Paper 2007/246

BEDA: Button-Enabled Device Pairing

Claudio Soriente, Gene Tsudik, and Ersin Uzun

Abstract

Secure initial pairing of electronic gadgets is a challenging problem, especially considering lack of any common security infrastructure. The main security issue is the threat of so-called Man-in-the-Middle (MiTM) attacks, whereby an attacker inserts itself into the pairing protocol by impersonating one of the legitimate parties. A number of interesting techniques have been proposed, all of which involve the user in the pairing process. However, they are inapplicable to many common scenarios where devices to-be-paired do not possess required interfaces, such as displays, speakers, cameras or microphones. In this paper, we introduce BEDA (Button-Enabled Device Association), a protocol suite for secure pairing devices with minimal user interfaces. The most common and minimal interface available on wide variety of devices is a single button. BEDA protocols can accommodate pairing scenarios where one (or even both) devices only have a single button as their "user interface". Our usability study demonstrates that BEDA protocols involve very little human burden and are quite suitable for ordinary users.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
Secure pairingHuman assisted authenticationMan-in-the-middle attacks
Contact author(s)
euzun @ ics uci edu
History
2007-06-20: received
Short URL
https://ia.cr/2007/246
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2007/246,
      author = {Claudio Soriente and Gene Tsudik and Ersin Uzun},
      title = {{BEDA}: Button-Enabled Device Pairing},
      howpublished = {Cryptology {ePrint} Archive, Paper 2007/246},
      year = {2007},
      url = {https://eprint.iacr.org/2007/246}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.