events contact us
Home > Research > Security & Privacy > Usable Security: Technical Overview
Search the complete PARC site
 

Usable Security: Technical Overview

The Problem

To establish secure communication between two networked devices, the devices must recognize each other through shared "trust" information. Exchanging this shared trust information in a secure way is referred to as the key distribution problem.

Traditional approaches to addressing the key distribution problem require devices to participate in an existing, centrally managed infrastructure--for example, both devices know the secret password, have copies of each other's public keys, or belong to the same PKI (Public Key Infrastructure) while knowing each other's names.

However, a centrally managed infrastructure isn't appropriate for constantly interacting mobile and other new devices brought into the home. We need a way to allow two devices to communicate securely with each other even if they know nothing about each other beforehand. Such secure communication would support a wide variety of applications such as exchanging data, issuing credentials, setting configurations, and so on.

The Solution

PARC reseachers have solved this key distribution problem in a simple, easy-to-use manner. A user can initiate communication between his device and another device in the area by simply "pointing out" the target device using a location-limited channel.

A location-limited channel is a communication channel (through touch, infrared, sound, capacitive signaling) that allows the user to precisely control which devices in close physical proximity it communicates with. For example, the user can simply touch the two devices together, indicate the target device by pointing over an infrared channel, and so on.

With this simple and intuitive gesture, the user actually sends a small amount of cryptographic information—an identifier or "fingerprint" for a public key—across the more trusted location-limited channel, and the target device sends a similar identifier back.  The devices can then authenticate each other and communicate securely over any network (they "agree" to trust that the device has a private key which corresponds to the public key received over the location-limited channel).

Location-limited channels such as infrared pointing or physical contact convey a strong, physical, and intuitive feeling of "pointing out". For less mobile devices, a passive USB storage token can be used to exchange authentication information. For multiple devices, audio channels allow the exchange of authentication information between them all at once, thus enabling secure group communication.  Almost all of these approaches can also be used with devices where traditional password-based authentication would be impossible (for example, if the device does not have a keyboard).

Applications

Securing Off-the-Shelf Protocols

One of the most appealing features of the location-limited channel approach is that it provides a simple and intuitive mechanism for establishing trust in public keys. Once trusted keys are established, they could then be used in a wide variety of standardized cryptographic protocols (which were previously held back because of the key distribution problem). 

PARC's technology allows the security of well-established, scrutinized protocols to be combined with an unprecedented ease of use. Devices configured using PARC's intuitive technology can also interoperate seamlessly with standard off-the-shelf devices, because the technology is only used during initial configuration.

For example, SSL or TLS (a standard protocol used to secure the vast majority of web traffic) allows communicating parties to securely authenticate each other by obtaining and verifying a digital certificate that the other trusts. However, in order to obtain these certificates,  both parties must enroll in a PKI, which is a cumbersome and time-consuming process. Most TLS users have therefore opted to use the less-secure method of authenticating clients with passwords, to avoid the difficulty of issuing them certificates.

PARC technology can be used to secure TLS exchanges by authenticating the parties' public keys over the location-limited channel (devices will successfully complete a TLS handshake only if they've been "introduced" to each other by a human user through such a channel). While users no longer need to participate in a global PKI, it becomes extremely easy to set up a small PKI by simply issuing a certificate over the now secure, authenticated, location-limited channel. 

PARC's approach can be used to authenticate any public key-based exchange protocol, while still addressing the key distribution problem.

Network-in-a-Box Solution

 
BUSINESS CONTACT
Mark Grandcolas
Director of Business Development, Computing Science Laboratory
650-812-4429
   

(Logo/Homepage) PARC - Palo Alto Research Center

home | about | research | events | contact | top of page

info@parc.com
privacy policy

Copyright © 2002-2007 Palo Alto Research Center Incorporated. All Rights Reserved.
PARC, the PARC Logo, AspectJ, DataGlyph, Obje, Silx, StressedMetal, and ClawConnect
are trademarks or registered trademarks of Palo Alto Research Center Incorporated.