research-article

Checksum gestures: continuous gestures as an out-of-band channel for secure pairing

Authors:

Sourav Bhattacharya,

Giulio Jacucci,

Sasu TarkomaAuthors Info & Claims

UbiComp '15: Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing

Pages 391 - 401

https://doi.org/10.1145/2750858.2807521

Published: 07 September 2015 Publication History

Abstract

We propose the use of a single continuous gesture as a novel, intuitive, and efficient mechanism to authenticate a secure communication channel. Our approach builds on a novel algorithm for encoding (at least 20-bits) authentication information as a single continuous gesture, referred to as a checksum gesture. By asking the user to perform the generated gesture, a secure channel can be authenticated. Results from a controlled user experiment (N = 13 participants, 1022 trials) demonstrate the feasibility of our technique, showing over 90% success rate in establishing a secure communication channel despite relying on complex gesture patterns. The authentication times of our method are over three-folds faster than with previous gesture-based solutions. The average execution time of a gesture is 5:7 seconds in our study, which is comparable to the input time of conventional text input based PIN authentication. Our approach is particularly well-suited for scenarios involving wearable devices that lack conventional input capabilities, e.g., pairing a smartwatch with an interactive display.

References

[1]

Agrawal, S., Constandache, I., Gaonkar, S., Choudhury, R. R., Caves, K., and DeRuyter, F. Using mobile phones to write in air. In Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services (MobiSys 2011) (2011).

Digital Library

[2]

Balfanz, D., Smetters, D. K., Stewart, P., and Wong, H. C. Talking to strangers: Authentication in ad-hoc wireless networks. In Proceedings of the Network and Distributed System Security Symposium (NDSS) (2002).

[3]

Buhan, I., Boom, B., Doumen, J., Hartel, P. H., and Veldhuis, R. N. Secure pairing with biometrics. International Journal of Security and Networks 4 (2009), 27--42.

Digital Library

[4]

Castelluccia, C., and Mutaf, P. Shake them up!: a movement-based pairing protocol for CPU-constrained devices. In Proceedings of the 3rd International Conference on Mobile Systems, Applications, and Services (MobiSys) (2005).

Digital Library

[5]

Castelluccia, S. J., and MacKenzie, I. S. Gathering Text Entry Metrics on Android Devices. In Proceedings of Extended Abstracts on Human Factors in Computing Systems, ACM (2011), 1507--1512.

Digital Library

[6]

Chagnaadorj, O., and Tanaka, J. Gesture input as an out-of-band channel. Journal of Information Processing Systems 10 (2014), 92--102.

[7]

Chong, M. K., and Gellersen, H. Usability classification for spontaneous device association. Personal and Ubiquitous Computing 16 (2012), 77--89.

Digital Library

[8]

Chong, M. K., Marsden, G., and Gellersen, H. GesturePIN: using discrete gestures for associating mobile devices. In Proceedings of the 12th Conference on Human-Computer Interaction with Mobile Devices and Services (MobileHCI), ACM (2010), 261--264.

Digital Library

[9]

Chong, M. K., Mayrhofer, R., and Gellerse, H. A survey of user interaction for spontaneous device association. ACM Computing Surveys 47, 1 (2014), Article 8.

Digital Library

[10]

Dolev, D., and Yao, A. C. On the security of public key protocols. IEEE Transactions on Information Theory 29 (1983), 198--208.

Digital Library

[11]

Goodrich, M. T., Sirivianos, M., Solis, J., Tsudik, G., and Uzun, E. Loud and Clear: Human-Verifiable Authentication Based on Audio. In Proceedings of the 26th IEEE International Conference on Distributed Computing Systems (ICDCS) (2006).

Digital Library

[12]

Hemminki, S., Nurmi, P., and Tarkoma, S. Gravity and linear acceleration estimation on mobile devices. In Proceedings of the 11th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (Mobiquitous) (2014).

Digital Library

[13]

Ion, I., Langheinrich, M., Kumaraguru, P., and Čapkun, S. Influence of user perception, security needs, and social factors on device pairing method. In Proceedings of the Sixth Symposium on Usable Privacy and Security (SOUPS) (2010).

Digital Library

[14]

Kainda, R., Flechais, I., and Roscoe, A. W. Two heads are better than one: security and usability of device associations in group scenarios. In Proceedings of the Sixth Symposium on Usable Privacy and Security (SOUPS), ACM (2010).

Digital Library

[15]

Kamal, A., Li, Y., and Lank, E. Teaching motion gestures via recognizer feedback. In Proceedings of the 19th International Conference on Intelligent User Interfaces (IUI) (2014).

