Description
This work is centered around the topic of the pairing problem. That is,
establishing some shared cryptographic secret between two parties. Most
recently, market trends like the Internet of Things grew the amount of
special purpose devices tremendously. Pairing protocols, like Bluetooth,
which specialize on pairing such devices, consequently became increasingly
important. We identified that many of these now commonly used pairing protocols
suffer a critical design flaw.
Protocols like Bluetooth are usually composed of multiple alternative
pairing methods in order for them to apply to a large variety of scenarios.
While most of these composing pairing methods have been proven to be secure
under certain assumptions, those assumptions are not properly verified to hold
within their eventual application context in such protocols. In many cases these
assumptions even conflict with each other when those methods are combined.
This thesis therefore describes a new approach for designing pairing
protocols. For that purpose we primarily establish a model that describes the
pairing problem in a realistic context without making artifical assumptions. Then,
for every situation that can possibly occur in this model we derive pairing procedures.
By unifiying the assumptions for those procedures in one model, during the design
phase, we were able to identify and mitigate issues that would have otherwise not been
revealed. This effort eventually yielded a blueprint for a novel, wholesome and
structuraly verifyable pairing protocol. Eventually, we implemented a
technology demonstration in the form of an Android chat application which establishes a
secure chatroom for its participants using our previous findings.
|
