cylab news
CyLab Researchers Win “Best Paper” Award at Prestigious MobiSys 2009
“SPATE: Small-group PKI-less Authenticated Trust Establishment” has been named Best Paper at MobiSys 2009.
The five of the paper’s ten authors, including Adrian Perrig, CyLab Technical Director, graduate student Ahren Studer, and Jonathan McCune, also of CyLab, are Carnegie Mellon researchers. SPATE’s other authors include Yue-Hsun Lin, National Tsing-Hua University; King-Hang Wang, National Tsing-Hua University; Maxwell Krohn, Carnegie Mellon University; Phen-Lan Lin, Providence University; Hung-Min Sun, National Tsing-Hua University; and Bo-Yin Yang, Academia Sinica.
MobiSys 2009, the 7th Annual International Conference on Mobile Systems, Applications and Services was held from June 22 to June 25, 2009 in Kraków, Poland. The event, jointly sponsored by ACM SIGMOBILE and the USENIX Association, focused on “innovative and significant research on the design, implementation, usage, and evaluation of mobile computing and wireless systems, applications, and services.”
Here are two excerpts from “SPATE: Small-group PKI-less Authenticated Trust Establishment,” followed by a link to the full text:
Establishing trust between a group of individuals remains a difficult problem. Prior works assume trusted infrastructure, require an individual to trust unknown entities, or provide relatively low probabilistic guarantees of authenticity (95% for realistic settings). This work presents SPATE, a primitive that allows users to establish trust via device mobility and physical interaction. Once the SPATE protocol runs to completion, its participants’ mobile devices have authentic data that their applications can use to interact securely (i.e., the probability of a successful attack is 2-24). For this work, we leverage SPATE as part of a larger system to facilitate efficient, secure, and user-friendly collaboration via email and file-sharing services. Our implementation of SPATE on Nokia N70 smartphones allows users to establish trust in small groups of up to eight users in less than one minute. The two example SPATE applications provide increased security with no overhead noticeable to users once keys are established …
The foundation of the SPATE system is the SPATE protocol, which runs on mobile phones with the objective of sharing authenticated data among members of a small group. Participants initiate the protocol by invoking an application on their phones and indicating the number of people in the group. The phones then exchange information via Bluetooth. The danger in this scenario is a Man-in-the-Middle (MitM) attack, by which a nearby adversary can inject inauthentic data into the exchange. To prevent such an attack, at the end of the protocol, all mobile devices check that they received the correct number of data items and display a visual hash function [13,33] computed over the exchanged data. The participants check that all devices agree on the hash. If both checks succeed, then the group participants have guarantees that: (1) each participant contributed exactly one data element to the collective; (2) that no one outside the group contributed data; and (3) the data distributed.
To read the full text, download the PDF version of the paper.