Supporting tangible multi-factor key exchange in households

TL;DR

This paper explores using tangible, multi-factor authentication methods involving household objects and locations to improve secure key exchange in domestic environments, addressing usability and security concerns.

Contribution

It introduces a novel three-factor authentication approach leveraging household features to enhance secure key exchange in home settings.

Findings

Household features can support multi-factor authentication for key exchange.

The proposed method is more secure than naive approaches.

End users find the tangible approach desirable.

Abstract

A common approach to securing end-to-end connectivity between devices on the Internet is to utilise a cloud-based intermediary. With this reliance upon a third-party comes a set of security and privacy concerns that are difficult to mitigate. A promising new protocol, Wireguard, dispenses with the middleman to provide secure peer-to-peer communication. However, support for initial key exchange falls outside Wireguard's scope, making it potentially vulnerable to insecure out-of-band key exchange. The design of secure and usable key exchange methods is challenging, not least in domestic spaces, as they're often characterised by technically naive users in multi-occupancy environments, making them susceptible to insider and passer-by attacks (i.e.: theft, observation attacks, relay and impersonation attacks). We describe and present the results from a design ideation study that probes the use of tangible, multi-factor approaches for securing key exchange in domestic spaces. The study suggests that a home's semi-fixed features (e.g.: lamps, shelves, chairs) can be instrumented to support a promising three-factor authentication approach ('what you have, what you know and where you are') to enable key exchange solutions that are i. more secure than commonly used naive approaches and ii. desirable for end users.