HAPADEP: Human-Assisted Pure Audio Device Pairing

  • Claudio Soriente
  • Gene Tsudik
  • Ersin Uzun
Conference paper

DOI: 10.1007/978-3-540-85886-7_27

Volume 5222 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Soriente C., Tsudik G., Uzun E. (2008) HAPADEP: Human-Assisted Pure Audio Device Pairing. In: Wu TC., Lei CL., Rijmen V., Lee DT. (eds) Information Security. ISC 2008. Lecture Notes in Computer Science, vol 5222. Springer, Berlin, Heidelberg

Abstract

The number and diversity of personal electronic gadgets have been steadily increasing but there has been fairly little progress in secure pairing of such devices. The pairing challenge revolves around establishing on-the-fly secure communication without any trusted (on- or off-line) third parties between devices that have no prior association. One basic approach to counter Man-in-the-Middle (MiTM) attacks in such setting is to involve the user in the pairing process. Previous research yielded some interesting secure pairing techniques, some of which ask too much of the human user, while others assume availability of specialized equipment (e.g., wires, photo or video cameras) on personal devices. Furthermore, all prior methods assumed an established insecure channel over a common digital (human-imperceptible) communication medium, such as infrared, 802.11 or Bluetooth.

In this paper we introduce a very simple technique called HAPADEP (Human-Assisted Pure Audio Device Pairing). HAPADEP uses the audio channel to exchange both data and verification information among devices without requiring any other means of common electronic communication. Despite its simplicity, a number of interesting issues arise in the design of HAPADEP. We discuss design and implementation highlights as well as usability features and limitations.

Keywords

User-Aided Security Secure Device Pairing Authentication Protocols Secure First Connect Man-in-the-Middle attacks 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Claudio Soriente
    • 1
  • Gene Tsudik
    • 1
  • Ersin Uzun
    • 1
  1. 1.Computer Science DepartmentUniversity of CaliforniaIrvine