Abstract

With the proliferation of mobile devices, spontaneous interactions between co-located devices that do not know each other a priori will become commonplace. Securing these interactions against eavesdropping and man-in-the-middle attacks is an important and challenging task. In this paper, we postulate that mobile devices that are positioned in close proximity may be able to derive a shared secret to secure their communication by monitoring fluctuations in the signal strength of existing ambient radio sources (GSM cell towers or WiFi access points) in their common environment. We explore the feasibility of deriving location-based secrets and describe two approaches for how such a secret could be used to secure spontaneous communication. Deriving location-based secrets is a hard problem because while the radio environment perceived by various devices in close proximity is similar, it is not identical.