Digital Library

[16]

Kindberg, T., and Zhang, K. Secure spontaneous device association. In Proceedings of the 5th International Conference on Ubiquitous Computing (Ubicomp) (2003), 124--131.

[17]

Kray, C., Kortuem, G., and Krüger, A. Adaptive navigation support with public displays. In Proceedings of the 10th International Conference on Intelligent User Interfaces, ACM Press (2005), 326--328.

Digital Library

[18]

Kristensson, P. O., and Zhai, S. SHARK²: a large vocabulary shorthand writing system for pen-based computers. In Proceedings of the 17th Annual ACM Symposium on User Interface Software and Technology (UIST) (2004).

Digital Library

[19]

Kurtenbach, G., and Buxton, W. The Limits of Expert Performance Using Hierarchic Marking Menus. In Proceedings of the INTERACT '93 and CHI '93 Conference on Human Factors in Computing Systems (1993).

Digital Library

[20]

Laur, S., and Nyberg, K. Efficient mutual data authentication using manually authenticated strings. In Proceedings of the 5th International Conference on Cryptology and Network Security (2006), 90--107.

Digital Library

[21]

Lehtinen, V., Oulasvirta, A., Salovaara, A., and Nurmi, P. Dynamic tactile guidances for visual search tasks. In Proceedings of the ACM Symposium on User Interface Software and Technology (UIST), ACM (2012).

Digital Library

[22]

Li, Y. Protractor: A Fast and Accurate Gesture Recognizer. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI) (2010).

Digital Library

[23]

Madgwick, S. O. H., Harrison, A. J. L., and Vaidyanathan, R. Estimation of IMU and MARG orientation using a gradient descent algorithm. In Proceedings of the IEEE International Conference on Rehabilitation Robotics, IEEE (2011), 1--7.

[24]

Mayrhofer, R., and Gellersen, H. On the security of ultrasound as out-of-band channel. In Proceedings of the 21th International Parallel and Distributed Processing Symposium (IPDPS) (2007).

[25]

Mayrhofer, R., and Gellersen, H. Shake well before use: Intuitive and secure pairing of mobile devices. IEEE Transactions on Mobile Computing 6, 6 (2009), 792--806.

Digital Library

[26]

Mayrhofer, R., and Welch, M. A human-verifiable authentication protocol using visible laser light. In Proceedings of the The Second International Conference on Availability, Reliability and Security (ARES) (2007).

Digital Library

[27]

McCune, J. M., Perrig, A., and Reiter, M. K. Seeing-is-believing: using camera phones for human-verifiable authentication. IJSN 4 (2009), 43--56.

Digital Library

[28]

Müller, J., Alt, F., Michelis, D., and Schmidt, A. Requirements and design space for interactive public displays. In Proceedings of the International Conference on Multimedia (2010).

Digital Library

[29]

Oulasvirta, A., Roos, T., Modig, A., and Leppänen, L. Information capacity of full-body movements. In Proceedings of the 2013 ACM annual conference on Human factors in computing systems (CHI), ACM (2013), 1289--1298.

Digital Library

[30]

Park, D. G., Kim, J. K., Sung, J. B., Hwang, J. H., Hyung, C. H., and Kang, S. W. TAP: touch-and-play. In Proceedings of the 2006 Conference on Human Factors in Computing Systems (CHI) (2006).

Digital Library

[31]

Patel, S. N., Pierce, J. S., and Abowd, G. D. A gesture-based authentication scheme for untrusted public terminals. In Proceedings of the 17th Annual ACM Symposium on User Interface Software and Technology (UIST), ACM (2004), 157--160.

Digital Library

[32]

Pering, T., Ballagas, R., and Want, R. Spontaneous marriages of mobile devices and interactive spaces. Communications of the ACM 48 (2005), 53--59.

Digital Library

[33]

Perrig, A., and Song, D. Hash visualization: a new technique to improve real-world security. In Cryptographic Techniques and E-Commerce (CrypTEC) (1999).

[34]

Saxena, N., Ekberg, J.-E., Kostiainen, K., and Asokan, N. Secure device pairing based on a visual channel. In IEEE Symposium on Security and Privacy (2006).

Digital Library

[35]

Saxena, N., Uddin, M. B., and Voris, J. Universal device pairing using an auxiliary device. In Proceedings of the 4th Symposium on Usable Privacy and Security (SOUPS) (2008).

Digital Library

[36]

Schürmann, D., and Sigg, S. Secure communication based on ambient audio. IEEE Trans. Mob. Comput. 12, 2 (2013), 358--370.

Digital Library

[37]

Sethi, M., Antikainen, M., and Aura, T. Commitment-based device pairing with synchronized drawing. In Proceedings of the IEEE International Conference on Pervasive Computing and Communications, IEEE (2014).

