Establishing trust between a group of individuals remains a difficult problem. Prior works assume trusted infrastructure, require an individual to trust unknown
entities, or provide relatively low probabilistic guarantees of authenticity (95% for realistic settings). The first part of this dissertation presents a primitive (called SPATE for short) that allows users to establish trust via device mobility and physical interaction. Once SPATE protocol runs to completion, its participants' mobile
devices have authentic data that their applications can use to interact securely (i.e., the probability of a successful attack is 2^−24).

For second part of this dissertation, we leverage SPATE protocol as part of a larger system to facilitate efficient, secure, and user-friendly collaboration via email, file-sharing, and text messaging services. The implementation of SPATE on Nokia smartphones (Nokia S60 serials, including N70 and E51) allows users to establish
trust in small groups of up to eight users in less than one minute. To be widespread, SPATE is also ported to iPhone platform (early result is given). Three example SPATE applications provide increased security with minor overhead noticeable to users once keys are established.

在群體人群間建立信賴關係仍然是一個很難的問題。以往的研究都會假設已經存在至少一個信賴的基礎建設,如需要使用者信任一些未必可信任之單位,或是提供相對低的信任程度(95%的實際設定)。該論文提出SPATE機制,允許使用者透過行動運算裝置與實體接觸來進行建立信賴關係。當SPATE交換程序完成之後,參與者的行動裝置可取得群體內所交換的認證資訊(攻擊者的成功機率僅有2−24)。

基於該機制,我們利用SPATE建制後的信任基礎以建置三種有效、便 利、安全的實際應用,包含電子郵件、檔案分享與簡訊服務。該系統被完整的實作於諾基亞S60系列智慧型手機(包含N70與E51)。系統效能相當卓越,八位以下使用者僅需一分鐘內便可建制完成,使用方法也簡單易懂。透過該設計的機 制,人們可以更簡單與便利的建置信賴關係與相關安全應用。

1. A. Whitten and J. D. Tygar, "Why Johnny can't encrypt," in Proceeding of USENIX Security, Aug. 1999.

2. S. Sheng, L. Broderick, J. Hyland, and C. Koranda,"Why johnny still can't encrypt: Evaluating the usability of email encryption software,"in Proceeding of the Symposium On Usable Privacy and Security, 2006.

3. S. Gaw, E. W. Felten, and P. Fernandez-Kelly,"Secrecy, flagging, and paranoia: adoption criteria in encrypted email," in Proceedings of the SIGCHI conference on human factors in computing systems. ACM, 2006, p.600.

4. N. S. Good and A. Krekelberg, "Usability and privacy: a study of Kazaa P2P file-sharing," in Proceedings of the SIGCHI conference on Human factors in computing systems (CHI 03), 2003.

5. C. Castelluccia and P. Mutaf, "Shake Them Up! A movement-based pairing protocol for CPU-constrained devices," in Proceedings of Annual International Conference on Mobile Systems, Applications and Services (MobiSys 2005). ACM/Usenix, 2005.

6. J. Lester, B. Hannaford, and B. Gaetano, "Are you with me?"- Using accelerometers to determine if two devices are carried by the same person," Pervasive Computing, pp. 33–50, 2004.

7. C. Soriente, G. Tsudik, and E. Uzun, "BEDA: Button-enabled device association," in Proceedings of International Workshop on Security for Spontaneous Interaction (IWSSI), 2007.

8. J. M. McCune, A. Perrig, and M. K. Reiter, "Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication," in Proceedings of the IEEE Symposium on Security and Privacy (S&P), May 2005.

9. C. Soriente, G. Tsudik, and E. Uzun, "HAPADEP: Human asisted pure audio device pairing," in Proceedings of Information Security Conference (ISC), Sep. 2007.

10. C. Ellison and S. Dohrmann, "Public-key support for group collaboration," ACM Transactions on Information and System Security, vol. 6, no. 4, pp. 547– 565, 2003.

11. A. Perrig and D. Song, "Hash Visualization: A New Technique to improve Real-World Security," in International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC'99), Jul. 1999, pp. 131–138.

12. M. Burmester and Y. Desmedt, "Efficient and Secure Conference Key Distribution," in Security Protocols International Workshop, ser. Lecture Notes in Computer Science, vol. 1189. Springer-Verlag, Apr. 1997, pp. 119–129.

