The Ephemeral Pairing Problem
📝 Abstract
In wireless ad-hoc broadcast networks the pairing problem consists of establishing a (long-term) connection between two specific physical nodes in the network that do not yet know each other. We focus on the ephemeral version of this problem. Ephemeral pairings occur, for example, when electronic business cards are exchanged between two people that meet, or when one pays at a check-out using a wireless wallet. This problem can, in more abstract terms, be phrased as an ephemeral key exchange problem: given a low bandwidth authentic (or private) communication channel between two nodes, and a high bandwidth broadcast channel, can we establish a high-entropy shared secret session key between the two nodes without relying on any a priori shared secret information. Apart from introducing this new problem, we present several ephemeral key exchange protocols, both for the case of authentic channels as well as for the case of private channels.
💡 Analysis
In wireless ad-hoc broadcast networks the pairing problem consists of establishing a (long-term) connection between two specific physical nodes in the network that do not yet know each other. We focus on the ephemeral version of this problem. Ephemeral pairings occur, for example, when electronic business cards are exchanged between two people that meet, or when one pays at a check-out using a wireless wallet. This problem can, in more abstract terms, be phrased as an ephemeral key exchange problem: given a low bandwidth authentic (or private) communication channel between two nodes, and a high bandwidth broadcast channel, can we establish a high-entropy shared secret session key between the two nodes without relying on any a priori shared secret information. Apart from introducing this new problem, we present several ephemeral key exchange protocols, both for the case of authentic channels as well as for the case of private channels.
📄 Content
arXiv:0802.0834v1 [cs.CR] 6 Feb 2008 The Ephemeral Pairing Problem⋆ Jaap-Henk Hoepman Department of Computer Science, University of Nijmegen P.O.Box 9010, 6500 GL Nijmegen, the Netherlands jhh@cs.kun.nl Abstract. In wireless ad-hoc broadcast networks the pairing problem consists of establishing a (long-term) connection between two specific physical nodes in the network that do not yet know each other. We focus on the ephemeral version of this problem. Ephemeral pairings occur, for example, when electronic business cards are exchanged between two people that meet, or when one pays at a check-out using a wireless wallet. This problem can, in more abstract terms, be phrased as an ephemeral key exchange problem: given a low bandwidth authentic (or private) communication channel between two nodes, and a high bandwidth broad- cast channel, can we establish a high-entropy shared secret session key between the two nodes without relying on any a priori shared secret information. Apart from introducing this new problem, we present several ephemeral key exchange protocols, both for the case of authentic channels as well as for the case of private channels. Keywords: Authentication, identification, pairing, key exchange. 1 Introduction In wireless ad-hoc broadcast networks like Bluetooth1 or IrDA2 there is no guar- antee that two physical nodes that want to communicate with each other are actually talking to each other. The pairing problem consists of securely estab- lishing a connection or relationship between two specific nodes in the network that do not yet know each other3. For example, to insure that a newly bought television set is only controllable by your old remote control, the two need to be paired first. Because this pairing is performed only once (or a few times) during the lifetime of any pair of nodes, the pairing procedure can be quite involved. The importance of pairing, and the security policies governing such long-term paired nodes, is described by Stajano and Anderson [SA99]. ⋆Id: pairing.tex,v 1.11 2003/11/24 11:34:49 hoepman Exp 1 See http://www.bluetooth.com . 2 See http://www.irda.org . 3 Note the subtle difference with authentication: in the pairing problem we are not interested in the actual identity of any of the nodes. In fact, in a wired network the problem is easily solved by checking that a single wire connects both nodes. 2 Jaap-Henk Hoepman Fig. 1. Unwanted exchange of information between unpaired nodes. Sometimes, pairings may have to be performed much more frequently, and should only establish a relationship for the duration of the connection between the two nodes. Such ephemeral pairings occur, for example, when exchanging electronic business cards between two people that happen to meet, or when paying at a check-out using a wireless wallet on your mobile phone. Because such pairings may happen many times a day, the pairing procedure should be fast and the amount of user intervention should be limited. On the other hand, a high level of trust in the pairing may be required. Therefore, the pairing should be established in such a way that a high level of security is achieved even with minimal user interaction. Additionally, privacy may be a concern. Finally, the pairing should be made on the spot, preferably without any preparations. To achieve such pairings, we do not wish to rely on any secret information shared a priori among the nodes. For the large scale systems where we expect the ephemeral pairings to play a part, such a secure initialisation might be costly and carry a huge organisational burden. Instead, we allow the nodes in the system to exchange small amounts of information reliably and/or privately. Several realistic methods for doing so are briefly discussed in this paper. The importance of correctly pairing nodes becomes apparent if we study the two examples just given in slightly more detail (see Fig. 1). If some people in a crowd start exchanging business cards that may also contain quite personal information, the business cards surely should not be mixed up by the wireless network. Similarly, if two people are about to pay using a wireless wallet at two adjacent check-outs in a supermarket, the system should make sure that both are paying the right bills. In fact, similar problems plague smart card purse based systems like the Common Electronic Purse Specifications (CEPS [Cep01]), see [JW01] for details. The ephemeral pairing problem can also be phrased in more abstract terms as a key exchange problem. Suppose we are given a low bandwidth authentic The Ephemeral Pairing Problem 3 (or private) communication channel between two nodes, and a high bandwidth broadcast channel, can we establish a high-entropy shared secret session key be- tween the two nodes without relying on any a priori shared secret information? We call this problem the ephemeral key exchange (denoted by ϕKE) problem. Here, the low bandwidth channel models the (implicit) authentication and lim- ited information
This content is AI-processed based on ArXiv data.