Paper 2006/050

Secure Device Pairing based on a Visual Channel

Nitesh Saxena, Jan-Erik Ekberg, Kari Kostiainen, and N. Asokan


Recently several researchers and practitioners have begun to address the problem of secure device pairing or how to set up secure communication between two devices without the assistance of a trusted third party. McCune, et al. [12] proposed Seeing-is-Believing (SiB), a system which uses a visual channel. The SiB visual channel consists of one device displaying the hash of its public key in the form of a two-dimensional barcode, and the other device reading this information using a photo camera. Strong mutual authentication in SiB requires running two separate unilateral authentication steps. In this paper, we show how strong mutual authentication can be achieved even with a unidirectional visual channel, where SiB could provide only a weaker property termed as presence. This could help reduce the SiB execution time and improve usability. By adopting recently proposed improved pairing protocols, we propose how visual channel authentication can be used even on devices that have very limited displaying capabilities, all the way down to a device whose display consists of a cheap single light-source, such as an LED. We also describe a new video codec that may be used to improve execution time of pairing in limited display devices, and can be used for other applications besides pairing.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
mutual authenticationpairingwirelessbluetoothWiFiout-of-band channelscamera phones
Contact author(s)
nitesh @ ics uci edu
2006-03-07: revised
2006-02-14: received
See all versions
Short URL
Creative Commons Attribution


      author = {Nitesh Saxena and Jan-Erik Ekberg and Kari Kostiainen and N.  Asokan},
      title = {Secure Device Pairing based on a Visual Channel},
      howpublished = {Cryptology ePrint Archive, Paper 2006/050},
      year = {2006},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.