13. S. Capkun, J.-P. Hubaux, and L. Buttyan, "Mobility helps security in ad hoc networks," in Proceedings of the 4th ACM international symposium on Mobile ad hoc networking & computing (MobiHoc), 2003.

14. M. Just and S. Vaudenay, "Authenticated Multi-Party Key Agreement," in Proceeding of Advances in Cryptology – (ASIACRYPT), ser. Lecture Notes in Computer Science, vol. 1163. Springer-Verlag, 1996, pp. 36–49.

15. Y. Kim, A. Perrig, and G. Tsudik, "Simple and fault-tolerant key agreement for dynamic collaborative groups," in Proceedings of ACM Conference on Computer and Communications Security (CCS), Nov. 2000, pp. 235–244.

16. D. Steer, L. Strawczynski, W. Diffie, and M. Wiener, "A Secure Audio Tele- conference System," in Proceedings of Advances in Cryptology (Crypto 1990), ser. Lecture Notes in Computer Science, vol. 403, International Association for Cryptologic Research. Springer-Verlag, 1990, pp. 520–528.

17. M. Steiner, G. Tsudik, and M. Waidner, "Key Agreement in Dynamic Peer Groups," IEEE Transactions on Parallel and Distributed Systems, vol. 11, no. 8, pp. 769–780, Aug. 2000.

18. W.-G. Tzeng and Z. Tzeng, "Round-Efficient Conference-Key Agreement Pro- tocols with Provable Security," in Proceedings of Advances in Cryptology – (ASIACRYPT), ser. Lecture Notes in Computer Science, vol. 1976, Interna- tional Association for Cryptologic Research (IACR). Springer-Verlag, 2000, pp. 614–628.

19. V. A. Brennen, "The Keysigning Party HOWTO," http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html, Jan. 2008.

20. N. Asokan and P. Ginzboorg, "Key-Agreement in Ad-hoc Networks*1," Com- puter Communications, vol. 23, no. 17, pp. 1627–1637, Nov. 2000.

21. D. Balfanz and D. K. Smetters and P. Stewart and H. C. Wong, "Talking to strangers: Authentication in ad-hoc wireless networks," in Proceedings of the 9th Annual Network and Distributed System Security Symposium (NDSS). Citeseer, 2002, pp. 7–19.

22. M. Cagalj, S. Capkun, and J.-P. Hubaux, "Key Agreement in Peer-to-Peer Wireless Networks," IEEE (Special Issue on Cryptography), vol. 94, pp. 467– 478, 2006.

23. NFC Forum, "NFC Forum: Specifications," http://www.nfc-forum.org/specs/.

24. F. Stajano and R. J. Anderson, "The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks," in Proceedings of Security Protocols Workshop, 1999, pp. 172–194.

25. E. Uzun, K. Karvonen, and N. Asokan, "Usability Analysis of Secure Pairing Methods," in Proceedings of Usable Security (USEC), Feb. 2007.

26. C.-H. O. Chen, C.-W. Chen, C. Kuo, Y.-H. Lai, J. M. McCune, A. Studer, A. Perrig, B.-Y. Yang, and T.-C. Wu, "GAnGS: Gather Authenticate ’n Group Securely,” in Proceedings of the ACM Annual International Conference on Mo- bile Computing and Networking (MobiCom), Sep. 2008.

27. C. Kuo, "Reduction of End User Errors in the Design of Scalable, Secure Com- munication," Ph.D. dissertation, Carnegie Mellon University, 2008.

28. Linksky, J. et al, "Simple Pairing Whitepaper, revision v10r00," http://www. bluetooth.com/NR/rdonlyres/0A0B3F36-D15F-4470-85A6-F2CCFA26F70F/ 0/SimplePairing_WP_V10r00.pdf, August 2006.

29. V. Lortz, D. Roberts, B. Erdmann, F. Dawidowsky, K. Hayes, J. C. Yee, and T. Ishidoshiro, "Wi-Fi Simple Config Specification, Version 1.0a," Feb. 2006, now known as Wi-Fi Protected Setup.

30. S. Laur and K. Nyberg, "Efficient Mutual Data Authentication Using Manually Authenticated Strings," in Proceeding of Cryptology and Network Security (CANS 2006), 2006, pp. 90–107.

31. S. Vaudenay, "Secure Communications over Insecure Channels Based on Short Authenticated Strings," in Proceedings of Advances in Cryptology (CRYPTO 2005), 2005, pp. 309–326.

