Weirong Cui,Chenglie Du,Jinchao Chen

DOI: https://doi.org/10.1007/s11276-017-1588-9

IF: 2.701

2017-01-01

Wireless Networks

Abstract:Wireless device-to-device (D2D) communication, which enables direct communication between co-located devices without Internet access, is becoming common. Simultaneously, security issues have become technical barriers to D2D communication due to its open-air nature and lack of centralized control. Automatically establishing the secure association between wireless devices that do not share a prior trust remains an open and challenging problem. Recent work has proposed to extract shared keys from the similar ambient radio signals of two co-located wireless devices. Using such methods, information reconciliation based on error-correcting techniques is implemented to make two co-located devices extract the same bitstreams as the shared keys from their similar ambient radio environment. However, due to the bounded capability of the error-correcting code, existing methods can only work effectively in a very short distance range. In this paper, we propose a novel solution, called proximity-based secure pairing (PSP), which allows two wireless devices in physical proximity to automatically authenticate each other and obtain shared keys according to the channel state information of the WiFi signals. In contrast to existing methods, PSP is built on private set intersection computation rather than information reconciliation, which makes it effective over a wider distance range while ensuring security and efficiency. We provide a thorough security analysis and performance evaluation of PSP and demonstrate its advantages in terms of security, efficiency and usability over state-of-the-art methods.

Chuxiong Wu,Xiaopeng Li,Lannan Luo,Qiang Zeng

2024-09-25

Abstract:Secure pairing is crucial for ensuring the trustworthy deployment and operation of Internet of Things (IoT) devices. However, traditional pairing methods are often unsuitable for IoT devices due to their lack of conventional user interfaces, such as keyboards. Proximity-based pairing approaches are usable but vulnerable to exploitation by co-located malicious devices. While methods based on a user's physical operations (such as shaking) on IoT devices offer greater security, they typically rely on inertial sensors to sense the operations, which most IoT devices lack. We introduce a novel technique called Universal Operation Sensing, enabling IoT devices to sense the user's physical operations without the need for inertial sensors. With this technique, users can complete the pairing process within seconds using simple actions such as pressing a button or twisting a knob, whether they are holding a smartphone or wearing a smartwatch. Moreover, we reveal an inaccuracy issue in the fuzzy commitment protocol, which is frequently used for pairing. To address it, we propose an accurate pairing protocol, which does not use fuzzy commitment and incurs zero information loss. The comprehensive evaluation shows that it is secure, usable and efficient.

Cryptography and Security

Yao Wang,Tao Gu,Yu Zhang,Minjie Lyu,Hui Li

DOI: https://doi.org/10.1109/tmc.2024.3406016

IF: 6.075

2024-01-01

IEEE Transactions on Mobile Computing

Abstract:Recent research has been exploring ways to streamline device pairing by introducing touch-to-access that minimizes user interaction. It generates pairing keys by extracting features from a shared information source to ascertain if two devices are being held by the same person. While these solutions focus on verifying the authenticity of the device, they do not consider the legitimacy and pairing intent of the device holder. Moreover, the pairing keys exchanged over an open wireless link may be susceptible to eavesdropping attacks. In this paper, we propose a secure device pairing mechanism that utilizes the unique electrical responses of the human body to generate and transmit user-specific pairing keys, ensuring both the user's legitimacy and pairing intent while also improving key transmission reliability. We accomplish this by using the device's built-in microphone to capture ambient sound as entropy and converting it into an electrical signal transmitted by the body for device pairing. We have built a prototype and conducted extensive experiments with 31 participants to evaluate its security and usability. The results demonstrate that our proposed mechanism offers a more secure and reliable option for user-specific pairing keys, contributing to the field of device pairing.

