Welcome to TiddlyWiki created by Jeremy Ruston, Copyright © 2007 UnaMesa Association
Background: #fff
Foreground: #000
PrimaryPale: #8cf
PrimaryLight: #18f
PrimaryMid: #04b
PrimaryDark: #014
SecondaryPale: #ffc
SecondaryLight: #fe8
SecondaryMid: #db4
SecondaryDark: #841
TertiaryPale: #eee
TertiaryLight: #ccc
TertiaryMid: #999
TertiaryDark: #666
Error: #f88
/*{{{*/
body {background:[[ColorPalette::Background]]; color:[[ColorPalette::Foreground]];}
a {color:[[ColorPalette::PrimaryMid]];}
a:hover {background-color:[[ColorPalette::PrimaryMid]]; color:[[ColorPalette::Background]];}
a img {border:0;}
h1,h2,h3,h4,h5,h6 {color:[[ColorPalette::SecondaryDark]]; background:transparent;}
h1 {border-bottom:2px solid [[ColorPalette::TertiaryLight]];}
h2,h3 {border-bottom:1px solid [[ColorPalette::TertiaryLight]];}
.button {color:[[ColorPalette::PrimaryDark]]; border:1px solid [[ColorPalette::Background]];}
.button:hover {color:[[ColorPalette::PrimaryDark]]; background:[[ColorPalette::SecondaryLight]]; border-color:[[ColorPalette::SecondaryMid]];}
.button:active {color:[[ColorPalette::Background]]; background:[[ColorPalette::SecondaryMid]]; border:1px solid [[ColorPalette::SecondaryDark]];}
.header {background:[[ColorPalette::PrimaryMid]];}
.headerShadow {color:[[ColorPalette::Foreground]];}
.headerShadow a {font-weight:normal; color:[[ColorPalette::Foreground]];}
.headerForeground {color:[[ColorPalette::Background]];}
.headerForeground a {font-weight:normal; color:[[ColorPalette::PrimaryPale]];}
.tabSelected{color:[[ColorPalette::PrimaryDark]];
background:[[ColorPalette::TertiaryPale]];
border-left:1px solid [[ColorPalette::TertiaryLight]];
border-top:1px solid [[ColorPalette::TertiaryLight]];
border-right:1px solid [[ColorPalette::TertiaryLight]];
}
.tabUnselected {color:[[ColorPalette::Background]]; background:[[ColorPalette::TertiaryMid]];}
.tabContents {color:[[ColorPalette::PrimaryDark]]; background:[[ColorPalette::TertiaryPale]]; border:1px solid [[ColorPalette::TertiaryLight]];}
.tabContents .button {border:0;}
#sidebar {}
#sidebarOptions input {border:1px solid [[ColorPalette::PrimaryMid]];}
#sidebarOptions .sliderPanel {background:[[ColorPalette::PrimaryPale]];}
#sidebarOptions .sliderPanel a {border:none;color:[[ColorPalette::PrimaryMid]];}
#sidebarOptions .sliderPanel a:hover {color:[[ColorPalette::Background]]; background:[[ColorPalette::PrimaryMid]];}
#sidebarOptions .sliderPanel a:active {color:[[ColorPalette::PrimaryMid]]; background:[[ColorPalette::Background]];}
.wizard {background:[[ColorPalette::PrimaryPale]]; border:1px solid [[ColorPalette::PrimaryMid]];}
.wizard h1 {color:[[ColorPalette::PrimaryDark]]; border:none;}
.wizard h2 {color:[[ColorPalette::Foreground]]; border:none;}
.wizardStep {background:[[ColorPalette::Background]]; color:[[ColorPalette::Foreground]];
border:1px solid [[ColorPalette::PrimaryMid]];}
.wizardStep.wizardStepDone {background::[[ColorPalette::TertiaryLight]];}
.wizardFooter {background:[[ColorPalette::PrimaryPale]];}
.wizardFooter .status {background:[[ColorPalette::PrimaryDark]]; color:[[ColorPalette::Background]];}
.wizard .button {color:[[ColorPalette::Foreground]]; background:[[ColorPalette::SecondaryLight]]; border: 1px solid;
border-color:[[ColorPalette::SecondaryPale]] [[ColorPalette::SecondaryDark]] [[ColorPalette::SecondaryDark]] [[ColorPalette::SecondaryPale]];}
.wizard .button:hover {color:[[ColorPalette::Foreground]]; background:[[ColorPalette::Background]];}
.wizard .button:active {color:[[ColorPalette::Background]]; background:[[ColorPalette::Foreground]]; border: 1px solid;
border-color:[[ColorPalette::PrimaryDark]] [[ColorPalette::PrimaryPale]] [[ColorPalette::PrimaryPale]] [[ColorPalette::PrimaryDark]];}
#messageArea {border:1px solid [[ColorPalette::SecondaryMid]]; background:[[ColorPalette::SecondaryLight]]; color:[[ColorPalette::Foreground]];}
#messageArea .button {color:[[ColorPalette::PrimaryMid]]; background:[[ColorPalette::SecondaryPale]]; border:none;}
.popupTiddler {background:[[ColorPalette::TertiaryPale]]; border:2px solid [[ColorPalette::TertiaryMid]];}
.popup {background:[[ColorPalette::TertiaryPale]]; color:[[ColorPalette::TertiaryDark]]; border-left:1px solid [[ColorPalette::TertiaryMid]]; border-top:1px solid [[ColorPalette::TertiaryMid]]; border-right:2px solid [[ColorPalette::TertiaryDark]]; border-bottom:2px solid [[ColorPalette::TertiaryDark]];}
.popup hr {color:[[ColorPalette::PrimaryDark]]; background:[[ColorPalette::PrimaryDark]]; border-bottom:1px;}
.popup li.disabled {color:[[ColorPalette::TertiaryMid]];}
.popup li a, .popup li a:visited {color:[[ColorPalette::Foreground]]; border: none;}
.popup li a:hover {background:[[ColorPalette::SecondaryLight]]; color:[[ColorPalette::Foreground]]; border: none;}
.popup li a:active {background:[[ColorPalette::SecondaryPale]]; color:[[ColorPalette::Foreground]]; border: none;}
.popupHighlight {background:[[ColorPalette::Background]]; color:[[ColorPalette::Foreground]];}
.listBreak div {border-bottom:1px solid [[ColorPalette::TertiaryDark]];}
.tiddler .defaultCommand {font-weight:bold;}
.shadow .title {color:[[ColorPalette::TertiaryDark]];}
.title {color:[[ColorPalette::SecondaryDark]];}
.subtitle {color:[[ColorPalette::TertiaryDark]];}
