Skip to main content

Technical Reports: CMU-CyLab-11-004

Title:Ho-Po Key: Leveraging Physical Constraints on Human Motion to Authentically Exchange Information in a Group
Authors:Ghita Mezzour, Ahren Studer, Michael Farb, Jason Lee, Jonathan McCune, Hsu-Chun Hsiao, Adrian Perrig
Publication Date:December 8, 2010


Establishing a secure communication channel among a group of people is highly desirable. Such a secure channel can be boostrapped by physically meeting and authentically exchanging public keys. Recently, a new class of group key exchange protocols that leverage physical constraints on human mobility was proposed. In this paper, we present Ho-Po Key, a new protocol for the authentic exchange of information within a physically collocated group of people. Ho-Po Key introduces a novel technique for the verification of the security properties of the information collected by group members. Group members physically form a ring. The position in the ring of each member is randomly assigned based on the information collected from all members. While standing in the ring, members compare short word lists with their neighbors. The verification technique in Ho-Po Key detects attacks by both outsider and insider adversaries. Outsiders are detected by group members if they physically stand in the ring with other members. Similarly, attacks by insiders are detected since an insider is unable to stand simultaneously in two positions in the ring. We demonstrated that the verification within the ring is surprisingly easy and fast via user-studies. We implemented Ho-Po Key on Motorola A855 Droid and Apple iPhone 3GS smartphones. The iPhone application is submitted to the iPhone application store and is waiting for approval, whereas the Android application is freely available on the Android market store.

Full Report: CMU-CyLab-11-004