Ziqi Xu,Jingcheng Li,Yanjun Pan,Ming Li,Loukas Lazos

2023-06-30

Abstract:Many Next Generation (NextG) applications feature devices that are capable of communicating and sensing in the Millimeter-Wave (mmWave) bands. Trust establishment is an important first step to bootstrap secure mmWave communication links, which is challenging due to the lack of prior secrets and the fact that traditional cryptographic authentication methods cannot bind digital trust with physical properties. Previously, context-based device pairing approaches were proposed to extract shared secrets from common context, using various sensing modalities. However, they suffer from various limitations in practicality and security. In this work, we propose the first secret-free device pairing scheme in the mmWave band that explores the unique physical-layer properties of mmWave communications. Our basic idea is to let Alice and Bob derive common randomness by sampling physical activity in the surrounding environment that disturbs their wireless channel. They construct reliable fingerprints of the activity by extracting event timing information from the channel state. We further propose an uncoordinated path hopping mechanism to resolve the challenges of beam alignment for activity sensing without prior trust. A key novelty of our protocol is that it remains secure against both co-located passive adversaries and active Man-in-the-Middle attacks, which is not possible with existing context-based pairing approaches. We implement our protocol in a 28GHz mmWave testbed, and experimentally evaluate its security in realistic indoor environments. Results show that our protocol can effectively thwart several different types of adversaries.

Cryptography and Security,Signal Processing

Zhijian Shao,Jian Weng,Yue Zhang,Yongdong Wu,Ming Li,Jiasi Weng,Weiqi Luo,Shui Yu

DOI: https://doi.org/10.48550/arXiv.2002.11288

2020-02-26

Abstract:The popularity of Internet-of-Things (IoT) comes with security concerns. Attacks against wireless communication venues of IoT (e.g., Man-in-the-Middle attacks) have grown at an alarming rate over the past decade. Pairing, which allows the establishment of the secure communicating channels for IoT devices without a prior relationship, is thus a paramount capability. Existing secure pairing protocols require auxiliary equipment/peripheral (e.g., displays, speakers and sensors) to achieve authentication, which is unacceptable for low-priced devices such as smart lamps. This paper studies how to design a peripheral-free secure pairing protocol. Concretely, we design the protocol, termed SwitchPairing, via out-of-box power supplying chargers and on-board clocks, achieving security and economics at the same time. When a user wants to pair two or more devices, he/she connects the pairing devices to the same power source, and presses/releases the switch on/off button several times. Then, the press and release timing can be used to derive symmetric keys. We implement a prototype via two CC2640R2F development boards from Texas Instruments (TI) due to its prevalence. Extensive experiments and user studies are also conducted to benchmark our protocol in terms of efficiency and security.

Cryptography and Security

Yuchen Miao,Chaojie Gu,Zhenyu Yan,Sze Yiu Chau,Rui Tan,Qi Lin,Wen Hu,Shibo He,Jiming Chen

DOI: https://doi.org/10.1145/3596264

2023-01-01

Abstract:Secure device pairing is important to wearables. Existing solutions either degrade usability due to the need of specific actions like shaking, or they lack universality due to the need of dedicated hardware like electrocardiogram sensors. This paper proposes TouchKey, a symmetric key generation scheme that exploits the skin electric potential (SEP) induced by powerline electromagnetic radiation. The SEP is ubiquitously accessible indoors with analog-to-digital converters widely available on Internet of Things devices. Our measurements show that the SEP has high randomness and the SEPs measured at two close locations on the same human body are similar. Extensive experiments show that TouchKey achieves a high key generation rate of 345 bit/s and an average success rate of 99.29%. Under a range of adversary models including active and passive attacks, TouchKey shows a low false acceptance rate of 0.86%, which outperforms existing solutions. Besides, the overall execution time and energy usage are 0.44 s and 2.716 mJ, which make it suitable for resource-constrained devices.