.toolbar {color:[[ColorPalette::PrimaryMid]];}
.toolbar a {color:[[ColorPalette::TertiaryLight]];}
.selected .toolbar a {color:[[ColorPalette::TertiaryMid]];}
.selected .toolbar a:hover {color:[[ColorPalette::Foreground]];}
.tagging, .tagged {border:1px solid [[ColorPalette::TertiaryPale]]; background-color:[[ColorPalette::TertiaryPale]];}
.selected .tagging, .selected .tagged {background-color:[[ColorPalette::TertiaryLight]]; border:1px solid [[ColorPalette::TertiaryMid]];}
.tagging .listTitle, .tagged .listTitle {color:[[ColorPalette::PrimaryDark]];}
.tagging .button, .tagged .button {border:none;}
.footer {color:[[ColorPalette::TertiaryLight]];}
.selected .footer {color:[[ColorPalette::TertiaryMid]];}
.sparkline {background:[[ColorPalette::PrimaryPale]]; border:0;}
.sparktick {background:[[ColorPalette::PrimaryDark]];}
.error, .errorButton {color:[[ColorPalette::Foreground]]; background:[[ColorPalette::Error]];}
.warning {color:[[ColorPalette::Foreground]]; background:[[ColorPalette::SecondaryPale]];}
.lowlight {background:[[ColorPalette::TertiaryLight]];}
.zoomer {background:none; color:[[ColorPalette::TertiaryMid]]; border:3px solid [[ColorPalette::TertiaryMid]];}
.imageLink, #displayArea .imageLink {background:transparent;}
.annotation {background:[[ColorPalette::SecondaryLight]]; color:[[ColorPalette::Foreground]]; border:2px solid [[ColorPalette::SecondaryMid]];}
.viewer .listTitle {list-style-type:none; margin-left:-2em;}
.viewer .button {border:1px solid [[ColorPalette::SecondaryMid]];}
.viewer blockquote {border-left:3px solid [[ColorPalette::TertiaryDark]];}
.viewer table, table.twtable {border:2px solid [[ColorPalette::TertiaryDark]];}
.viewer th, .viewer thead td, .twtable th, .twtable thead td {background:[[ColorPalette::SecondaryMid]]; border:1px solid [[ColorPalette::TertiaryDark]]; color:[[ColorPalette::Background]];}
.viewer td, .viewer tr, .twtable td, .twtable tr {border:1px solid [[ColorPalette::TertiaryDark]];}
.viewer pre {border:1px solid [[ColorPalette::SecondaryLight]]; background:[[ColorPalette::SecondaryPale]];}
.viewer code {color:[[ColorPalette::SecondaryDark]];}
.viewer hr {border:0; border-top:dashed 1px [[ColorPalette::TertiaryDark]]; color:[[ColorPalette::TertiaryDark]];}
.highlight, .marked {background:[[ColorPalette::SecondaryLight]];}
.editor input {border:1px solid [[ColorPalette::PrimaryMid]];}
.editor textarea {border:1px solid [[ColorPalette::PrimaryMid]]; width:100%;}
.editorFooter {color:[[ColorPalette::TertiaryMid]];}
#backstageArea {background:[[ColorPalette::Foreground]]; color:[[ColorPalette::TertiaryMid]];}
#backstageArea a {background:[[ColorPalette::Foreground]]; color:[[ColorPalette::Background]]; border:none;}
#backstageArea a:hover {background:[[ColorPalette::SecondaryLight]]; color:[[ColorPalette::Foreground]]; }
#backstageArea a.backstageSelTab {background:[[ColorPalette::Background]]; color:[[ColorPalette::Foreground]];}
#backstageButton a {background:none; color:[[ColorPalette::Background]]; border:none;}
#backstageButton a:hover {background:[[ColorPalette::Foreground]]; color:[[ColorPalette::Background]]; border:none;}
#backstagePanel {background:[[ColorPalette::Background]]; border-color: [[ColorPalette::Background]] [[ColorPalette::TertiaryDark]] [[ColorPalette::TertiaryDark]] [[ColorPalette::TertiaryDark]];}
.backstagePanelFooter .button {border:none; color:[[ColorPalette::Background]];}
.backstagePanelFooter .button:hover {color:[[ColorPalette::Foreground]];}
#backstageCloak {background:[[ColorPalette::Foreground]]; opacity:0.6; filter:'alpha(opacity:60)';}
/*}}}*/
/*{{{*/
* html .tiddler {height:1%;}
body {font-size:.75em; font-family:arial,helvetica; margin:0; padding:0;}
h1,h2,h3,h4,h5,h6 {font-weight:bold; text-decoration:none;}
h1,h2,h3 {padding-bottom:1px; margin-top:1.2em;margin-bottom:0.3em;}
h4,h5,h6 {margin-top:1em;}
h1 {font-size:1.35em;}
h2 {font-size:1.25em;}
h3 {font-size:1.1em;}
h4 {font-size:1em;}
h5 {font-size:.9em;}
hr {height:1px;}
a {text-decoration:none;}
dt {font-weight:bold;}
ol {list-style-type:decimal;}
ol ol {list-style-type:lower-alpha;}
ol ol ol {list-style-type:lower-roman;}
ol ol ol ol {list-style-type:decimal;}
ol ol ol ol ol {list-style-type:lower-alpha;}
ol ol ol ol ol ol {list-style-type:lower-roman;}
ol ol ol ol ol ol ol {list-style-type:decimal;}
.txtOptionInput {width:11em;}
#contentWrapper .chkOptionInput {border:0;}
.externalLink {text-decoration:underline;}
.indent {margin-left:3em;}
.outdent {margin-left:3em; text-indent:-3em;}
code.escaped {white-space:nowrap;}
.tiddlyLinkExisting {font-weight:bold;}
.tiddlyLinkNonExisting {font-style:italic;}
/* the 'a' is required for IE, otherwise it renders the whole tiddler in bold */
a.tiddlyLinkNonExisting.shadow {font-weight:bold;}
#mainMenu .tiddlyLinkExisting,
#mainMenu .tiddlyLinkNonExisting,
#sidebarTabs .tiddlyLinkNonExisting {font-weight:normal; font-style:normal;}
#sidebarTabs .tiddlyLinkExisting {font-weight:bold; font-style:normal;}
.header {position:relative;}
.header a:hover {background:transparent;}
.headerShadow {position:relative; padding:4.5em 0em 1em 1em; left:-1px; top:-1px;}
.headerForeground {position:absolute; padding:4.5em 0em 1em 1em; left:0px; top:0px;}
.siteTitle {font-size:3em;}
