Cryptology ePrint Archive: Report 2007/093
HAPADEP: Human Asisted Pure Audio Device Pairing
Claudio Soriente, Gene Tsudik, Ersin Uzun
Abstract: The number and diversity of electronic gadgets has been steadily increasing and they are becoming indispensable to more and more professionals and non-professionals alike. At the same time, there has been fairly little progress in secure pairing of such devices. The pairing challenge revolves around establishing on-the-fly secure communication without any trusted (on- or off-line) third parties between devices that have no prior association. The main security issue is the danger of so-called Man-in-the-Middle (MiTM) attacks, whereby an adversary impersonates one of the devices by inserting itself into the pairing protocol. One basic approach to countering these MiTM attacks is to involve the user in the pairing process. Therein lies the usability challenge since it is natural to minimize user burden. Previous research yielded some interesting secure pairing techniques, some of which ask too much of the human user, while others
assume availability of specialized equipment (e.g., wires, photo or video cameras) on devices. Furthermore, all prior methods assumed the existence of a common digital (humanimperceptible) communication medium, such as Infrared, 802.11 or Bluetooth.
In this paper we introduce a very simple technique called HAPADEP (Human-Assisted Pure Audio Device Pairing). It places very little burden on the human user and requires no common means of electronic communication. Instead, HAPADEP uses the audio channel to exchange both data and verification information among devices. It makes secure
pairing possible even if devices are equipped only with a microphone and a speaker. Despite its simplicity, a number of interesting issues arise in the design of HAPADEP. We discuss design and implementation highlights as well as usability features and limitations.
Category / Keywords: Secure Pairing, Authenticated Key Exchange, Public Key, Human-Asisted Authentication, Usable Security
Date: received 12 Mar 2007
Contact author: euzun at ics uci edu
Available format(s): PDF | BibTeX Citation
Version: 20070322:141124 (All versions of this report)
Short URL: ia.cr/2007/093
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]