Authenticated Audio

It happens to me quite often that I am assigned an emergency exit row seat on a plane. Airlines probably have preference to seat frequent flyers there, as (logically) they probability of them acting properly in an emergency is higher. Frequent flyers are more accustomed to handling different flight situations. It is interesting though how the onboarding procedure for emergency exit passengers differs among airlines.

Some time ago I had a discussion on that with a Lufthansa fight attendant. She was instructing me to open the exit only when I receive the "passenger evacuation" message FROM HER. One question I had was what if she is not able to give such command (this can be easily imagined in an emergency situation). She was indignant: "this will never happen". I was not convinced however...

The other more relevant question was about authentication: how do I know IT IS YOU? What if somebody else shouts "passenger evacuation" (this can be easily envisioned too in an emergency situation). "You will know it" - was the answer. Fair enough. I *could* know it with some degree of probability and apply my own decision making process on top; The fuzzy nature of humans' decisions allows for protocols to be fairly imprecise - humans take variety of inputs and dynamically assign weights to them and make their own judgement. When making a phone call my fuzzy logic easily authenticates the called party if I know them - not only by the sound of the voice by also by a number of other sub-conscious judgements and behaviors.

Enter the machine-to-machine communications world and things become much more strict.

Ad this is precisely why I love how security has now been extended to the new LE audio features supported by the recently adopted Bluetooth 5.2 specification. Bluetooth SIG prepared an excellent primer on these new features: https://www.bluetooth.com/wp-content/uploads/2020/01/Bluetooth_5.2_Feature_Overview.pdf.

Authenticated broadcast is one of the features that are going to enable variety of audio services. The receiver of an audio stream will be able to cryptographically authenticate the source. This is of an ultimate importance for broadcast streams. A broadcaster may be as simple as your door bell (ringing the bell in your earphones when somebody is at YOUR door). It may also be much more complex, like an announcement of a gate change of the flight YOU are checked in to. The authentication will simply prevent fake broadcasters from sending people to wrong gates.

Authentication is the most important part of security in any communication system. Encryption comes after. Gate change or evacuation messages are not secret. But they must be authentic, otherwise they would never be adopted on a wide scale in products and services.