.siteSubtitle {font-size:1.2em;}
#mainMenu {position:absolute; left:0; width:10em; text-align:right; line-height:1.6em; padding:1.5em 0.5em 0.5em 0.5em; font-size:1.1em;}
#sidebar {position:absolute; right:3px; width:16em; font-size:.9em;}
#sidebarOptions {padding-top:0.3em;}
#sidebarOptions a {margin:0em 0.2em; padding:0.2em 0.3em; display:block;}
#sidebarOptions input {margin:0.4em 0.5em;}
#sidebarOptions .sliderPanel {margin-left:1em; padding:0.5em; font-size:.85em;}
#sidebarOptions .sliderPanel a {font-weight:bold; display:inline; padding:0;}
#sidebarOptions .sliderPanel input {margin:0 0 .3em 0;}
#sidebarTabs .tabContents {width:15em; overflow:hidden;}
.wizard {padding:0.1em 1em 0em 2em;}
.wizard h1 {font-size:2em; font-weight:bold; background:none; padding:0em 0em 0em 0em; margin:0.4em 0em 0.2em 0em;}
.wizard h2 {font-size:1.2em; font-weight:bold; background:none; padding:0em 0em 0em 0em; margin:0.4em 0em 0.2em 0em;}
.wizardStep {padding:1em 1em 1em 1em;}
.wizard .button {margin:0.5em 0em 0em 0em; font-size:1.2em;}
.wizardFooter {padding:0.8em 0.4em 0.8em 0em;}
.wizardFooter .status {padding:0em 0.4em 0em 0.4em; margin-left:1em;}
.wizard .button {padding:0.1em 0.2em 0.1em 0.2em;}
#messageArea {position:fixed; top:2em; right:0em; margin:0.5em; padding:0.5em; z-index:2000; _position:absolute;}
.messageToolbar {display:block; text-align:right; padding:0.2em 0.2em 0.2em 0.2em;}
#messageArea a {text-decoration:underline;}
.tiddlerPopupButton {padding:0.2em 0.2em 0.2em 0.2em;}
.popupTiddler {position: absolute; z-index:300; padding:1em 1em 1em 1em; margin:0;}
.popup {position:absolute; z-index:300; font-size:.9em; padding:0; list-style:none; margin:0;}
.popup .popupMessage {padding:0.4em;}
.popup hr {display:block; height:1px; width:auto; padding:0; margin:0.2em 0em;}
.popup li.disabled {padding:0.4em;}
.popup li a {display:block; padding:0.4em; font-weight:normal; cursor:pointer;}
.listBreak {font-size:1px; line-height:1px;}
.listBreak div {margin:2px 0;}
.tabset {padding:1em 0em 0em 0.5em;}
.tab {margin:0em 0em 0em 0.25em; padding:2px;}
.tabContents {padding:0.5em;}
.tabContents ul, .tabContents ol {margin:0; padding:0;}
.txtMainTab .tabContents li {list-style:none;}
.tabContents li.listLink { margin-left:.75em;}
#contentWrapper {display:block;}
#splashScreen {display:none;}
#displayArea {margin:1em 17em 0em 14em;}
.toolbar {text-align:right; font-size:.9em;}
.tiddler {padding:1em 1em 0em 1em;}
.missing .viewer,.missing .title {font-style:italic;}
.title {font-size:1.6em; font-weight:bold;}
.missing .subtitle {display:none;}
.subtitle {font-size:1.1em;}
.tiddler .button {padding:0.2em 0.4em;}
.tagging {margin:0.5em 0.5em 0.5em 0; float:left; display:none;}
.isTag .tagging {display:block;}
.tagged {margin:0.5em; float:right;}
.tagging, .tagged {font-size:0.9em; padding:0.25em;}
.tagging ul, .tagged ul {list-style:none; margin:0.25em; padding:0;}
.tagClear {clear:both;}
.footer {font-size:.9em;}
.footer li {display:inline;}
.annotation {padding:0.5em; margin:0.5em;}
* html .viewer pre {width:99%; padding:0 0 1em 0;}
.viewer {line-height:1.4em; padding-top:0.5em;}
.viewer .button {margin:0em 0.25em; padding:0em 0.25em;}
.viewer blockquote {line-height:1.5em; padding-left:0.8em;margin-left:2.5em;}
.viewer ul, .viewer ol {margin-left:0.5em; padding-left:1.5em;}
.viewer table, table.twtable {border-collapse:collapse; margin:0.8em 1.0em;}
.viewer th, .viewer td, .viewer tr,.viewer caption,.twtable th, .twtable td, .twtable tr,.twtable caption {padding:3px;}
table.listView {font-size:0.85em; margin:0.8em 1.0em;}
table.listView th, table.listView td, table.listView tr {padding:0px 3px 0px 3px;}
.viewer pre {padding:0.5em; margin-left:0.5em; font-size:1.2em; line-height:1.4em; overflow:auto;}
.viewer code {font-size:1.2em; line-height:1.4em;}
.editor {font-size:1.1em;}
.editor input, .editor textarea {display:block; width:100%; font:inherit;}
.editorFooter {padding:0.25em 0em; font-size:.9em;}
.editorFooter .button {padding-top:0px; padding-bottom:0px;}
.fieldsetFix {border:0; padding:0; margin:1px 0px 1px 0px;}
.sparkline {line-height:1em;}
.sparktick {outline:0;}
.zoomer {font-size:1.1em; position:absolute; overflow:hidden;}
.zoomer div {padding:1em;}
* html #backstage {width:99%;}
* html #backstageArea {width:99%;}
#backstageArea {display:none; position:relative; overflow: hidden; z-index:150; padding:0.3em 0.5em 0.3em 0.5em;}
#backstageToolbar {position:relative;}
#backstageArea a {font-weight:bold; margin-left:0.5em; padding:0.3em 0.5em 0.3em 0.5em;}
#backstageButton {display:none; position:absolute; z-index:175; top:0em; right:0em;}
#backstageButton a {padding:0.1em 0.4em 0.1em 0.4em; margin:0.1em 0.1em 0.1em 0.1em;}
#backstage {position:relative; width:100%; z-index:50;}
#backstagePanel {display:none; z-index:100; position:absolute; margin:0em 3em 0em 3em; padding:1em 1em 1em 1em;}
.backstagePanelFooter {padding-top:0.2em; float:right;}
.backstagePanelFooter a {padding:0.2em 0.4em 0.2em 0.4em;}
#backstageCloak {display:none; z-index:20; position:absolute; width:100%; height:100px;}
.whenBackstage {display:none;}
.backstageVisible .whenBackstage {display:block;}
/*}}}*/
/***
StyleSheet for use when a translation requires any css style changes.
