A simple computer security question

2 points by javajosh ↗ HN
Is it possible for two devices A & B, like smartphones, to come into contact using any combination of sensors, to "know" each other, such that A can recognize B again with virtually no chance of false positive?

4 comments

[ 4.2 ms ] story [ 36.0 ms ] thread
Yes, this a fairly standard authentication/handshaking problem. However, the man in the middle problem is plenty real in this case. See the failures and travails of electronic car keys; very similar problem.
> this a fairly standard authentication/handshaking problem

I don't think so. The question is precise, and has more to do with physics, IMHO. Consider the problem from first principles - what is possible? The standard path is to start with sharing a secret that is checked again in the future. The threat model is well-known, too.

What can we get thinking outside the box? Consider that A could physically examine B, as with a photographic sensor taking photographs or video, and document the physical appearance of the device to arbitrary accuracy. At a future date, the same examination takes place, and modulo some additional wear or other deformations, we recognize the device. What is the threat model here? It's whether you can reproduce the appearance of the device. But can you? You'd both need to scan the device and recreate it's physical appearance--down to arbitrary detail. That's a tough, expensive problem. Another important threat is unavoidable deformation, like a new phone, case, etc. This case is similar to simply losing a shared private key, which is catastrophic.

Next, lets talk about MITM. This threat model requires overhearing the conversation between A and B. How do we normally do device-to-device communication? Over the public internet. Over wifi. The other is optically, often via QR code. (I think exchange by optical signal is actually rather secure, BTW, such that only those who can see the QR code can eavesdrop which is a pretty low number. I suspect optical transfer may be more practically secure than a message sent over even the best we have today, which is properly configured TLS client and server, or an app like Signal because you avoid a huge surface area related to any network comms). But we can go even further, and think about how to foil even theoretical optical eavesdropping, by making the secret exchange an interesting kind of shared program that is executed simultaneously by both devices, by sharing state with each other: The camera of A pointing at the screen of B and the camera of B pointing at the screen of A in a kind of electronic position 69. An observer would see incomprehensible flashing, too fast to follow and which would have to be captured in full, of both screens, in order to be useable.

I think I'm coming to your view of it. Man in the middle is hard, and some ways to deal with that over the internet don't apply in this case. Physics is certainly one approach to try to deal with the man in the middle; I'm less sure it's the only one. But maybe.

Simultaneous transmission of a (previously shared) large key/token is an interesting thought. But a middle man's delay wouldn't prevent it from getting a timing matchup.

Mirroring/replying so fast that no device any distance away could play the man in the middle part seems best. In which case physics wins as you say. If this is a new thought (not likely?) it might be worth a patent. I have suggested timing re internet authentication, long ago; I'm sure many others have had the same thought or have implemented it. Timing has certainly been used to help pin down hacker and server locations.

Identifying the device physically by sight seems entirely unnecessary and risky to me.

Another approach might be to send messages on a few vectors, ultrasound, infrared, sound and wifi - hoping an interceptor wouldn't discover all the vectors used, but I'm not crazy about that. Getting the man out of the middle for sure is a tough problem.

My problem with the QR code is telescopes and the speed of light; since you can't rely on the phone you think you're communicating with not to be the middle man. Not sure I've said this clearly.

Once upon a time there was an app called Bump.