32. M. T. Goodrich, M. Sirivianos, J. Solis, G. Tsudik, and E. Uzun, "Loud and Clear: Human-Verifiable Authentication Based on Audio," in Proceedings of International Conference on Distributed Computing (ICDCS), 2006, p. 10.

33. L. E. Holmquist, F. Mattern, B. Schiele, P. Alahuhta, M. Beigl, and H.-W. Gellersen, "Smart-Its Friends: A Technique for Users to Easily Establish Con- nections between Smart Artefacts," in Proceedings of Ubicomp, 2001.

34. J. Valkonen, N. Asokan, and K. Nyberg, "Ad Hoc Security Associations for Groups," in Proceedings of Security and Privacy in Ad-Hoc and Sensor Networks (ESAS), 2006, pp. 150–164.

35. M. Abdalla, E. Bresson, O. Chevassut, and D. Pointcheval, "Password-Based Group Key Exchange in a Constant Number of Rounds," in Proceedings of Public Key Cryptography – PKC 2006. Springer, 2006, pp. 427–442.

36. S. A., "Identity-based cryptosystems and signature schemes," in Proceeding of Advances in Cryptology (CRYPTO 1984). Springer, 1984, pp. 47–53.

37. D. Boneh and M. Franklin, "Identity-based encryption from the Weil pairing," in Proceeding of Advances in Cryptology (CRYPTO 2001). Springer, 2001, pp. 213–229.

38. S. N. Foley and J. Jacob, "Specifying security for CSCW systems," in Proceedings of 8th IEEE workshop on Computer Security Foundations (CSF), 1995.

39. C. Kuo, A. Studer, and A. Perrig, "Mind your manners: Socially appropriate wireless key establishment for groups," in Proceedings of First ACM Conference on Wireless Network Security (WiSec). Citeseer, Mar. 2008.
40. J. R. Douceur, "The sybil attack," in Peer-To-Peer Systems: First International Workshop, Iptps. Cambridge, Ma, USA, Mar. 2002, p. 251.

41. B. Ford, J. Strauss, C. Lesniewski-Laas, S. Rhea, F. Kaashoek, and R. Morris, "Persistent Personal Names for Globally Connected Mobile Devices," in Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation (OSDI), Nov. 2006.

42. C. Glasbey, G. van der Heijden, V. F. K. Toh, and A. Gray, "Colour displays for categorical images," Color Research and Application, vol. 32, no. 4, pp. 304– 309, Jun. 2007.

43. H.-C. Hsiao, Y.-H. Lin, A. Studer, C. Studer, K.-H. Wang, H. Kikuchi, A. Perrig, H.-M. Sun, and B.-Y. Yang, "A Study of User-Friendly Hash Comparison Schemes," in Proceedings of the 2009 Annual Computer Security Applications Conference (ACSAC 2009). IEEE Computer Society, 2009, pp. 105–114.

44. S. Josefsson, "RFC4648: The Base16, Base32, and Base64 data encodings," http://www.ietf.org/rfc/rfc4648.txt, Oct. 2006.

45. D. J. Barrett, R. E. Silverman, and R. G. Byrnes, SSH, The Secure Shell: The Definitive Guide. O’Reilly Media, Inc., 2005.

46. Y.-H. Lin, A. Studer, H.-C. Hsiao, J. M. McCune, K.-H. Wang, M. Krohn, P.- L. Lin, A. Perrig, H.-M. Sun, and B.-Y. Yang, "SPATE: Small-group PKI-less authenticated trust establishment," in Proceedings of the 7th Annual International Conference on Mobile Systems, Applications and Services (MobiSys 2009). ACM/Usenix, Jun. 2009.

47. unicode.org, "The Unicode standard, 5.0, Chapter 11," 2006.

48. M. Blum, "Coin Flipping by Telephone," in Proceeding of Advances in Cryptography (CRYPTO 1981), August 1982, pp. 11–15.

49. M. Jakobsson, "Issues in Security and Privacy (lecture slides),” http://www.informatics.indiana.edu/markus/i400/, 2006.

