Cryptology ePrint Archive: Report 2007/246

BEDA: Button-Enabled Device Pairing

Claudio Soriente and Gene Tsudik and Ersin Uzun

Abstract: Secure initial pairing of electronic gadgets is a challenging problem, especially considering lack of any common security infrastructure. The main security issue is the threat of so-called Man-in-the-Middle (MiTM) attacks, whereby an attacker inserts itself into the pairing protocol by impersonating one of the legitimate parties. A number of interesting techniques have been proposed, all of which involve the user in the pairing process. However, they are inapplicable to many common scenarios where devices to-be-paired do not possess required interfaces, such as displays, speakers, cameras or microphones. In this paper, we introduce BEDA (Button-Enabled Device Association), a protocol suite for secure pairing devices with minimal user interfaces. The most common and minimal interface available on wide variety of devices is a single button. BEDA protocols can accommodate pairing scenarios where one (or even both) devices only have a single button as their "user interface". Our usability study demonstrates that BEDA protocols involve very little human burden and are quite suitable for ordinary users.

Category / Keywords: public-key cryptography / Secure pairing, Human assisted authentication, Man-in-the-middle attacks

Date: received 19 Jun 2007

Contact author: euzun at ics uci edu

Available format(s): PDF | BibTeX Citation

Version: 20070620:083419 (All versions of this report)

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]