This StyleSheet can be used directly by languages such as Chinese, Japanese and Korean which use a logographic writing system and need larger font sizes.
***/
/*{{{*/
body {font-size:0.8em;}
#sidebarOptions {font-size:1.05em;}
#sidebarOptions a {font-style:normal;}
#sidebarOptions .sliderPanel {font-size:0.95em;}
.subtitle {font-size:0.8em;}
.viewer table.listView {font-size:0.95em;}
.htmlarea .toolbarHA table {border:1px solid ButtonFace; margin:0em 0em;}
/*}}}*/
/*{{{*/
@media print {
#mainMenu, #sidebar, #messageArea, .toolbar, #backstageButton {display: none ! important;}
#displayArea {margin: 1em 1em 0em 1em;}
/* Fixes a feature in Firefox 1.5.0.2 where print preview displays the noscript content */
noscript {display:none;}
}
/*}}}*/
<!--{{{-->
<div class='header' macro='gradient vert [[ColorPalette::PrimaryLight]] [[ColorPalette::PrimaryMid]]'>
<div class='headerShadow'>
<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>
<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>
</div>
<div class='headerForeground'>
<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>
<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>
</div>
</div>
<div id='mainMenu' refresh='content' tiddler='MainMenu'></div>
<div id='sidebar'>
<div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'></div>
<div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'></div>
</div>
<div id='displayArea'>
<div id='messageArea'></div>
<div id='tiddlerDisplay'></div>
</div>
<!--}}}-->
<!--{{{-->
<div class='toolbar' macro='toolbar closeTiddler closeOthers +editTiddler > fields syncing permalink references jump'></div>
<div class='title' macro='view title'></div>
<div class='tagging' macro='tagging'></div>
<div class='tagged' macro='tags'></div>
<div class='viewer' macro='view text wikified'></div>
<div class='tagClear'></div>
<!--}}}-->
<!--{{{-->
<div class='toolbar' macro='toolbar +saveTiddler -cancelTiddler deleteTiddler'></div>
<div class='title' macro='view title'></div>
<div class='editor' macro='edit title'></div>
<div macro='annotations'></div>
<div class='editor' macro='edit text'></div>
<div class='editor' macro='edit tags'></div><div class='editorFooter'><span macro='message views.editor.tagPrompt'></span><span macro='tagChooser'></span></div>
<!--}}}-->
To get started with this blank TiddlyWiki, you'll need to modify the following tiddlers:
* SiteTitle & SiteSubtitle: The title and subtitle of the site, as shown above (after saving, they will also appear in the browser title bar)
* MainMenu: The menu (usually on the left)
* DefaultTiddlers: Contains the names of the tiddlers that you want to appear when the TiddlyWiki is opened
You'll also need to enter your username for signing your edits: <<option txtUserName>>
These InterfaceOptions for customising TiddlyWiki are saved in your browser
Your username for signing your edits. Write it as a WikiWord (eg JoeBloggs)
<<option txtUserName>>
<<option chkSaveBackups>> SaveBackups
<<option chkAutoSave>> AutoSave
<<option chkRegExpSearch>> RegExpSearch
<<option chkCaseSensitiveSearch>> CaseSensitiveSearch
<<option chkAnimate>> EnableAnimations
----
Also see AdvancedOptions
Secure initial pairing of electronic gadgets is a challenging problem, especially considering lack of any common security infrastructure. The main security issue is the threat of so-called ~Man-in-the-Middle (~MiTM) attacks, whereby an attacker inserts itself into the pairing protocol by impersonating one of the legitimate parties. A number of interesting techniques have been proposed, all of which involve the user in the pairing process. However, they are inapplicable to many common scenarios where devices to-be-paired do not possess required interfaces, such as displays, speakers, cameras or microphones.
In this project, we introduce BEDA (~Button-Enabled Device Association), a protocol suite for secure pairing devices with minimal user interfaces. The most common and minimal interface available on wide variety of devices is a single button. BEDA protocols can accommodate pairing scenarios where one (or even both) devices only have a single button as their user interface". Our usability study demonstrates that BEDA protocols involve very little human burden and are quite suitable for ordinary users.
