noteworthy wrote:
Shyamnath Gollakota, Nabeel Ahmed, Nickolai Zeldovich, and Dina Katabi:

This paper presents the first wireless pairing protocol that works in-band, with no pre-shared keys, and protects against MITM attacks.

Sigh, I was trying to avoid directly juxtaposing these two. This is an example of the difference between an academic approach to a problem and a real world approach to a problem.

The wireless pairing paper is an academic approach to the problem. It "protects against MITM attacks" for a constrained definition of "MITM attacks" which is not the same thing as the real world MITM problem on wifi networks. The paper assumes that the victim knows the MAC address of wireless access point he or she wants to connect to, and the only thing the attacker can do is interfere with that connection at the wireless link layer.

In the real world, the attacker is not constrained in this way. The victim has no way to differentiate the attackers access point from the legitimate access point that they want to connect to if both access points have the same SSID. This protocol does not solve that problem. At no point does the paper acknowledge that the constrained, academic definition of "MITM attacks" that they are operating under is not the same thing as the real world problem, and of course, lots of people who read this paper do not understand the difference.

The technology presented in this paper meets the requirements set out by the paper. Its an interesting approach. Perhaps there is some real world application for this technology. But it does not solve the problem of MITM attacks in real world wifi networking.

RE: Secure In-Band Wireless Pairing