Validating and Securing Spontaneous Associations between Wireless Devices

One of the sought-after characteristics of mobile and ubiquitous computing environments is for devices to become spontaneously associated and interoperate over wireless networks. However, unlike the cable that connects two devices in a wired association, a wireless network does not provide a physical indication of which device is on the other end of the association. Further, the messages sent over a wireless network are readily accessible to other devices on the same network. Hence, a spontaneous wireless association is subject to various spoofing and replay attacks. We introduce protocols to thwart these attacks by physically validating the two devices in a wireless association and, in so doing, exchanging a shared session key between them for subsequent secure communication.