In wireless communications systems, the establishment of secure communications between the participating communications units is an important aspect. In many communications systems, a key exchange mechanism is implemented that provides the participating communications units with a common shared secret. Once a shared secret is established between two units, the shared secret may be used to provide encryption and/or integrity protection of the messages communicated between the units.
In many situations, the establishment of secure communications is achieved by a key exchange involving a user interaction such as a user entering a passcode, e.g. a password or a PIN, into one or both communications units. In particular, a user interaction may be necessary in situations where the participating units have not yet established any security relation, such as a shared secret
One example of a short-range wireless communications technology is Bluetooth, a radio communications technology operating in the unlicensed ISM (Industrial, Scientific and Medical) band at 2.45 GHz, which is globally available. The band provides 83.5 MHz of radio spectrum. Bluetooth is a technology that provides low cost, low power implementations of radios. Using Bluetooth it is possible to connect personal devices in an ad-hoc fashion in so-called piconets. The Bluetooth standard (see “Baseband Specification” in “Specification of the Bluetooth System, Core, Version 1.1”, Bluetooth Special Interest Group, February 2001) further comprises a number of security mechanisms. In particular, the Bluetooth standard provides a pairing mechanism, where two devices that have not been connected before perform a key exchange to establish a shared secret, the so-called link key, between two Bluetooth devices. The link key is derived from a PIN that is entered by the user(s) of the devices. The link key is subsequently used to protect the Bluetooth communication.
The so-called Diffie-Hellman key exchange protocol disclosed in U.S. Pat. No. 4,200,770 provides two devices with a shared secret. According to this protocol, each device generates a secret key, derives a public key from that secret key, and sends the public key to the other device. The shared secret is then generated by each device from its secret key and the corresponding received public key of the other device.
A general problem that may occur with such a key exchange mechanism is that it may be attacked by a man-in-the-middle attack, i.e. a security breach in which a malicious user intercepts and alters the messages between the communicating devices.
The article “Enhancements to Bluetooth baseband security” by C. Gehrmann and K. Nyberg, Proceedings of Nordsec 2001, Copenhagen, November 2001, describes an authentication scheme involving a user interaction. In particular, the above article describes a method of authenticating a shared secret that was previously established by an anonymous Diffie-Hellman key exchange. The method is based on the assumption that, if a man-in-the-middle is present in the Diffie-Hellman key exchange, then the established Diffie-Hellman keys will be different in the legitimate devices. The authentication is based on check values calculated by the two devices based on the established shared secret. The created check values are either displayed on both devices and compared by a user, or the check value calculated by one device is entered into the other device by the user to allow the other device to perform the comparison.
A problem that may occur with one or more of the above prior art systems is that they can necessitate human interaction to authenticate the established shared secret at the time of the establishment of the secure communication. This may not be desired, for example in situations where the actual secure communications should be established fast.