Tengxiang Zhang,Xin Yi,Ruolin Wang,Yuntao Wang,Chun Yu,Yiqin Lu,Yuanchun Shi

DOI: https://doi.org/10.1145/3287079

2018-01-01

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies

Abstract:Ad-hoc wireless device pairing enables impromptu interactions in smart spaces, such as resource sharing and remote control. The pairing experience is mainly determined by the device association process, during which users express their pairing intentions between the advertising device and the scanning device. Currently, most wireless devices are associated by selecting the advertiser's name from a list displayed on the scanner's screen, which becomes less efficient and often misplaced as the number of wireless devices increases. In this paper, we propose Tap-to-Pair, a spontaneous device association mechanism that initiates pairing from advertising devices without hardware or firmware modifications. Tapping an area near the advertising device's antenna can change its signal strength. Users can then associate two devices by synchronizing taps on the advertising device with the blinking pattern displayed by the scanning device. By leveraging the wireless transceiver for sensing, Tap-to-Pair does not require additional resources from advertising devices and needs only a binary display (e.g. LED) on scanning devices. We conducted a user study to test users' synchronous tapping ability and demonstrated that Tap-to-Pair can reliably detect users' taps. We ran simulations to optimize parameters for the synchronization recognition algorithm and provide pattern design guidelines. We used a second user study to evaluate the on-chip performance of Tap-to-Pair. The results show that Tap-to-Pair can achieve an overall successful pairing rate of 93.7% with three scanning devices at different distances.

Rong Jin,Liu Shi,Kai Zeng,Amit Pande,Prasant Mohapatra

DOI: https://doi.org/10.1109/cns.2014.6997514

2014-01-01

Abstract:With the prevalence of mobile computing, lots of wireless devices need to establish secure communication on the fly without pre-shared secrets. Device pairing is critical for bootstrapping secure communication between two previously unassociated devices over the wireless channel. Using auxiliary out-of-band channels involving visual, acoustic, tactile or vibrational sensors has been proposed as a feasible option to facilitate device pairing. However, these methods usually require users to perform additional tasks such as copying, comparing, and shaking. It is preferable to have a natural and intuitive pairing method with minimal user tasks. In this paper, we introduce a new method, called MagPairing, for pairing smartphones in close proximity by exploiting correlated magnetometer readings. In MagPairing, users only need to naturally tap the smartphones together for a few seconds without performing any additional operations in authentication and key establishment. Our method exploits the fact that smartphones are equipped with tiny magnets. Highly correlated magnetic field patterns are produced when two smartphones are close to each other. We design MagPairing protocol and implement it on Android smartphones. We conduct extensive simulation and experiments to evaluate MagPairing. Experimental results show that MagPairing can successfully pair two smartphones with 4.5 seconds on average. It is immune to man-in-the-middle attack even when the attacker is a few centimeters away from the pairing devices.

Rong Jin,Liu Shi,Kai Zeng,Amit Pande,Prasant Mohapatra

DOI: https://doi.org/10.1109/tifs.2015.2505626

IF: 7.231

2016-01-01

IEEE Transactions on Information Forensics and Security

Abstract:With the prevalence of mobile computing, lots of wireless devices need to establish secure communication on the fly without pre-shared secrets. Device pairing is critical for bootstrapping secure communication between two previously unassociated devices over the wireless channel. Using auxiliary out-of-band channels involving visual, acoustic, tactile, or vibrational sensors has been proposed as a feasible option to facilitate device pairing. However, these methods usually require users to perform additional tasks, such as copying, comparing, and shaking. It is preferable to have a natural and intuitive pairing method with minimal user tasks. In this paper, we introduce a new method, called MagPairing, for pairing smartphones in close proximity by exploiting correlated magnetometer readings. In MagPairing, users only need to naturally tap the smartphones together for a few seconds without performing any additional operations in authentication and key establishment. Our method exploits the fact that smartphones are equipped with tiny magnets. Highly correlated magnetic field patterns are produced when two smartphones are close to each other. We design MagPairing protocol and implement it on Android smartphones. We conduct extensive simulations and real-world experiments to evaluate MagPairing. Experiments verify that the captured sensor data on which MagPairing is based has high entropy and sufficient length, and is nondisclosure to attackers more than few centimeters away. Usability tests on various kinds of smartphones by totally untrained users show that the whole pairing process needs only 4.5 s on average with more than 90% success rate.

