But Diffie-Hellman suffers from a well-known problem: An attacker inserts himself between the two parties and, for each one, pretends to be the other, sending each one his own Diffie-Hellman message. Both parties end up sharing their secret key with the attacker, who then has full access to the communications between them.

Passwords can be used to block such attacks, but there are problems. On public networks, users often have the same password. Other networks are protected with very weak passwords, or with none at all. Some use such standards as the Wi-Fi Alliance's or Bluetooth's simple wireless pairing, a kind of push-button approach to secure connections. But these, too, are based on the Diffie-Hellman Exchange and remain vulnerable to the man-in-the-middle attack.

Another solution is to use "non-wireless" or out-of-band channels, such as audio or infrared, to authenticate and secure the channel. But these, the researchers say, can be costly and hard to adapt to small, resource-constrained wireless devices.

TEP begins by analyzing how an attacker mounts a man-in-the-middle exploit: In every case, the researchers say, the attack involves tampering with wireless messages. The researchers say they've identified these tampering techniques and can detect when they're being used. "Since we can [now] detect tampering, we can [now] trust messages which are untampered with," according to the group's Usenix presentation.

An attacker can tamper with a wireless message in three ways: by altering a message sent by one party to match his own Diffie-Hellman key; by hiding the fact that Party A has sent a message at all; and by blocking a message from being sent. TEP is designed to defang each of these tampering techniques.