What are the contributions of the paper? Introduces the problem of key agreement where the parameters may be modified in transmission. Assumes that an adversary can change the plaintext components of the diffiehellmen parameters over RF, and that no prior data has been exchanged between the wireless devices. Presents three solutions to verify the public parameters after they have been transmitted: manual verification, distance estimiation, and power integrity. What is the quality of the presentation? figures of diffie hellmen protocol exchanges could be better illustrated. Commitment was not explained well. It was good that it went over the basics of diffie hellmen, and put footnotes for other things such as preimage resistance which are assumed known but still good to explain. Figure 3 (integrity region) is very good illustration of the distance bounding problem. Mathematical notation is clear and well defined. What are the strengths of the paper? The second example of using distances is a neat idea. This means that devices need only monitor the turnaround time to find a rough estimate of the distance. Such a system is readily implementable and two very paranoid people could run together to ensure that their distance is fixed against an adversary that cannot keep up The third example of using an integrity code based on the rich study of error correcting codes, then monitoring power transmissions is a very good idea. Such a system would not require manual verification and prohibit attackers from modifying the transmission en route. What are the weaknesses of the paper? Examples of means to implement such systems where round trip time was measured, or power transmission monitored, was not satisfactorily done. It assumes that an attacker cannot perfectly negate a signal, which may be valid, but also assumes there will be no noise on the channel, which may not be valid. No indication of how to ensure that an attack is not within a distance was provided. If they are on the street and an attacker is underneath them, or just sitting in a car, theres no real way of knowing they are there. Moreover a building may have devices in all the walls that could easily break communication for their own purposes. It was not revealed how to detect the presense of a device. It also assumed internal computation time was negligible, which may not be the case when devices communicate at the speed of light. What is some possible future work? A few ideas occured to me while reading this. For verification, it would be interesting to use a randomly constructed sentence. Suppose we had a built in vocabulary of 2^10 nouns, verbs, adjectives, and adverbs. Then a sentense of the form: The [adjective] [adjective] [noun] was [adverb] [adverb] [verb]. would be able to convey 2^60 bits of information, and while not making much sense semantically, it would likely be able to make grammitical sense and be very quick for two individuals to convey. Forinstance, one would just read the sentenes and the other would confirm it produced the same one. Another way could be music. If two devices emitted tones, say 2^5 different tones, that a series of 12 tones would convery 2^60 bits of information. If the two devices are placed adjacently then its trivial to check that the tones are the same, however it relies on the auditory faculties of the participants. Another idea was that a random value could be agreed upon by the users, such that messages must be preceeded by this nounce, along with, for instance, the current date. Then an adversary must find out this nounce (which is plaintext), but then find a collision where the beginning of the message is the nounce, and the date to help against a precomputation attack, which is clearly not avoidable. However, such a system could be designed so that the attacker cannot find a collision on a, say, 16 bit hash function, in the same time that it takes for the two parties to just send their message. Then they can verify the 16 bit hash result which is trivial. ============================================================================ Wireless devices have the capability to travel anywhere, however a limited communication range restricts them. If the users of these devices wish to communicate securely then they must have a secure method of generating a key without reliance on a trusted third party. This problem is made more difficult by the fact that portable wireless devices are usually computationally constrained, and thus unable to efficiently implement many of the existing key exchange protocols. This paper provides three protocols based on the Diffie-Hellman key agreement protocol to address these issues; the first based on string comparison, the second on distance bounding, and the third using integrity codes. The paper is well organized. The introduction provides clear motivation for the work and summarizes the existing work already done in the field. Assumptions made by the authors are clearly stated, and a working threat model is provided. Along with a text description, each protocol is given with precise notation, making understanding the sequence of messages much easier. The weakness of the protocols lies in their reliance on specialized hardware. Current devices lack the hardware to implement distance bounding or integrity codes, thus restricting their implementation to added hardware or new devices. In one particular example the authors suggest that 30cm should be sufficiently close for distance bounding to be secure, however this defeats the purpose of wireless communication. If devices must be placed so close together for security, then using a physical connection is no longer impractical and can provide a medium for more secure communication. Further research in this area will likely focus on the hardware implementations for distance bounding and integrity codes, as these are the factors that will limit implementation on current devices. There is also the possibility of new protocols that do not rely on specialized hardware or that can extend the range in which secure communication can be expected. ============================================================================ What are the contributions of the paper? The first contribution of this paper is that it presents three provable secure protocols based on Diffie-Hellman Key agreement, which can prevent against man-in-the-middle attack. Further more, with these protocols, the users do not need to enter passwords, nor do they need the physical connectivity between their devices. The second contribution is that the paper gives a way to design a re-usable message transfer authenticators by analyzing and designing the protocols based on Diffie-Hellan key agreement protocols. The third one is that the approach of DH-SC allows users to compare very short string context instead of the long one. What is the quality of the presentation? The author presents this paper with a good quality. He gave a protocol flow chart for each method, so each figure clearly presents the direction and requirement of the protocol. The author presented the encryption mechanism with commitment schemes, so it easily and clearly expresses the meaning of the protocol flow chart. The organization of this paper is good. After specifying the problem to be addressed in this paper and the assumption that the paper is based on, the author proposed three techniques. Following these, security analysis and a proof of theorem was presented. What are the strengths of the paper? The author proposed three techniques to prevent from man-in-middle attack at one time. It is good because it proposes so many approaches in one paper. In addition, the author presented a strong proof of Theorem 1 in part 4, which effectively specifies the security of the proposed protocols. One protocol, called DH-SC, allows users to compare very short string context instead of long ones. Another protocol, called DH-IC which is given in the point of the hardware implementation, makes a positive attacker impossible to modify messages What are its weaknesses? In the Part 3, when the author presents the DH-SC protocol, the author doesn’t say how for the user to compare the short message, that is why ia=ib? Another weakness is that the author does not discuss how to combine this approach to the practical problems in wireless communication world. What is some possible future work? We would consider applying this method to authentications of other scenarios. We can also think out a specific application scenario in wireless communication field which can make use of this approach, like in the secure ad hoc network routing problems. ============================================================================ * What are the contributions of the paper? This paper addresses * the issue of key agreement protocol in Peer-Peer wireless * network. It presents enhancements for Diffie-Hellman Key * Exchange based on visual string comparison, distance bounding * and integrity-codes. It also proves the security of it in The * Modular Approach introduced by Bellare, Canetti, and Krawczyk. * What is the quality of the presentation? Presentation of the * paper is quite informative, giving most of the information in * precise manner. * What are the strengths of the paper? The paper provides three * protocols for Key Agreement in Peer-Peer wireless network * without any physical and Infrared connectivity between the * devices. It uses the radio frequency signal and ultra sound * signal for that purpose. User also proves the protocols in one * of the established approaches. * What are its weaknesses? The protocol proving does not use * reductionist approach to prove the security. The comparison * between 3 protocols based on various parameters like security, * computation time, human intervention should have been included. * What is some possible future work? - Other Key agreement * protocols like ephemeral Diffie-Hellman, RSA based key agreement * needs to be considered in the setting defined by authors. - * Comparison with other key agreement protocols based IR based * techniques or those involving physical connection between devices * also needs to be carried out. ============================================================================