Improving the Robustness of Wireless Device Pairing Using Hyphen-Delimited Numeric Comparison

Abstract

The operation of achieving authenticated key agreement between two human-operated mobile devices over a short range wireless communication channel, such as Bluetooth or Wi-Fi, is known as "pairing." The devices being paired are ad hoc in nature, i.e., they can not be assumed to have a prior context (such as pre-shared secrets) or a common trusted on- or off-line authority. However, the devices can generally be connected using auxiliary physical channel(s) (such as audio or visual) that can be authenticated by the user(s) of the devices. These authenticatable channels can thus be used to form a basis for pairing. One of the simplest pairing methods requires user to compare short (typically 4 digit long) numbers displayed on two devices. Prior usability studies investigating the numeric comparison method indicate that although users hardly ever reject matching numbers on two devices, a critical task of detecting non-matching numbers (and thus potential man-in-the-middle attacks) can be error-prone. In this paper, we propose a very simple and an intuitive method of employing "hyphen-delimited" numbers in device pairing. Our usability studies and analysis of test results show that the proposed method improves the robustness as well as usability of pairing based on numeric comparison.