Location-Limited Channels

To establish secure communication between two networked devices, they must share some trust information that they can use to securely "recognize" each other -- to be sure they are talking to who they think they are talking to.  Establishing this shared trust information in a secure way is referred to as the key distribution problem. Traditional approaches to this problem require the devices to participate in an existing, managed infrastructure.  They could both know a shared secret or password, they could have copies of each other's public keys, or they could belong to a Public Key Infrastructure (PKI) and know each others' names.  For mobile devices interacting with new devices they encounter, and new consumer devices brought into the home, this will not be the case. We need a way to allow two devices to communicate securely with each other even if they know nothing about each other a priori.  Such secure communication forms the basis of a wide variety of applications -- they can securely exchange data, issue credentials, set configurations, and so forth.

We solve this problem in a simple, easy-to-use manner. A user wishing to initiate communication between his device and another device in the area simply "points out" his desired communication partner using a location-limited channel -- e.g. touching the two devices together, or indicating the desired target using infrared, as with a remote control. 

With this simple and intuitive gesture, the user actually sends a small amount of cryptographic information -- an identifier, or "fingerprint" for a public key -- across the more trusted location-limited channel, and the target device sends a similar identifier back.  This allows those devices to then authenticate each other and communicate securely over any network. In some sense, they agree to trust the device that has the private key corresponding to the public key they received over the location-limited channel.  Channels such as infrared or physical contact give a strong intuitive feeling of "pointing out". A simple, passive USB storage token can be used to exchange authentication information between less mobile devices.  Audio channels allow the exchange of authentication information between a number of devices at once, enabling secure group communication.  Most or all of these approaches can even be used with devices where traditional password-based authentication would be impossible -- for instance, because the device does not have a keyboard.

Securing Off-the-Shelf Protocols

One of the most appealing features of the location-limited channel approach is that it provides a simple and intuitive mechanism for establishing trust in public keys.  Once this key distribution step is accomplished, those trusted public keys can be used in a wide variety of trusted, standardized cryptographic protocols -- protocols whose deployment has been held back because of the difficulty of solving the key distribution problem.  This way, you get the security of well-established scrutinized protocols combined with an unprecedented ease of use. In many cases, it even allows devices configured using PARC's intuitive technology to interoperate seamlessly with standard off-the-shelf devices, because PARC technology is only used during initial configuration.

For example, SSL (or TLS) is a standard protocol used to secure the vast majority of web traffic. TLS provides the facility to allow both communicating parties to authenticate each other very securely, by having each party obtain a digital certificate that the other trusts.  During the TLS handshake, the two communicating parties authenticate each others public keys by verifying these certificates.  However, to obtain these certificates, both parties must enroll in a Public Key Infrastructure (PKI). Enrolling in a PKI is a cumbersome and time-consuming process, so much so that most users of TLS opt to use a less-secure method of authenticating clients with passwords, just to avoid the difficulty of issuing them certificates. PARC's Whisper technology can be used to secure TLS exchanges, by authenticating the two parties' public keys over the location-limited channel,  i.e. devices will successfully complete a TLS handshake if and only if they have been "introduced" to each other by a human user, through a location-limited channel. They don't need to participate in a PKI.  However, one of the most appealing uses of PARC's Whisper technology is to make it extremely easy to set up a small PKI -- by simply issuing a certificate over the secure tunnel authenticated by the location-limited exchange. 

This approach can be used to authenticate any public-key based key exchange protocol.  Whisper technology addresses the key distribution problem -- a problem that is required to have already been solved in order to use most or all cryptographic protocols. The actual run of the protocol is unaffected by the presence of Whisper technology.

Providing Useful User-Interaction Primitives

One goal of Whisper is to discover useful user-interaction primitives that enable users to manage their devices securely. For example, location-limited channels provide the user with a convenient way to set up secure connections between devices. The user simply points out which device to talk to, and the connection is secured without the user necessarily being aware of that fact. Had we chosen a different primitive (e.g., typing PINs into the two devices), the effect may have been both less user-friendly and less secure.

In our Network-in-a-Box application the user adds a device to a wireless network by literally introducing it to the access point that is providing the network. This may be unfamiliar to users who are accustomed to setting up network connections by navigating through setup screens and filling out forms on their computers, but it is an intuitive step that instantly makes sense to users.

Inferring Security from User Actions

Sometimes, it may not even be necessary to invent new user-interaction primitives to facilitate secure setup. All too often, the actions users take already give enough information about his or her intentions to enable secure applications. For example, typing "ssh foo.bar.com" enables the system to figure out what the user is trying to do (log onto foo.bar.com), and also do that securely. Compare that with the steps typically necessary to share files. First, the users needs to specify somehow that the file should be shared (by exposing it, for example, through an HTTP, SMB, or NFS server). Second, the user needs to specify how the file should be protected (by configuring access control on, say, the Web server).

One part of the Whisper research effort is to identify situations in which security can be inferred from user actions, and then remove redundant security steps from the setup process. This way, there is no risk of users forgetting or incorrectly applying the security setup step.