A comparative study of secure device pairing methods

``Secure Device Pairing' or ``Secure First Connect' is the process of bootstrapping a se- cure channel between two previously unassociated devices over some (usually wireless) human-imperceptible communication channel. Absence of prior security context and com- mon trust infrastructure open the door for the so-called Man-in-the-Middle and Evil Twin attacks. Mitigation of these attacks requires some level of user involvement in the device pairing process. Prior research yielded a number of technically sound methods relying on various auxiliary human-perceptible out-of-band channels, e.g., visual, acoustic and tactile. Such methods engage the user in authenticating information exchanged over the human- imperceptible channel, thus defending against MiTM attacks and forming the basis for se- cure pairing. This paper reports on a comprehensive and comparative evaluation of notable secure device pairing methods. This evaluation was obtained via a thorough analysis of these methods, in terms of both security and usability. The results help us identify methods best- suited for specific combinations of devices and human abilities. This work is an important step in understanding usability in one of the rare settings where a very wide range of users (not just specialists) are confronted with modern security technology.