HAPADEP: Human-Assisted Pure Audio Device Pairing

  • Claudio Soriente
  • Gene Tsudik
  • Ersin Uzun
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5222)


The number and diversity of personal electronic gadgets have been steadily increasing but there has been fairly little progress in secure pairing of such devices. The pairing challenge revolves around establishing on-the-fly secure communication without any trusted (on- or off-line) third parties between devices that have no prior association. One basic approach to counter Man-in-the-Middle (MiTM) attacks in such setting is to involve the user in the pairing process. Previous research yielded some interesting secure pairing techniques, some of which ask too much of the human user, while others assume availability of specialized equipment (e.g., wires, photo or video cameras) on personal devices. Furthermore, all prior methods assumed an established insecure channel over a common digital (human-imperceptible) communication medium, such as infrared, 802.11 or Bluetooth.

In this paper we introduce a very simple technique called HAPADEP (Human-Assisted Pure Audio Device Pairing). HAPADEP uses the audio channel to exchange both data and verification information among devices without requiring any other means of common electronic communication. Despite its simplicity, a number of interesting issues arise in the design of HAPADEP. We discuss design and implementation highlights as well as usability features and limitations.


User-Aided Security Secure Device Pairing Authentication Protocols Secure First Connect Man-in-the-Middle attacks 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bouncy Castle Crypto APIs,
  2. 2.
  3. 3.
    Perrig, A., Song, D.: Hash visualization: A new technique to improve real-world security. In: Proceedings of the 1999 International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC 1999), pp. 131–138 (July 1999)Google Scholar
  4. 4.
    Alliance, W.: Wi-fi protected setup specification. WiFi Alliance Document (January 2007)Google Scholar
  5. 5.
    Balfanz, D., Smetters, D.K., Stewart, P., Wong, H.C.: Talking to strangers: Authentication in ad-hoc wireless networks. In: Symposium on Network and Distributed Systems Security (NDSS 2002) (February 2002)Google Scholar
  6. 6.
    Ellison, C.M., Dohrmann, S.: Public-key support for group collaboration. ACM Trans. Inf. Syst. Secur. 6(4), 547–565 (2003)CrossRefGoogle Scholar
  7. 7.
    Feeney, L.M., Ahlgren, B., Westerlund, A.: Demonstration abstract: Spontaneous networking for secure collaborative applications in an infrastructureless environment. In: International conference on pervasive computing (pervasive 2002) (2002)Google Scholar
  8. 8.
    Stajano, F., Anderson, R.: The resurrecting duckling: Security issues for ad-hoc wireless networks. In: Security Protocols, 7th International Workshop (1999)Google Scholar
  9. 9.
    Goldberg, I.: Visual Key Fingerprint Code (1996),
  10. 10.
    Goodrich, M.T., Sirivianos, M., Solis, J., Tsudik, G., Uzun, E.: Loud and clear: Human-verifiable authentication based on audio. In: ICDCS 2006: Proceedings of the 26th IEEE International Conference on Distributed Computing Systems (2006)Google Scholar
  11. 11.
  12. 12.
    Holmquist, L.E., Mattern, F., Schiele, B., Alahuhta, P., Beigl, M., Gellersen, H.-W.: Smart-its friends: A technique for users to easily establish connections between smart artefacts. In: UbiComp 2001: Proceedings of the 3rd international conference on Ubiquitous Computing, Atlanta, Georgia, USA, pp. 116–122. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    McCune, J.M., Perrig, A., Reiter, M.K.: Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication. In: 2005 IEEE Symposium on Security and Privacy, pp. 110–124 (2005)Google Scholar
  14. 14.
    Kindberg, T., Zhang, K.: Secure spontaneous device association. In: Dey, A.K., Schmidt, A., McCarthy, J.F. (eds.) UbiComp 2003. LNCS, vol. 2864, pp. 124–131. Springer, Heidelberg (2003)Google Scholar
  15. 15.
    Kindberg, T., Zhang, K.: Validating and securing spontaneous associations between wireless devices. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 44–53. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Kostiainen, K., Uzun, E.: Framework for comparative usability testing of distributed applications,
  17. 17.
    Laur, S., Nyberg, K.: Efficient mutual data authentication using manually authenticated strings. In: Pointcheval, D., Mu, Y., Chen, K. (eds.) CANS 2006. LNCS, vol. 4301, pp. 90–107. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Lopes, C.: The digital voices project home page,
  19. 19.
    Lopes, C.V., Aguiar, P.M.: Acoustic modems for ubiquitous computing. IEEE Pervasive Computing 02(3), 62–71 (2003)CrossRefGoogle Scholar
  20. 20.
    Lopes, P., Aguiar, C.V.: Aerial acoustic communications. In: 2001 IEEE Workshop on the Applications of Signal Processing to Audio and Acoustics, pp. 219–222 (2001)Google Scholar
  21. 21.
    Mayrhofer, R., Gellersen, H.: Shake well before use: Authentication based on accelerometer data. In: Proc. Pervasive 2007: 5th International Conference on Pervasive Computing (2007)Google Scholar
  22. 22.
    Microsoft. Windows connect now-ufd and windows vista specification. version 1.0 (2006),
  23. 23.
    Saxena, N., Ekberg, J.-E., Kostiainen, K., Asokan, N.: Secure Device Pairing based on a Visual Channel. In: 2006 IEEE Symposium on Security and Privacy (2006)Google Scholar
  24. 24.
    Pasini, S., Vaudenay, S.: Sas-based authenticated key agreement. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 395–409. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  25. 25.
    Prasad, R., Saxena, N.: Efficient device pairing using human-comparable synchronized audiovisual patterns. In: Applied Cryptography and Network Security (ACNS) (June 2008)Google Scholar
  26. 26.
    Roth, V., Polak, W., Rieffel, E.G., Turner, T.: Simple and effective defense against evil twin access points. In: WISEC, short paper, pp. 220–235 (2008)Google Scholar
  27. 27.
    Soriente, C., Tsudik, G., Uzun, E.: BEDA: Button-Enabled Device Association. In: IWSSI (2007)Google Scholar
  28. 28.
    Uzun, E., Karvonen, K., Asokan, N.: Usability Analysis of Secure Pairing Methods. In: Dietrich, S., Dhamija, R. (eds.) USEC 2007. LNCS, vol. 4886. Springer, Heidelberg (2007)Google Scholar
  29. 29.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory IT–22(6), 644–654 (1976)CrossRefMathSciNetGoogle Scholar
  30. 30.
    Wireless USB Specification. Association models supplement. revision 1.0. USB Implementers Forum (2006),

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Claudio Soriente
    • 1
  • Gene Tsudik
    • 1
  • Ersin Uzun
    • 1
  1. 1.Computer Science DepartmentUniversity of CaliforniaIrvine 

Personalised recommendations