!!!Related Publications
*Claudio Soriente, Gene Tsudik, Ersin Uzun. “[[BEDA: Button Enabled Device Pairing|http://www.ersinuzun.com/pub/BEDA.pdf]]”, International Workshop on Security for Spontaneous Interaction (IWSSI 2007) and UBICOMP 2007 workshop proceedings.
*Claudio Soriente, Gene Tsudik, Ersin Uzun, “[[Secure Pairing of Interface constrained Devices|http://www.ersinuzun.com/pub/IJSN-Soriente.pdf]]”, in International Journal on Security and Networks, Vol.4 No.1, 2009.
Introduction
Projects
People
Comparative usability tests are useful when the optimal user interface needs to be selected from several alternatives. However, performing comparative
usability tests is laborious, especially for distributed applications. In this extended abstract we present a usability test framework for one distributed application type: pairing methods. Using this framework developing new user interfaces for pairing methods and testing them for usability is easy and fast. Our framework also supports automated test sessions, event logging and error condition simulation.
!!!Related Publications
*Kari Kostiainen, Ersin Uzun, N. Asokan, Philip Ginzboorg, "[[Framework For Comparative Usability Testing of Distributed Applications|http://www.ersinuzun.com/pub/NRC-TR-2007-005.pdf]]", Technical Report, Nokia Research Center 2007. [[Extended abstract|http://sconce.ics.uci.edu/CUF/ex_abs.pdf]] appeared in Security User Studies: Methodologies and Best Practices Workshop in CHI'07.
The number and diversity of electronic gadgets has been steadily increasing and they are becoming indispensable to more and more professionals and non-professionals alike. At the same time, there has been fairly little progress in secure pairing of such devices. The pairing challenge revolves
around establishing on-the-fly secure communication without any trusted (on- or off-line) third parties between devices that have no prior association. The main security issue is the danger of so-called ~Man-in-the-Middle (~MiTM) attacks, whereby an adversary impersonates one of the devices by inserting itself into the pairing protocol. One basic approach to countering these ~MiTM attacks is to involve the user in the pairing process. Therein lies the usability challenge since it is natural to minimize user burden. Previous research yielded some interesting secure pairing techniques, some of which ask too much of the human user, while others assume availability of specialized equipment (e.g., wires, photo or video cameras) on devices. Furthermore, all prior methods assumed the existence of a common digital (human-imperceptible) communication medium, such as infrared, 802.11 or Bluetooth.
In this project we introduce a very simple technique called HAPADEP (~Human-Assisted Pure Audio Device Pairing). It places very little burden on the human user and requires no common means of electronic communication. Instead, HAPADEP uses the audio channel to exchange both data
and verification information among devices. It makes secure pairing possible even if devices are equipped only with a microphone and a speaker. Despite its simplicity, HAPADEP offers better user experience by eliminating the need to set-up a wireless communication (such as bluetooth or ~Wi-Fi) first and provides end-users easy to verify security controls.
!!!Related Publications
*Claudio Soriente, Gene Tsudik, Ersin Uzun. “[[HAPADEP: Human-Assisted Pure Audio (Secure) Device Pairing|http://portal.acm.org/citation.cfm?id=1432478.1432514&coll=ACM&dl=ACM]]”, in proceedings of the 11th international conference on Information Security (ISC’08).
*M.T. Goodrich, M. Sirivianos, J. Solis, C. Soriente, G. Tsudik, E. Uzun, “[[Using Audio in Secure Device Pairing|http://www.ersinuzun.com/pub/IJSN-Goodrich.pdf]]”, in International Journal on Security and Networks, Vol.4 No.1, 2009.
The SPROUT Usable Security Project began in Spring 2006 to increase the usability in security software. The security research community has become increasingly aware that the better usability is a key element to achieve better security. Thanks to recent advances in cryptography research, the tools and protocols available today are the least concern for security. What really determines the security of a software system today is the correct implementation and usage of those cryptographic tools and compliance of the end-user to the expected behavior.
Security software often depends on the end-user for critical tasks and decisions to function properly. However, usability problems in such software may result in severe vulnerabilities. As identified by the Computing Research Association in 2003; "Giving end-users security controls they can understand and privacy they can control for the dynamic, pervasive computing environments of the future." is one of the four grand challenges in computer science and we, as SPROUT Usable Security Group, address this grand challenge in different application domains. Our mission is analyzing current solutions in different application domains for usability problems and inventing better solutions or developing new cryptographic tools and/or user interfaces that would improve the usability and security of them.
!!!This research is supported by:
*NSF Grant "~CNS-1544373: The Effect of Sensory Stimuli on the Performance of ~Security-Critical Tasks".
*NSF Grant, "~CT-ISG-0831526: ~User-Aided Secure Association of Wireless Devices".
*Google Research Award, "Secure and Usable Group Association of Personal Wireless Devices".
We would like to also thank Nokia and NXP Semiconductors for providing us the various devices used in our user studies.
Secure pairing of electronic devices that lack any previous association is a challenging problem which has been considered in many contexts and in various flavors. In this project, we investigate the use of the audio channel for ~human-assisted authentication of previously ~un-associated devices. We develop and evaluate a system we call ~Loud-and-Clear (L&C) which places very little demand on the human user. L&C involves the use of a text-to-speech (TTS) engine to for vocalizing a robust-sounding and syntactically-correct (English-like) sentence derived from the hash of a device’s public key. By coupling vocalization on one device with the display of the same information on another device, we demonstrate that L&C is suitable for secure device pairing (e.g., key exchange) and similar tasks. We also describe several common use cases, provide some performance data for our prototype implementation and discuss the security properties of L&C.
!!!Related Publications
*Michael T. Goodrich, Michael Sirivianos, John Solis, Gene Tsudik, and Ersin Uzun, "[[Loud And Clear Human-Verifiable Authentication Based on Audio|http://www.ersinuzun.com/pub/icdcs.pdf]]", Proceedings of IEEE ICDCS'06.
*M.T. Goodrich, M. Sirivianos, J. Solis, C. Soriente, G. Tsudik, E. Uzun, “[[Using Audio in Secure Device Pairing|http://www.ersinuzun.com/pub/IJSN-Goodrich.pdf]]”, in International Journal on Security and Networks, Vol.4 No.1, 2009.
