Tap-Pair: Using Spatial Secrets for Single-Tap Device Pairing of Augmented Reality Headsets

Abstract

Augmented Reality (AR) headsets, which allow for a realistic integration between the physical environment and virtual objects, are rapidly coming to customer and enterprise markets. This is largely because they enable a broad range of multi-user applications in which all participants experience the same augmentation of their natural surrounding. However, despite their increasing expansion, there currently exist no implemented methods for secure ad-hoc device pairing of multiple AR headsets. Given the importance of multi-user experiences for future applications of this technology, in this paper we propose two distinct ways to establish secure ad-hoc connections that rely only on typical user interactions in AR: gazing and tapping either at the location of a shared point on the wall or towards the user with whom one wants to connect. To show the feasibility and deployability of the proposed system to existing technology, we build a prototype of Tap-Pair, a system for ad-hoc pairing of AR headsets that is based on Password Authenticated Key Exchange protocols, requires only user interactions that are common in AR, and can be extended to more than two users. The experimental evaluation of the Tap-Pair prototype in a series of measurements at three different locations confirms the feasibility of our proposal, showing that the system built with currently available augmented reality headsets indeed achieves successful pairing in more than 90% of attempts, while keeping the probability of the attacker's success lower than 1e-3.