1. Field
At least one feature relates to pairing and authenticating network devices communicating in wireless networks, and, more particularly, to using images, icons and/or, optionally, sounds in comparison association models implemented in protection schemes against the man-in-the middle attacks for a wireless device authentication.
2. Background
In wireless communication systems, secure communications between participating communications units may be accomplished by processes of pairing and authentication. Many wireless technologies implement cryptographic key exchange mechanisms that provide the participating communications units with exchanged and shared secret information confirming that the correct devices are connected.
A general problem that may occur with such key exchange mechanisms is that it may be exposed to a man-in-the-middle (MITM) attack, i.e., a security breach in which a malicious user may intercept and/or alter the messages between two communication devices. For instance, during a cryptographic key exchange between two communication devices, an intruder in a MITM attack may obtain one or more cryptographic keys during the key exchange which it can use to obtain access to information transmitted between two devices. To protect against MITM attacks, some prior art authentication methods may implement a numeric comparison protocol in which numeric confirmation values are separately calculated by the two communicating devices. The numeric confirmation values may then be either displayed on both devices to be compared by a user, or an instance of a confirmation value may be calculated by one device and entered into the other device for comparison or verification with another instance of the confirmation value.
Bluetooth wireless technology, Wi-Fi, Certified Wireless USB (CW-USB) wireless technologies provide implementations for wireless communications network systems. Bluetooth, for example allows connecting personal devices in an ad-hoc fashion. The Bluetooth standard (see “Specification of the Bluetooth System, Core, Version 2.1+EDR”, Jul. 27, 2007) comprises a number of security mechanisms to ensure that a device which a user intends to add is the device that is added and help avoid accidentally or intentionally adding unintended devices. In particular, the Bluetooth specification provides a secure simple pairing and authentication mechanism which includes a public key exchange and a numeric comparison protocol to protect against active MITM attacks. The public key exchange may serve to establish a shared secret that may be used to secure communications. The numeric comparison protocol allows a user to authenticate confirmation values on two devices to verify that a communication link or association is between two intended devices and not an intruding device.
For purposes of authentication, some wireless technologies (e.g., Bluetooth 2.0, Wi-Fi Protected Access WPA/WPA2 and earlier) use a fixed label or sticker posted on a device (or other means, such as a manual that accompanies a device) to provide a private identification number (PIN) to the user. The user may enter the PIN, or push a button, to enable data encryption for authentication. Other technologies (e.g., Bluetooth Core Specification version 2.1+EDR, CW-USB, Wi-Fi Protected Setup) are starting to move to association models that implement greater protection against active MITM attacks. Typically, the MITM protection involves displaying an N digit number (typically between two and six digits) on both devices and requesting confirmation from the user. The Bluetooth Core Specification Version 2.1+EDR provides association models where the user is requested to verify six decimal digits on each device. CW-USB has a similar mechanism to Bluetooth 2.1, but uses fewer digits for comparison. The Wi-Fi Alliance's Protected Setup configuration also uses a numeric comparison where a dynamic PIN can be generated and shown on the device's display to be compared to the PIN provided by the added devices.
A limitation of using PINs, numeric confirmation values, and/or other forms of numeric and/or alpha-numeric sequences is that digits zero (0) through nine (9) do not provide a lot of information per character. Although numeric comparison protocols used in the some technologies have simplified the authentication process for the user, as the user is not required to remember a fixed PIN or number, or create and enter a new PIN on two devices, some users may still find comparing the two numeric confirmation values cumbersome. Additionally, a numeric (or even alpha-numeric) comparison protocol is not effective or efficient where the wireless network connections involve communications in different basic languages (e.g., Chinese, Arabic, Japanese, Hebrew, Greek, etc.). Consequently, there is a need to improve the reliability and ease of comparison of the confirmation values generated in a numeric comparison protocol for MITM protection.