[[Introduction]]
[[Projects]]
[[Publications]]
[[People]]
!News
!!!!Magazine Article Published
!!!December 2017
"An Exploration of the Effects of Sensory Stimuli on the Completion of Security Tasks" authored by Bruce Berg, Tyler Kaczmarek, Alfred Kobsa and Gene Tsudik is accepted to appear in November/December Issue of IEEE Security & Privacy
!!!!Conference Paper Accepted
!!!April 2017
"Lights, Camera, Action! Exploring Effects of Visual Distractions on Completion of Security Tasks" authored by Bruce Berg, Tyler Kaczmarek, Alfred Kobsa and Gene Tsudik is accepted to appear in The 15th International Conference on Applied Cryptography and Network Security (ACNS 2017)
!!!!Workshop Paper Accepted
!!!January 2015
"An Unattended Study of Users Performing Security Critical Tasks Under Adversarial Noise" authored by Tyler Kaczmarek, Alfred Kobsa, Robert Sy, and Gene Tsudik is accepted to appear in the NDSS Workshop on Usable Security, 2015 (USEC 2015)
!!!June 2010
!!!!Conference Paper Accepted
"Readers Behaving Badly: Reader Revocation in PKI Based RFID Systems" authored by Rishab Nithyanand, Gene Tsudik, and Ersin Uzun, is accepted to appear at the 15th European Symposium on Research in Computer Security (ESORICS 2010).
!!!May 2010
!!!!Conference Paper Accepted
"~GroupThink: On the Usability of Secure Group Association of Wireless Devices" authored by Rishab Nithyanand, Nitesh Saxena, Gene Tsudik, and Ersin Uzun is accepted to appear at the 12th ACM International Conference on Ubiquitous Computing (~UbiComp 2010).
!!!!Poster Accepted
A poster "Check the Date: Reader Revocation in PKI Based RFID Systems" will be presented at the 31st IEEE Symposium of Security and Privacy.
!!!December 2009
!!!!Google Research Award
Gene Tsudik and Ersin Uzun have been awarded a Google Research Award for $50,000 for a research effort entitled "Secure and Usable Group Association of Personal Wireless Devices."
!!!August 2009
!!!!Journal Paper Accepted
"A Comparative Study of Secure Device Pairing Methods" authored by Arun Kumar, Nitesh Saxena, Gene Tsudik, and Ersin Uzun is accepted to appear in Pervasive and Mobile Computing Journal (PMC).
!!!!Conference Paper Accepted
"On the Usability of Secure Association of Wireless Devices Based On Distance Bounding" authored by Mario Cagalj, Nitesh Saxena, and Ersin Uzun, is accepted to appear in The 8th International Conference on Cryptology And Network Security (CANS'09).
!!!NSF Cybertrust Award
Gene Tsudik and Alfred Kobsa, in conjunction with Nitesh Saxena (Assistant Professor of Computer Science at NYU/Polytechnic and a SCONCE alumnus), have been awarded a $460,000 grant from the NSF Cybertrust program for a collaborative project titled: "~User-Aided Secure Association of Wireless Devices".
The grant will be used to research and design: (1) pairing methods suitable for common devices and the general user population, (2) secure pairing techniques for personal RFID tags, and (3) user-friendly, scalable and secure methods for sensor initialization.
SideBarOptions
OptionsPanel
AdvancedOptions
SideBarTabs
[[News]]
<!--{{{-->
<div class='header' macro='gradient vert [[ColorPalette::PrimaryLight]] [[ColorPalette::PrimaryMid]]'>
<div class='headerShadow'>
<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>
<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>
</div>
<div class='headerForeground'>
<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>
<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>
</div>
</div>
<div id='mainMenu' refresh='content' tiddler='MainMenu'></div>
<div id='sidebar'>
<div id='sidebarOptions' refresh='content' tiddler='News'></div>
<div id='sidebarTabs' refresh='content' force='true' tiddler=''></div>
</div>
<div id='displayArea'>
<div id='messageArea'></div>
<div id='tiddlerDisplay'></div>
</div>
<!--}}}-->
!!Current Members
[[Tyler Kaczmarek | http://sprout.ics.uci.edu/people/tkaczmar/index.html]]
[[Gene Tsudik|http://www.ics.uci.edu/~gts/]]
[[Alfred Kobsa|http://www.ics.uci.edu/~kobsa/]]
[[Bruce Berg|http://www.faculty.uci.edu/profile.cfm?faculty_id=2558]]
!!Alumni
[[Nitesh Saxena|http://saxena.cis.uab.edu/]]
[[Ersin Uzun|http://www.ersinuzun.com]]
[[Rishab Nithyanand|http://www.ics.uci.edu/~rishabn]]
[[Yang Wang|http://www.ics.uci.edu/~yangwang/]]
!!Current Project
* [[Effect of Adversarial Noise on Completion of Security Critical Tasks]]
!!Past Projects
* [[Usability Analysis of Device Pairing Methods]]
* [[Securing Personal RFID Tags and Infrastructures]]
* [[Framework For Comparative Usability Testing of Distributed Applications]]
* [[Loud and Clear]]
* [[HAPADEP]]
* [[BEDA]]
Related publications are also listed under each project.
