This project leverages the sensing capabilities of modern mobile devices to addresses the challenge of enabling secure spontaneous communication between wireless devices that come within close proximity of each other, but lack a pre-existing trust relationship – devices that are previously unknown to each other. Spontaneous secure pairing of pervasive devices would for example ensure that when Alice forwards her private contact information to Bob (who she just met), her phone communicates with Bob’s cell phone (possibly over Bluetooth or WiFi), and not with some other malicious device trying to impersonate Bob’s cell phone.
Our approach uses knowledge of the common radio environment, which changes over location and time, as proof of physical proximity. We have developed an algorithm that extends the Diffie-Hellman key exchange with a proximity authentication phase. After the Diffie-Hellman exchange, each device generates a signature by monitoring the transmissions of ambient radio sources (e.g., available WiFi access points). The devices then compare the signatures, and verify whether there is enough similarity to conclude that they are in proximity. This approach provides security without requiring user involvement to verify the pairing process, e.g., users are not required to type a password.