Revision history [back]

click to hide/show revision 1
initial version

Alljoyn Pairing Security

Alljoyn Pairing Security - we use the ALLJOYN_ECDHE_NULL authentication mechanism to create a encrypted connection between our devices. We choose this option because we do not want the user to have to enter pincodes, or passwords. Instead we use a simple picture pairing protocol to pair devices - the user is asked to select images on both devices. However with anonymous key exchange there is a risk of a 'man in the middle' attack. Therefore we would like to be able to leverage the shared secret in order to select the picture displayed on each device. Do you think it’s acceptable to use Master / Session key like this?\