50. T. Howes and M. Smith, "RFC 2425: A MIME content-type for directory information." Sep. 1998.

51. Mozilla, "Thunderbird 2," http://www.mozilla.com/en-US/thunderbird/, Dec. 2008.

52. B. Cohen, "BitTorrent," http://www.bittorrent.com, Apr. 2001.

53. D. Houston and A. Ferdowsi, "Dropbox," https://www.getdropbox.com/, Sep. 2008.

54. N. Zennstrom, J. Friis, and P. Kasesalu, "KaZaA media desktop," http://www. kazaa.com, Mar. 2001.

55. M. Szeredi, "SSH filesystem," http://fuse.sourceforge.net/sshfs.html, Jan. 2005.

56. MDA: Mobile Data Association, "The Q1 2008 UK Mobile Trends Report," http://www.swiftcrm.net/MDA_Q1_2008_UK_mobile_report.pdf, 2009.

57. L. Barbi, "Spidersms-sending and reception of encrypted sms," 2008.

58. A. Grillo, A. Lentini, G. Me, and G. F. Italiano, "Transaction oriented text messaging with Trusted-SMS," in Proceedings of the 2008 Annual Computer Security Applications Conference (ACSAC 2008). IEEE Computer Society, 2008, pp. 485–494.

59. Kryptext, "Kryptext-Offers software to encrypt SMS text messages from mobile to PC," http://www.kryptext.co.uk/.

60. CryptoSMS, "CryptoSMS-protecting your confidential sms messages," http:// www.cryptosms.com/, 2008.

61. D. Scott, R. Sharp, A. Madhavapeddy, and E. Upton, "Using Visual Tags to Bypass Bluetooth Device Discovery," ACM Mobile Computer Communications Review, vol. 9, no. 1, pp. 41–53, Jan. 2005.

62. M. Rohs and B. Gfeller, "Using Camera-Equipped Mobile Phones for Interact- ing with Real-World Objects," Proceedings of Advances in Pervasive Computing, pp. 265–271, Apr. 2004.

63. M. J. Cox and R. S. Engelschall, "OpenSSL: Open Source toolkit implementing for SSL/TLS," http://www.openssl.org/, May 1999.

64. B. Ramsdell, "RFC 3851: Secure/multipurpose internet mail extensions (S/ MIME) version 3.1 message specification," Jul. 2004.

65. "Scponly," http://sublimation.org/scponly/, 2009.

66. ANSI, X., 9.63, Elliptic Curve Key Agreement and Key Transport Protocols.

67. V. Shoup, "A proposal for an ISO standard for public key encryption (version 2.1)," IACR E-Print Archive, vol. 112, 2001.

68. D. Johnson, A. Menezes, and S. Vanstone, "The elliptic curve digital signature algorithm (ECDSA)," International Journal of Information Security, vol. 1, no. 1, pp. 36–63, 2001.

69. SECG, E.C.C., "Standards for Efficient Cryptography Group," 2000.

70. NIST, "Recommended Elliptic Curves for Federal Government Use," http://csrc.nist.gov/csrc/fedstandards.html, Jul. 1999.

71. T. S. Messerges and E. Dabbish, "Digital rights management in a 3G mobile phone and beyond," in Proceedings of the 3rd ACM workshop on Digital Rights Management. ACM, 2003, pp. 27–38.

72. I. M. Abbadi and C. J. Mitchell, "Digital rights management using a mobile phone," in Proceedings of the ninth international conference on Electronic commerce. ACM, 2007, p. 194.

73. A. Pretschner, M. Hilty, and D. Basin, "Distributed usage control,” Communications of the ACM, vol. 49, no. 9, p. 44, 2006.

74. Z. Yan, "Mobile Digital Rights Management," in T-110.501 Seminar on Network Security 2001. Citeseer, pp. 951–22.

75. Skype Limited, "Skype," http://www.skype.com/, Aug 2003.

76. M. Zuckerberg and E. Saverin and D. Moskovitz and C. Hughes, "Facebook," http://www.facebook.com/, 2004.

77. J. Dorsey and E. Williams and B. Stone, "Twitter," http://twitter.com/, July 2006.

78. Plurk, Inc., "Plurk," http://www.plurk.com/, May 2008.

79. A. Narayanan and V. Shmatikov, "De-anonymizing social networks," in Proceeding of 30th IEEE Symposium on Security and Privacy (IEEE S&P). IEEE, 2009, pp. 173–187.

80. G. Wondracek, T. Holz, E. Kirda, S. Antipolis, and C. Kruegel, "A Practical Attack to De-Anonymize Social Network Users," in Proceeding of 31th IEEE Symposium on Security and Privacy (IEEE S&P). IEEE, 2010.