Wenlong Shen,Yu Cheng,Bo Yin,Jin Du,Xianghui Cao

DOI: https://doi.org/10.1109/tvt.2021.3116619

IF: 6.8

2021-01-01

IEEE Transactions on Vehicular Technology

Abstract:Key establishment is one fundamental issue in wireless security. The widely used Diffie-Hellman key exchange is vulnerable to the man-in-the-middle (MITM) attack due to its lack of mutual authentication. This paper presents a novel in-band solution for defending the MITM attack during the key establishment process for wireless devices. Our solution is based on the insight that an attacker inevitably affects the link layer behavior of the wireless channel, and this behavior change introduced by the attacker can be detected by legitimate users. Specifically, we propose a key exchange protocol and its corresponding channel access mechanism for the protocol message transmission, in which the Diffie-Hellman parameter is transmitted multiple times in a row without being interrupted by other data transmissions on the same channel. The proposed key exchange protocol forces the MITM attacker to cause multiple packet collisions consecutively at the receiver side, which can then be monitored by the proposed detection algorithm. The performance of the proposed solution is validated through both analysis and simulations and the results show that the proposed solution is secure against the MITM attack and can achieve a low false positive ratio. The proposed solution is in-band, and can be implemented on off-the-shelf wireless devices.

Zhenge Guo,Zhaobin Liu,Jizhong Zhao,Hui He,Meiya Dong

DOI: https://doi.org/10.1007/978-3-030-00021-9_17

2018-01-01

Abstract:Multi-party applications are becoming popular due to the development of mobile smart devices. In this work, we explore PVKE (Physical Vibration Keyless Entry), a novel pairing mechanism, through which users are able to utilize smart devices to detect a vibration from the smart watch, so as to use information from the vibration to deconstruct security keys. Thus, we perform device pairing without complicated operations. We show that the recognition accuracy of vibration key detection achieves 95% through solid experiments.

Yao Wang,Tao Gu,Yu Zhang,Minjie Lv,Tom H. Luan,Hui Li

DOI: https://doi.org/10.1145/3495243.3558273

2022-01-01

Abstract:We present a secure device pairing approach, called BiTouch, using the human body as a conductor to generate and transmit user-specific pairing keys for advancing touch-to-access policy. BiTouch is designed based on the observation that the human body responds uniquely to electrical signals flowing through it. Built-in microphones on devices are essentially used to capture ambient sound as entropy and convert it into an electrical signal, which is subsequently transmitted by the body for device pairing. We implement BiTouch using off-the-shelf microphones and evaluate it with 31 participants. The results demonstrate that BiTouch ensures the user's legitimacy and key transmission reliability, and achieves a pairing success rate of 97.74% and an equal error rate of 2.28%.

Yao Wang,Tao Gu,Yu Zhang,Minjie Lyu,Tom H. Luan,Hui Li

DOI: https://doi.org/10.1145/3495243.3564146

2022-01-01

Abstract:We present a secure device pairing approach, called BiTouch, using the human body as a conductor to generate and transmit user-specific pairing keys for advancing touch-to-access policy. BiTouch is designed based on the observation that the human body responds uniquely to electrical signals flowing through it. Built-in microphones on devices are essentially used to capture ambient sound as entropy and convert it into an electrical signal, which is subsequently transmitted by the body for device pairing. We implement BiTouch using off-the-shelf microphones and evaluate it with 31 participants. The results demonstrate that BiTouch ensures the user's legitimacy and key transmission reliability, and achieves a pairing success rate of 97.74% and an equal error rate of 2.28%.

Wei Wang,Lin Yang,Qian Zhang

DOI: https://doi.org/10.48550/arXiv.1805.08609

2018-04-27

Abstract:Securely pairing wearables with another device is the key to many promising applications. This paper presents \textit{Touch-And-Guard (TAG)}, a system that uses hand touch as an intuitive manner to establish a secure connection between a wristband wearable and the touched device. It generates secret bits from hand resonant properties, which are obtained using accelerometers and vibration motors. The extracted secret bits are used by both sides to authenticate each other and then communicate confidentially. The ubiquity of accelerometers and motors presents an immediate market for our system. We demonstrate the feasibility of our system using an experimental prototype and conduct experiments involving 12 participants with 1440 trials. The results indicate that we can generate secret bits at a rate of 7.15 bit/s, which is 44% faster than conventional text input PIN authentication.