!!!2020
*Bruce Berg, Tyler Kaczmarek, Alfred Kobsa, Gene Tsudik, "[[Exploring Effects of Auditory Stimuli on CAPTCHA Performance|http://www.usablesecurity.net/USEC/asiausec20/papers/AsiaUSEC20_paper_17.pdf]]" in Asia Workshop on Usable Security (AsiaUSEC 2020)
!!!2017
*Bruce Berg, Tyler Kaczmarek, Alfred Kobsa, Gene Tsudik, "[[An Exploration of the Effects of Sensory Stimuli on the Completion of Security Tasks|http://ieeexplore.ieee.org/document/8123485/?part=1]]" in IEEE Security 7 Privacy Magazine, volume 15, issue 6
*Bruce Berg, Tyler Kaczmarek, Alfred Kobsa, Gene Tsudik, "[[Lights, Camera, Action! Exploring Effects of Visual Distractions on Completion of Security Tasks|http://sprout.ics.uci.edu/pubs/Vision-Sec.pdf]]" in proceedings of The 15th International Conference on Applied Cryptography and Network Security (ACNS 2017)
!!!2015
*Tyler Kaczmarek, Alfred Kobsa, Gene Tsudik, "[[An Unattended Study of Users Performing Security Critical Tasks Under Adversarial Noise|http://www.ics.uci.edu/~gts/paps/noise-USEC15.pdf]]" in proceedings of the NDSS Workshop on Usable Security, 2015 (USEC 2015)
!!!2010
*Rishab Nithyanand, Gene Tsudik, Ersin Uzun, "[[Readers Behaving Badly: Reader Revocation in PKI-Based RFID Systems|http://eprint.iacr.org/2009/465.pdf]]", in proceedings of the 15th European Symposium on Research in Computer Security (ESORICS 2010), Sept 2010.
*Rishab Nithyanand, Nitesh Saxena, Gene Tsudik, Ersin Uzun. "[[ GroupThink: On the Usability of Secure Group Association of Wireless Devices"|http://www.ics.uci.edu/~euzun/pub/group.pdf]]", in proceedings of the 12th ACM International Conference on Ubiquitous Computing (~UbiComp 2010), Sept 2010.
*Rishab Nithyanand, Gene Tsudik, Ersin Uzun, "[[Check The Date: Reader Revocation in PKI-Based RFID Systems|http://www.ics.uci.edu/~euzun/pub/SP_poster_abs.pdf]]", poster at the 31st IEEE Symposium on Security and Privacy, May 2010.
!!!2009
*Arun Kumar, Nitesh Saxena, Gene Tsudik, Ersin Uzun. "[[A Comparative Study of Secure Device Pairing Methods|http://www.ersinuzun.com/pub/pmc.pdf]]", Pervasive and Mobile Computing Journal (PMC), Dec. 2009.
*Alfred Kobsa, Rahim Sonawalla, Gene Tsudik, Ersin Uzun, Yang Wang. “[[Serial Hook-Ups: A Comparative Usability Study of Secure Device Pairing Methods|http://www.ersinuzun.com/pub/soups09.pdf]]”, in proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS’09)
*Arun Kumar, Nitesh Saxena, Gene Tsudik, Ersin Uzun. “[[Caveat Emptor: A Comparative Study of Secure Device Pairing Methods|http://www.ersinuzun.com/pub/caveat.pdf]]”, in the proceedings of the 7th Annual IEEE International Conference on Pervasive Computing and Communications (IEEE ~PerCom’09).
*Mario Cagalj, Nitesh Saxena, Ersin Uzun. "On the Usability of Secure Association of Wireless Devices Based On Distance Bounding", in the proceedings of the 8th International Conference on Cryptology And Network Security (CANS'09).
*M.T. Goodrich, M. Sirivianos, J. Solis, C. Soriente, G. Tsudik, E. Uzun, “[[Using Audio in Secure Device Pairing|http://www.ersinuzun.com/pub/IJSN-Goodrich.pdf]]”, in International Journal on Security and Networks, Vol.4 No.1, 2009.
*Claudio Soriente, Gene Tsudik, Ersin Uzun, “[[Secure Pairing of Interface constrained Devices|http://www.ersinuzun.com/pub/IJSN-Soriente.pdf]]”, in International Journal on Security and Networks, Vol.4 No.1, 2009.
!!!2008
*Claudio Soriente, Gene Tsudik, Ersin Uzun. “[[HAPADEP: Human-Assisted Pure Audio (Secure) Device Pairing|http://portal.acm.org/citation.cfm?id=1432478.1432514&coll=ACM&dl=ACM]]”, in proceedings of the 11th international conference on Information Security (ISC’08).
!!!2007
*Claudio Soriente, Gene Tsudik, Ersin Uzun. “[[BEDA: Button Enabled Device Pairing|http://www.ersinuzun.com/pub/BEDA.pdf]]”, in the proceedings of the International Workshop on Security for Spontaneous Interaction (IWSSI 2007) and UBICOMP 2007 workshops.
*Ersin Uzun, Kristiina Karvonen, N. Asokan, "[[Usability Analysis of Secure Pairing Methods|http://www.ersinuzun.com/pub/EU-USEC07.pdf]]", in USEC'07. ([[Technical Report|http://www.ics.uci.edu/~euzun/pub/NRC-TR-2007-002.pdf]], Nokia Research 2007) ([[Presentation Slides|http://www.ersinuzun.com/presentations/Usability-of-pairing.pdf]])
*Kari Kostiainen, Ersin Uzun, N. Asokan, Philip Ginzboorg, "[[Framework For Comparative Usability Testing of Distributed Applications|http://www.ersinuzun.com/pub/NRC-TR-2007-005.pdf]]", Technical Report, Nokia Research Center 2007. [[Extended abstract|http://sconce.ics.uci.edu/CUF/ex_abs.pdf]] appeared in Security User Studies: Methodologies and Best Practices Workshop in CHI'07.
!!!2006
*Michael T. Goodrich, Michael Sirivianos, John Solis, Gene Tsudik, and Ersin Uzun, "[[Loud And Clear Human-Verifiable Authentication Based on Audio|http://www.ersinuzun.com/pub/icdcs.pdf]]", in the proceedings of IEEE ICDCS 2006.
The recent emergence of RFID tags that are capable of performing high level cryptographic operations (including public key operations) motivates new RFID applications, including electronic travel documents, identification cards, and payment instruments. This has introduced a new class of RFID tags which store sensitive owner specific data (e.g., biometrics) -- i.e., personal RFID tags.
The primary task of these tags is to identify and authenticate their authorized holders to authorized RFID readers . In such settings, we observe an important feature that distinguishes these tags from the more traditional RFID tags used in supply chain and inventory management is the involvement of a human user and the sensitive nature of data contained in the tags.
