Sounds Good? Fast and Secure Contact Exchange in Groups

TL;DR

This work evaluates the usability of two secure contact exchange systems: the current state of the art, SafeSlinger, and a newly designed protocol, PairSonic, which extends trust from physical encounters to spontaneous online communication.

Abstract

Trustworthy digital communication requires the secure exchange of contact information, but current approaches lack usability and scalability for larger groups of users. We evaluate the usability of two secure contact exchange systems: the current state of the art, SafeSlinger, and our newly designed protocol, PairSonic, which extends trust from physical encounters to spontaneous online communication. Our lab study (N=45) demonstrates PairSonic's superior usability, automating the tedious verification tasks from previous approaches via an acoustic out-of-band channel. Although participants significantly preferred our system, minimizing user effort surprisingly decreased the perceived security for some users, who associated security with complexity. We discuss user perceptions of the different protocol components and identify remaining usability barriers for CSCW application scenarios.

Figures (10)

• Figure 1: This figure shows the PairSonic contact exchange from the perspective of the participant role. (a) The participants begin by selecting their role. (b) They then wait for the coordinator to initiate the exchange via the acoustic channel, which is shown in \ref{['fig:ourapproach-smartphone-flow-coordinator']}. (c) Next, they verify that each group member's screen displays a green checkmark. (d) After this process, the app shows the exchanged contacts.
• Figure 2: This figure shows the SafeSlinger contact exchange, which we integrated into our app using the official Android library, only adjusting its aesthetics to align with our app's design. (a) The SafeSlinger contact exchange process begins with each participant selecting the total number of group members. (b) Next, all members compare their IDs to identify and input the smallest ID. (c) During the subsequent verification phase, members compare their word phrases to find and choose the phrase that appears on all devices. (d) After this process, the app displays the exchanged contacts.
• Figure 3: Our participants first created their profiles in the app, then collaboratively tested both contact exchange systems with the other group members. During PairSonic, the participants bring their devices close together.
• Figure 4: Comparison of our participants' scores and completion times for SafeSlinger and PairSonic. The violin plots show a density estimation of the distributions. The boxplots show quartiles, median, and outliers.
• Figure 5: Comparison of our participants' security and ATI scores for SafeSlinger and PairSonic. The stacked bars for the security scores correspond to the five levels of agreement, ranging from "strongly disagree" (left) to "strongly agree" (right), centered at the neutral response. The percentages (left, middle, right) represent the share of negative, neutral, and positive responses, respectively. The violin plot shows a density estimation of the distribution. The boxplot shows quartiles, median, and outliers.