[38]

Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., and Glezer, C. Google Android: A Comprehensive Security Assessment. IEEE Security & Privacy 8 (2010), 35--44.

Digital Library

[39]

Stajano, F., and Anderson, R. J. The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks. In Proceedings of the 7th International Workshop on Security Protocols (1999).

Digital Library

[40]

Stiefmeier, T., Roggen, D., and Tröster, G. Gestures Are Strings: Efficient Online Gesture Spotting and Classification Using String Matching. In Proceedings of the ICST 2Nd International Conference on Body Area Networks (2007).

Digital Library

[41]

Suomalainen, J., Valkonen, J., and Asokan, N. Standards for security associations in personal networks: a comparative analysis. International Journal of Security and Networks 4 (2009), 87--100.

Digital Library

[42]

Tian, J., Qu, C., Xu, W., and Wang, S. KinWrite: Handwriting-Based Authentication Using Kinect. In Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS) (2013).

[43]

Uzun, E., Karvonen, K., and Asokan, N. Usability Analysis of Secure Pairing Methods. In Proceedings of the 11th International Conference on Financial Cryptography and Data Security FC and the 1st International Workshop on Usable Security USEC (2007), 307--324.

Digital Library

[44]

Vatavu, R.-D. The effect of sampling rate on the performance of template-based gesture recognizers. In Proceedings of the 13th International Conference on Multimodal Interfaces (ICMI) (2011).

Digital Library

[45]

Vaudenay, S. Secure communications over insecure channels based on short authenticated strings. In Advances in Cryptology - Proceedings of the 25th Annual International Cryptology Conference (CRYPTO) (2005).

Digital Library

[46]

Wilson, A. D., and Sarin, R. BlueTable: Connecting Wireless Mobile Devices on Interactive Surfaces Using Vision-based Handshaking. In Proceedings of Graphics Interface (GI) (2007).

Digital Library

[47]

Wobbrock, J. O., Wilson, A. D., and Li, Y. Gestures without libraries, toolkits or training: a $1 recognizer for user interface prototypes. In Proceedings of the 20th Annual ACM Symposium on User Interface Software and Technology (UIST), ACM (2007), 159--168.

Digital Library

[48]

Ye, Y. Gestimator: A Fast, Accurate and Robust Gesture Recognition Method. Master's thesis, Department of Computer Science, University of Helsinki, 2015.

Cited By

Zhang MMarin ERyan MKostakos VMurray TTag BOswald D(2024)OOBKey: Key Exchange with Implantable Medical Devices Using Out-Of-Band ChannelsProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670876(1-13)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670876
Wang YGu TZhang YLyu MLi H(2024)Exploring a Secure Device Pairing Using Human Body as a ConductorIEEE Transactions on Mobile Computing10.1109/TMC.2024.340601623:12(12097-12112)Online publication date: Dec-2024
https://doi.org/10.1109/TMC.2024.3406016
He WLin JZou YCao W(2024)Cop: Continuously Pairing of Heterogeneous Wearable Devices Based on HeartbeatKnowledge Science, Engineering and Management10.1007/978-981-97-5498-4_20(261-273)Online publication date: 27-Jul-2024
https://doi.org/10.1007/978-981-97-5498-4_20
Show More Cited By

Index Terms

Checksum gestures: continuous gestures as an out-of-band channel for secure pairing

Recommendations

Tactile interaction gestures: a wearable hand tactile system for interacting with ubiquitous information
UbiComp/ISWC'15 Adjunct: Adjunct Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing and Proceedings of the 2015 ACM International Symposium on Wearable Computers

The aim of this research is to study how haptic and sensing on the hand enable ubiquitous interaction with information through hand gestures. A wearable tactile system for the hand is developed offering distributed sensing and tactile feedback around ...
An ontology for reasoning on body-based gestures
EICS '19: Proceedings of the ACM SIGCHI Symposium on Engineering Interactive Computing Systems

Body-based gestures, such as acquired by Kinect sensor, today benefit from efficient tools for their recognition and development, but less for automated reasoning. To facilitate this activity, an ontology for structuring body-based gestures, based on ...
Abacus Gestures: A Large Set of Math-Based Usable Finger-Counting Gestures for Mid-Air Interactions

Designing an extensive set of mid-air gestures that are both easy to learn and perform quickly presents a significant challenge. Further complicating this challenge is achieving high-accuracy detection of such gestures using commonly available hardware, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

