get_col("DESC $table_name", 0) as $column ) { if ($debug) echo("checking $column == $column_name
"); if ($column == $column_name) { return true; } } //didn't find it try to create it. $q = $wpdb->query($create_ddl); // we cannot directly tell that whether this succeeded! foreach ($wpdb->get_col("DESC $table_name", 0) as $column ) { if ($column == $column_name) { return true; } } return false; } } function btc_altertable() { global $tablecomments; $sql = "ALTER TABLE $tablecomments ADD COLUMN comment_reply_ID INT NOT NULL DEFAULT 0;"; maybe_add_column($tablecomments, 'comment_reply_ID', $sql); } function btc_alter_comment($new_id) { global $tablecomments, $wpdb; $sql = "UPDATE $tablecomments SET comment_reply_ID=".$_POST['comment_reply_ID']." WHERE comment_ID = $new_id;"; $wpdb->query($sql); } function briansnestedcomments() { global $font_gets_smaller; if (!($withcomments) && ($single)) return; // You can safely delete the single line below if your threaded comments are up and running btc_altertable(); ?> Usable Security » Blog Archive » Serial Hook-Ups: A Comparative Usability Study of Secure Device Pairing Methods

Serial Hook-Ups: A Comparative Usability Study of Secure Device Pairing Methods

July 17, 2009 by Richard Conlan

http://cups.cs.cmu.edu/soups/2009/proceedings/a10-kobsa.pdf
Alfred Kobsa, Rahim Sonawalla, Gene Tsudik, Ersin Uzun and Yang Wang

Secure device pairing refers to the pairing two or more devices in a manner that can be trusted such that the users pair the devices they believe they are pairing without allowing a malicious third-party to join in the process.  Generally this has to be completed in a context where the devices have no shared secrets, the users are not security experts, and the devices as mass-market consumer devices so turning to highly expensive solutions is not an option.

Various methods have been proposed to solve this over the years, from physically attaching the devices with a cable, using laser transceivers, to confirming the match of a code displayed on each device.  This study sought to evaluate the usability and security of the most promising methods, preemptively rejecting those already shown to have poor usability or security.  The first methods compared were users comparing PINs on two devices to match them and similarly comparing two images displayed on the two devices.  They also examined button-enabled methods such as pressing a button on one device as the LED flashes on the second device, when the second device vibrates, or when the second device beeps.  The study also tested variants of Loud and Clear, where one device speaks out a sentence that the user confirms is displayed on the other device.  Finally, they tested a method which used the camera on one device to capture the barcode on the second device, a similar approach using a video camera and a flashing LED on the second device, and HAPADEP audio pairing.

The study included twenty-two subjects.  The participants were presented with a scenario and then tasked with completing pairing with each method, assigned in random order, after which they submitted a questionnaire to evaluate the pairings.  The study also recorded the pairing attempts for later evaluation.  The PIN-compare methods were found to be the quickest and most usable, followed by sentence, then image comparison.  Pairing via audio and button pressing got the lowest scores.  Subjects perceived PIN-comparison as the most secure method.