Amigo: Proximity-based Authentication of Mobile Devices
Google Tech Talk, Mountain View, CA, July 2007
Secure and spontaneous communication between wireless devices that come within close proximity of each other, but lack a pre-existing trust relationship -- devices that are previously unknown to each other -- is an important component of many future pervasive applications. For example, patrons at a bar, guests at a party or conference participants may use their mobile phones to exchange private contact information over Bluetooth or WiFi. Consumers may use their mobile devices as electronic wallets to pay for tickets at the train station or groceries at the store. A user may take advantage of resources available in the environment by pairing their mobile phone to a public full-sized display and keyboard, or share music by pairing their MP3 player to a friend's home entertainment system. In this talk, I will introduce a technique that authenticates devices in close proximity by using knowledge of their shared radio environment as proof of physical proximity. I will describe Amigo, a WiFi based prototype that is robust against a range of passive and active attacks. The key advantages of Amigo are that it does not require any additional hardware to be present on the devices beyond the radios that are already used for communication, it does not require user involvement to verify the validity of the authentication process, and it is not vulnerable to eavesdropping.