We take advantage of the user's awareness and presence to construct simple, efficient, secure, feasible, and (most importantly) usable solutions for important, yet largely ignored problems in such RFID systems. These include RFID reader revocation status checking in RFID public key infrastructures, secure user-to-tag authentication, and transaction verification in RFID enabled payment instruments.
We also evaluate the usability and practical security of each of our solutions via usability studies which include online surveys and actual tests using prototypes. Our approach to solving the above mentioned problems takes advantage of new low-power technologies such as OLED, ePaper, and other more recent advances in hardware integration on RFID tags. We use these technologies to improve security by applying them to establish secure I/O channels for communication between the tag owner, the personal tag, and the reader.
!!!Related Publications
*Rishab Nithyanand, Gene Tsudik, Ersin Uzun, "[[Readers Behaving Badly: Reader Revocation in PKI-Based RFID Systems|http://eprint.iacr.org/2009/465.pdf]]", in proceedings of the 15th European Symposium on Research in Computer Security (ESORICS 2010), Sept 2010.
*Rishab Nithyanand, Gene Tsudik, Ersin Uzun, "[[Check The Date: Reader Revocation in PKI-Based RFID Systems|http://www.ersinuzun.com/pub/SP_poster_abs.pdf]]", poster at the 31st IEEE Symposium on Security and Privacy, May 2010.
improving usability for better security
SPROUT Usable Security Group
http://sprout.ics.uci.edu/projects/usec/usec.html
User errors while performing security-critical tasks can lead to undesirable or even disastrous consequences. One major factor influencing mistakes and failures is complexity of such tasks, which has been studied extensively in prior research. Another important issue which hardly received any attention is the impact of both accidental and intended distractions on users performing security-critical tasks. In particular, it is unclear whether, and to what extent, unexpected sensory cues (e.g., auditory or visual) can influence user behavior and/or trigger mistakes. Better understanding of the effects of intended distractions will help clarify their role in adversarial models. In this project, we seek to define the impacts that the inclusion of adversarial noise has on user performance in the completion of these security critical tasks.
!!!Related Publications
*Bruce Berg, Tyler Kaczmarek, Alfred Kobsa, Gene Tsudik, "[[An Exploration of the Effects of Sensory Stimuli on the Completion of Security Tasks|http://ieeexplore.ieee.org/document/8123485/?part=1]]" in IEEE Security 7 Privacy Magazine, volume 15, issue 6
*Bruce Berg, Tyler Kaczmarek, Alfred Kobsa and Gene Tsudik. "[[Lights, Camera, Action! Exploring Effects of Visual Distractions on Completion of Security Tasks"|http://sprout.ics.uci.edu/pubs/Vision-Sec.pdf]]", in proceedings of The 15th International Conference on Applied Cryptography and Network Security, July 2017.
*Tyler Kaczmarek, Alfed Kobsa, Robert Sy, Gene Tsudik. "[[An Unattended Study of Users Performing Security Critical Tasks Under Adversarial Noise"|http://www.ics.uci.edu/~kobsa/papers/2015-NDSS-USEC-Kobsa.pdf]]", in proceedings of NDSS Workshop on Usable Security 2015 (USEC 2015), Feb 2015.
Setting up security associations between end-user devices is a challenging task when it needs to be done by ordinary users. The increasing popularity of powerful personal electronics with wireless communication abilities has made the problem more urgent than ever before. During the last few years, several solutions have appeared in the research literature. Several standardization bodies have also been working on improved setup procedures. All these protocols provide certain level of security, but several new questions arise, such as “how to implement this protocol so that it is easy to use?” and “is it still secure when used by a non-technical person?” In this project, we attempt to answer these questions by carrying out a comparative usability evaluation of selected methods to derive some insights into the usability and security of these methods as well as strategies for implementing them.
!!!Related Publications
*Rishab Nithyanand, Nitesh Saxena, Gene Tsudik, Ersin Uzun. "[[ GroupThink: On the Usability of Secure Group Association of Wireless Devices"|http://www.ics.uci.edu/~euzun/pub/group.pdf]]", in proceedings of the 12th ACM International Conference on Ubiquitous Computing (~UbiComp 2010), Sept 2010.
*Arun Kumar, Nitesh Saxena, Gene Tsudik, Ersin Uzun. "[[A Comparative Study of Secure Device Pairing Methods|http://www.ersinuzun.com/pub/pmc.pdf]]", Pervasive and Mobile Computing Journal (PMC), Dec. 2009.
*Alfred Kobsa, Rahim Sonawalla, Gene Tsudik, Ersin Uzun, Yang Wang. “[[Serial Hook-Ups: A Comparative Usability Study of Secure Device Pairing Methods|http://www.ersinuzun.com/pub/soups09.pdf]]”, in proceedings of The Fifth Symposium on Usable Privacy and Security (SOUPS’09).
*Arun Kumar, Nitesh Saxena, Gene Tsudik, Ersin Uzun. “[[Caveat Emptor: A Comparative Study of Secure Device Pairing Methods|http://www.ersinuzun.com/pub/caveat.pdf]]”, in proceedings of the 7th Annual IEEE International Conference on Pervasive Computing and Communications (IEEE ~PerCom’09).
*Mario Cagalj, Nitesh Saxena, Ersin Uzun. "On the Usability of Secure Association of Wireless Devices Based On Distance Bounding".in proceedings of the 8th International Conference on Cryptology And Network Security (CANS'09).
*Ersin Uzun, Kristiina Karvonen, N. Asokan, "[[Usability Analysis of Secure Pairing Methods|http://www.ersinuzun.com/pub/EU-USEC07.pdf]]", in USEC'07. ([[Technical Report|http://www.ersinuzun.com/pub/NRC-TR-2007-002.pdf]], Nokia Research 2007) ([[Presentation Slides|http://www.ersinuzun.com/presentations/Usability-of-pairing.pdf]])
<!--{{{-->
<div class='toolbar' macro='toolbar closeTiddler closeOthers +editTiddler' ></div>
<div class='title' macro='view title'></div>
<div class='viewer' macro='view text wikified'></div>
<!--}}}-->