UbiComp '15: Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing

September 2015

1302 pages

ISBN:9781450335744

DOI:10.1145/2750858

General Chairs:
Kenji Mase
Nagoya University, JP
,
Marc Langheinrich
Università della Svizzera italiana (USI), CH
,
Daniel Gatica-Perez
IDIAP-EPFL, CH
,
Program Chairs:
Hans Gellersen
Lancaster University, UK
,
Tanzeem Choudhury
Cornell University
,
Koji Yatani
Univerisity of Tokyo, JP

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Yahoo! Japan: Yahoo! Japan
SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing
FX Palo Alto Laboratory, Inc.: FX Palo Alto Laboratory, Inc.
Google Inc.
ACM: Association for Computing Machinery
Rakuten Institute of Technology: Rakuten Institute of Technology
Microsoft: Microsoft
Bell Labs: Bell Laboratories
SIGCHI: ACM Special Interest Group on Computer-Human Interaction
KDDI
Panasonic: Panasonic Corporation
NTT DoCoMo
Telefónica: Telefónica
ISTC-PC: Intel Science and Technology Center for Pervasive Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 September 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

UbiComp '15

Sponsor:

Yahoo! Japan
SIGMOBILE
FX Palo Alto Laboratory, Inc.
ACM
Rakuten Institute of Technology
Microsoft
Bell Labs
SIGCHI
Panasonic
Telefónica
ISTC-PC

UbiComp '15: The 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing

September 7 - 11, 2015

Osaka, Japan

Acceptance Rates

UbiComp '15 Paper Acceptance Rate 101 of 394 submissions, 26%;

Overall Acceptance Rate 764 of 2,912 submissions, 26%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

20
Total Citations
View Citations
647
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 28 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhang MMarin ERyan MKostakos VMurray TTag BOswald D(2024)OOBKey: Key Exchange with Implantable Medical Devices Using Out-Of-Band ChannelsProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670876(1-13)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670876
Wang YGu TZhang YLyu MLi H(2024)Exploring a Secure Device Pairing Using Human Body as a ConductorIEEE Transactions on Mobile Computing10.1109/TMC.2024.340601623:12(12097-12112)Online publication date: Dec-2024
https://doi.org/10.1109/TMC.2024.3406016
He WLin JZou YCao W(2024)Cop: Continuously Pairing of Heterogeneous Wearable Devices Based on HeartbeatKnowledge Science, Engineering and Management10.1007/978-981-97-5498-4_20(261-273)Online publication date: 27-Jul-2024
https://doi.org/10.1007/978-981-97-5498-4_20
Lee KYang YPrabhune OChithra AWest JFawaz KKlingensmith NBanerjee SKim Y(2022)AEROKEYProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/35172546:1(1-29)Online publication date: 29-Mar-2022
https://dl.acm.org/doi/10.1145/3517254
Wang YGu TZhang YLyu MLuan TLi H(2022)Enabling secure touch-to-access device pairing based on human body's electrical responseProceedings of the 28th Annual International Conference on Mobile Computing And Networking10.1145/3495243.3564146(556-569)Online publication date: 14-Oct-2022
https://dl.acm.org/doi/10.1145/3495243.3564146
Sen SKotz DDavidsson PLangheinrich M(2020)VibeRingProceedings of the 10th International Conference on the Internet of Things10.1145/3410992.3410995(1-8)Online publication date: 6-Oct-2020
https://dl.acm.org/doi/10.1145/3410992.3410995
Li XZeng QLuo LLuo TLigatti JOu XKatz JVigna G(2020)T2Pair: Secure and Usable Pairing for Heterogeneous IoT DevicesProceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security10.1145/3372297.3417286(309-323)Online publication date: 30-Oct-2020
https://dl.acm.org/doi/10.1145/3372297.3417286
Sen SMishra VKotz DHarle RFarrahi KLane N(2019)Using vibrations from a SmartRing as an out-of-band channel for sharing secret keysAdjunct Proceedings of the 2019 ACM International Joint Conference on Pervasive and Ubiquitous Computing and Proceedings of the 2019 ACM International Symposium on Wearable Computers10.1145/3341162.3343818(198-201)Online publication date: 9-Sep-2019
https://dl.acm.org/doi/10.1145/3341162.3343818
Mei SLiu ZZeng YYang LMa J(2019)Listen!: Audio-based Smart IoT Device Pairing Protocol2019 IEEE 19th International Conference on Communication Technology (ICCT)10.1109/ICCT46805.2019.8947178(391-397)Online publication date: Oct-2019
https://doi.org/10.1109/ICCT46805.2019.8947178
Luo ZWang WXiao JHuang Qjiang TZhang Q(2018)Authenticating On-Body Backscatter by Exploiting Propagation SignaturesProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/32660022:3(1-22)Online publication date: 18-Sep-2018
https://dl.acm.org/doi/10.1145/3266002
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten