Ho-Po Key: Leveraging Physical Constraints on Human Motion to Authentically Exchange Information in a Group (CMU-CyLab-11-004)

Establishing a secure communication channel among a group of people is highly desirable. Such a secure channel can be boostrapped by physically meeting and authentically ex- changing public keys. Recently, a new class of group key ex- change protocols [8,21] that leverage physical constraints on human mobility was proposed. In this paper, we present Ho- Po Key, a new protocol for the authentic exchange of infor- mation within a physically collocated group of people. Ho- Po Key introduces a novel technique for the verification of the security properties of the information collected by group members. Group members physically form a ring. The posi- tion in the ring of each member is randomly assigned based on the information collected from all members. While stand- ing in the ring, members compare short word lists with their neighbors. The verification technique in Ho-Po Key detects attacks by both outsider and insider adversaries. Outsiders are detected by group members if they physically stand in the ring with other members. Similarly, attacks by insiders are detected since an insider is unable to stand simultane- ously in two positions in the ring. We demonstrated that the verification within the ring is surprisingly easy and fast via user-studies. We implemented Ho-Po Key on Motorola A855 Droid and Apple iPhone 3GS smartphones. The iPhone ap- plication is submitted to the iPhone application store and is waiting for approval, whereas the Android application is freely available on the Android market store.