Unidirectional Auxiliary Channel Challenge-Response Authentication

Paper i proceeding, 2008

We propose an approach for authentication of exchanged public values between two previously unknown devices in close proximity. We suggest using a unidirectional auxiliary channel challenge-response scheme, where the response and challenge from one device are transmitted over an auxiliary channel. It is assumed that a network attacker cannot access the auxiliary channel, and thus, man-in-the-middle attacks are prevented since the attacker cannot learn the response and challenge. In addition, passive eavesdropping is prevented since no shared secrets are used. We design a unidirectional auxiliary channel challenge-response protocol for Bluetooth and show that it is substantially more efficient and achieves an equal or increased level of security while maintaining the usability and convenience level for the user in comparison to the original Bluetooth protocol.