"Thus we have a [transmit] message which can't be altered, hidden, or prevented without being detected at the receivers," say the MIT researchers.

But there's a potential flaw in this approach, as they note: TEP uses silent periods to authenticate communications. Other Wi-Fi devices listening on the channel would assume the silences mean the channel is open, and attempt their own transmission in keeping with the 802.11 protocol. To prevent this, TEP uses an optional mechanism in 802.11, called "clear to send" or CTS, which is a frame that reserves the channel for a given transmitter. Other devices seeing the CTS frame would hold off on transmitting until Party A completes its hash transmission.

Having created this "tamper evident message," the MIT team created a protocol to implement it as part of setting up a secure wireless pairing between radios, riding on top of the push-button technique adopted via the Wi-Fi Alliance. Party A sends out a request message using the TEP primitive; Party B must reply using the same primitive within 120 seconds. If Party A receives only one reply in that time frame, and via TEP detects no tampering, the pairing goes forward.

But if an attacker tries to insert himself between the two parties, two things can happen to frustrate his attempt. First, Party A sees two replies to the original request, one from Party B and one from the attacker, and refuses to connect. Second, if the attacker tries to tamper with the Party B's reply message, TEP lets Party A detect the tampering and, again, refuse to connect.

The researchers streamlined this entire process of exchanging tamper-evident messages in order to set up a secure channel. They say that the hash and the longer synchronization packet add less than 23 milliseconds of overhead to the transmission.