People increasingly depend on the digital world to communicate with one another, but such communication is rarely secure. Users typically have no common administrative control to provide mutual authentication, and sales of certified public keys to individuals have made few inroads. The only remaining mechanism is key exchange. Because they are not authenticated, users must verify the exchanged keys through some out-of-band mechanism. Unfortunately, users appear willing to accept any key at face value, leaving communication vulnerable, This paper describes LoKey, a system that leverages the Short Message Service (SMS) to verify keys on users' behalf, SMS messages are small, expensive, and slow, but they utilize a closed network, between devices -phones - that are nearly ubiquitous and authenticate with the network operator, Our evaluation shows LoKey can establish and verify a shared key in approximately 30 seconds, provided only that one correspondent knows the other's phone number. By verifying keys asynchronously, two example applications - an instant messaging client and a secure email service - can provide assurances of message privacy, integrity, and source authentication while requiring only that users know the phone number of their correspondent. © Springer-Verlag Berlin Heidelberg 2006.
CITATION STYLE
Nicholso, A. J., Smith, I. E., Hughes, J., & Noble, B. D. (2006). LoKey: Leveraging the SMS network in decentralized, end-to-end trust establishment. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 3968 LNCS, pp. 202–219). Springer Verlag. https://doi.org/10.1007/11748625_13
Mendeley helps you to discover research relevant for your work.