Refereed journal articles

Authenticating spontaneous interactions between devices and users is challenging for several reasons: the wireless (and therefore invisible) nature of device communication, the heterogeneous nature of devices and lack of appropriate user interfaces in mobile devices, and the requirement for unobtrusive user interaction. The most promising approach that has been proposed in literature involves the exploitation of so-called auxiliary channels for authentication to bridge the gap between usability and security. This concept has spawned the independent development of various authentication methods and research prototypes, that, unfortunately, remain hard to compare and interchange and are rarely available to potential application developers. We present a novel, unified cryptographic authentication protocol framework (UACAP) to unify these approaches and analyze its security properties. This protocol and a selection of auxiliary channels aimed at authentication of mobile devices has been implemented and released in an open source ubiquitous authentication toolkit (OpenUAT). We also present an initial user study evaluating four of these channels.

Spatial messaging is a direct extension to text and other multi-media messaging services that have become highly popular with the current pervasiveness of mobile communication. It offers benefits especially to mobile computing, providing localized and therefore potentially more appropriate delivery of nearly arbitrary content. Location is one of the most interesting attributes that can be added to messages in current applications, including gaming, social networking, or advertising services. However, location is also highly critical in terms of privacy. If a spatial messaging platform could collect the location traces of all its users, detailed profiling would be possible - and, considering commercial value of such profiles, likely.

A challenge in facilitating spontaneous mobile interactions is to provide pairing methods that are both intuitive and secure. Simultaneous shaking is proposed as a novel and easy-to-use mechanism for pairing of small mobile devices. The underlying principle is to use common movement as a secret that the involved devices share for mutual authentication. We present two concrete methods, ShaVe and ShaCK, in which sensing and analysis of shaking movement is combined with cryptographic protocols for secure authentication. ShaVe is based on initial key exchange followed by exchange and comparison of sensor data for verification of key authenticity. ShaCK, in contrast, is based on matching features extracted from the sensor data to construct a cryptographic key. The classification algorithms used in our approach are shown to robustly separate simultaneous shaking of two devices from other concurrent movement of a pair of devices, with a false negative rate of under 12 percent. A user study confirms that the method is intuitive and easy to use, as users can shake devices in an arbitrary pattern.

Small, mobile devices or infrastructure devices without user interfaces, such as Bluetooth headsets, wireless LAN access points, or printers, often need to communicate securely over wireless networks. Active attacks can only be prevented by authenticating wireless communication, which is problematic when devices do not have any a priori information about each other. In this article, we describe three different authentication methods for device-to-device authentication based on sensor data from various physical out-of-band channels: shaking devices together, authentication based on spatial reference, and transmission via visible laser.

Spontaneous interaction in wireless ad-hoc networks is often desirable not only between users or devices in direct contact, but also with devices that are accessible only via a wireless network. Secure communication with such devices is difficult because of the required authentication, which is often either password- or certificate-based. An intuitive alternative is context-based authentication, where device authenticity is verified by shared context, and often by direct physical evidence. Devices that are physically separated cannot experience the same context and thus cannot benefit directly from context authentication. We introduce a context authentication proxy that is pre-authenticated with one of the devices and can authenticate with the other by shared context. This concept is applicable to a wide range of application scenarios, context sensing technologies, and trust models. We show its practicality in an implementation for setting up IPSec connections based on spatial reference. Our specific scenario is ad-hoc access of mobile devices to secure 802.11 WLANs using a mobile device as authentication proxy. A user study shows that our method and implementation are intuitive to use and compare favourably to a standard, password-based approach.

Current mobile devices like mobile phones or personal digital assistants have become more and more powerful; they already offer features that only few users are able to exploit to their whole extent. With a number of upcoming mobile multimedia applications, ease of use becomes one of the most important aspects. One way to improve usability is to make devices aware of the user’s context, allowing them to adapt to the user instead of forcing the user to adapt to the device. Our work is taking this approach one step further by not only reacting to the current context, but also predicting future context, hence making the devices proactive. Mobile devices are generally suited well for this task because they are typically close to the user even when not actively in use. This allows such devices to monitor the user context and act accordingly, like automatically muting ring or signal tones when the user is in a meeting or selecting audio, video or text communication depending on the user’s current occupation. This article presents an architecture that allows mobile devices to continuously recognize current and anticipate future user context. The major challenges are that context recognition and prediction should be embedded in mobile devices with limited resources, that learning and adaptation should happen on-line without explicit training phases and that user intervention should be kept to a minimum with non-obtrusive user interaction. To accomplish this, the presented architecture consists of four major parts: feature extraction, classification, labeling and prediction. The available sensors provide a multi-dimensional, highly heterogeneous input vector as input to the classification step, realized by data clustering. Labeling associates recognized context classes with meaningful names specified by the user, and prediction allows forecasting future user context for proactive behavior.

Abstract—Mobile Peer-to-Peer (P2P) computing applications involve collections of heterogeneous and resource-limited devices (such as PDAs or embedded sensor-actuator systems), typically operated in ad-hoc completely decentralized networks and without requiring dedicated infrastructure support. Short-range wireless communication technologies together with P2P networking capabilities on mobile devices are responsible for a proliferation of such applications, yet these applications are often complex and monolithic in nature due to the lack of lightweight component/container support in these resource-constrained devices. A threatening field of application is “smart space” control, i.e. software architectures to control various home appliances and embedded home facilities in a personalized, spontaneous and intuitive way. Future home environments are expected to be highly populated by ubiquitous computing technology, allowing to integrate various aspects of home activities seamlessly into walls, floors, furniture, appliances, and even clothing – thus raising the need for lightweight, versatile and component based software architectures to harness such technology rich environments. In this paper we describe our lightweight software component model P2Pcomp that addresses the development needs for mobile P2P applications. An abstract, flexible, and high-level communication mechanism among components is developed via a ports concept, supporting protocol independence, location independence, and (a)synchronous invocations; dependencies are not hard-coded in the components, but can be defined at deployment or runtime, providing late-binding and dynamic rerouteability capabilities. Peers can elect to provide services as well as consume them, services can migrate between containers, and services are ranked to support Quality-of-Service choices. Our lightweight container realization leverages the OSGi platform and can utilize various P2P communication mechanisms such as JXTA. A “smart space” application scenario demonstrates how P2Pcomp supports flexible and highly tailorable mobile P2P applications.