 2008 Universal Device Pairing using an Auxiliary Device Nitesh Saxena, Md. Borhan Uddin and Jonathan Voris Polytechnic Institute of New.
User Centered Design Lecture # 5 Gabriel Spitz.

User Centered Design Lecture # 5 Gabriel Spitz.
Seeing-Is-Believing: using camera phones for human-verifiable authentication Jonathan M. McCune, Adrian Perrig and Michael K. Reiter Int. J. Security and.

Seeing-Is-Believing: using camera phones for human-verifiable authentication Jonathan M. McCune, Adrian Perrig and Michael K. Reiter Int. J. Security and.
Bluetooth Network Prepared By: Sara Ayad Aldehany.

Bluetooth Network Prepared By: Sara Ayad Aldehany.
Lenel OnGuard and Bioscrypt V-Smart

Lenel OnGuard and Bioscrypt V-Smart
Bootstrapping Key Infrastructures Max Pritikin IETF 91, 10 Nov 2014 Aloha!

Bootstrapping Key Infrastructures Max Pritikin IETF 91, 10 Nov 2014 Aloha!
TAX-AIDE Network Router Setup Network Printer Setups July 2013 2013 SMT/TCS Training - Dallas1.

TAX-AIDE Network Router Setup Network Printer Setups July SMT/TCS Training - Dallas1.

Similar presentations

Ads by Google