Ronald Kainda, Ivan Flechais and A. W. Roscoe
Lecture Notes in Computer Science 2010, Volume 6033/2010, 308-315 DOI: 10.1007/978-3-642-12368-9_24View Journal Article / Working Paper
Protocols for bootstrapping security in ad hoc mobile device interactions rely on users’ ability to perform specific tasks such as transferring or comparing fingerprints of information between devices. The size of fingerprints depends on the level of technical security required by a given application but, at the same time, is limited by users’ inability to deal with large amounts of data with high levels of accuracy. Large fingerprints provide high technical security but potentially reduce usability of protocols which may result in users making mistakes that compromise security. This conflict between technical security and usability requires methods for transferring fingerprints between devices that maximise both to achieve acceptable effective security. In this paper, we propose two methods for transferring fingerprints between devices. We conducted a usability and security evaluation of the methods and our results show that, in contrast to previous proposals, our methods are both usable and resistant to security failures.