Paper 2007/093

HAPADEP: Human Asisted Pure Audio Device Pairing

Claudio Soriente, Gene Tsudik, and Ersin Uzun


The number and diversity of electronic gadgets has been steadily increasing and they are becoming indispensable to more and more professionals and non-professionals alike. At the same time, there has been fairly little progress in secure pairing of such devices. The pairing challenge revolves around establishing on-the-fly secure communication without any trusted (on- or off-line) third parties between devices that have no prior association. The main security issue is the danger of so-called Man-in-the-Middle (MiTM) attacks, whereby an adversary impersonates one of the devices by inserting itself into the pairing protocol. One basic approach to countering these MiTM attacks is to involve the user in the pairing process. Therein lies the usability challenge since it is natural to minimize user burden. Previous research yielded some interesting secure pairing techniques, some of which ask too much of the human user, while others assume availability of specialized equipment (e.g., wires, photo or video cameras) on devices. Furthermore, all prior methods assumed the existence of a common digital (humanimperceptible) communication medium, such as Infrared, 802.11 or Bluetooth. In this paper we introduce a very simple technique called HAPADEP (Human-Assisted Pure Audio Device Pairing). It places very little burden on the human user and requires no common means of electronic communication. Instead, HAPADEP uses the audio channel to exchange both data and verification information among devices. It makes secure pairing possible even if devices are equipped only with a microphone and a speaker. Despite its simplicity, a number of interesting issues arise in the design of HAPADEP. We discuss design and implementation highlights as well as usability features and limitations.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
Secure PairingAuthenticated Key ExchangePublic KeyHuman-Asisted AuthenticationUsable Security
Contact author(s)
euzun @ ics uci edu
2007-03-22: received
Short URL
Creative Commons Attribution


      author = {Claudio Soriente and Gene Tsudik and Ersin Uzun},
      title = {HAPADEP: Human Asisted Pure Audio Device Pairing},
      howpublished = {Cryptology ePrint Archive, Paper 2007/093},
      year = {2007},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.