Cryptography and Security

Huaiyu Jia,Dajiang Chen,Zhidong Xie,Zhiguang Qin

DOI: https://doi.org/10.1108/ijwis-06-2024-0169

2024-01-01

International Journal of Web Information Systems

Abstract:Purpose This paper aims to provide a secure and efficient pairing protocol for two devices. Due to the large amount of data involving sensitive information transmitted in Internet of Things (IoT) devices, generating a secure shared key between smart devices for secure data sharing becomes essential. However, existing smart devices pairing schemes require longer pairing time and are difficult to resist attacks caused by context, as the secure channel is established based on restricted entropy from physical context. Design/methodology/approach This paper proposes a fuzzy smart IoT device pairing protocol via speak to microphone, FS2M. In FS2M, the device pairing is realized from the speaking audio of humans in the environment around the devices, which is easily implemented in the vast majority of Internet products. Specifically, to protect the privacy of secret keys and improve efficiency, this paper presents a single-round pairing protocol by adopting a recently published asymmetric fuzzy encapsulation mechanism (AFEM), which allows devices with similar environmental fingerprints to successfully negotiate the shared key. To instantiate AFEM, this paper presents a construction algorithm, the AFEM-ECC, based on elliptic curve cryptography. Findings This paper analyzes the security of the FS2M and its pairing efficiency with extensive experiments. The results show that the proposed protocol can achieve a secure device pairing between two IoT devices with high efficiency. Originality/value In FS2M, a novel cryptographic primitive (i.e., AFEM-ECC) are designed for IoT device pairing by using a new context-environment (i.e., human voice) . The experimental results show that FS2M has a good performance in both communication cost (i.e., 130 KB) and running time (i.e., 10 S).

Zhenge Guo,Xueguang Gao,Qiang Ma,Jizhong Zhao

DOI: https://doi.org/10.26599/TST.2018.9010085

2018-01-01

Abstract:Multi-party applications are becoming popular due to the development of mobile smart devices. In this work, we explore Secure Device Pairing (SDP), a novel pairing mechanism, which allows users to use smart watches to detect the handshake between users, and use the shaking information to create security keys that are highly random. Thus, we perform device pairing without complicated operations. SDP dynamically adjusts the sensor's sampling frequency and uses different classifiers at varying stages to save the energy. A multi-level quantization algorithm is used to maximize the mutual information between two communicating entities without information leakage. We evaluate the main modules of SDP with 1800 sets of handshake data. Results show that the recognition accuracy of the handshake detection algorithm is 98.2%, and the power consumption is only 1/3 of that of the single sampling frequency classifier.

Wei Xi,Chen Qian,Jinsong Han,Kun Zhao,Sheng Zhong,Xiang-Yang Li,Jizhong Zhao

DOI: https://doi.org/10.1145/2976749.2978298

2016-01-01

Abstract:Device-to-device communication is important to emerging mobile applications such as Internet of Things and mobile social networks. Authentication and key agreement among multiple legitimate devices is the important first step to build a secure communication channel. Existing solutions put the devices into physical proximity and use the common radio environment as a proof of identities and the common secret to agree on a same key. However they experience very slow secret bit generation rate and high errors, requiring several minutes to build a 256-bit key. In this work, we design and implement an authentication and key agreement protocol for mobile devices, called The Dancing Signals (TDS), being extremely fast and error-free. TDS uses channel state information (CSI) as the common secret among legitimate devices. It guarantees that only devices in a close physical proximity can agree on a key and any device outside a certain distance gets nothing about the key. Compared with existing solutions, TDS is very fast and robust, supports group key agreement, and can effectively defend against predictable channel attacks. We implement TDS using commodity off-the-shelf 802.11n devices and evaluate its performance via extensive experiments. Results show that TDS only takes a couple of seconds to make devices agree on a 256-bit secret key with high entropy.

Meng Jin,Xinbing Wang

DOI: https://doi.org/10.1109/ipsn54338.2022.00021

2022-01-01

Abstract:Secure Device-to-Device (D2D) communication is important for the Internet-of-Things (IoT) devices. Key agreement between devices is the important first step in building a secure D2D channel. Due to the lack of third-party certification, key agreement for IoT devices has to rely on the untrusted channel between them, which makes the process vulnerable to attacks such as eavesdropping, jamming, and predictable channel attack. We solve this problem with a novel key agreement method named EchoKey, where two nearby devices can generate symmetric key independently, leveraging the ambient sound signal that can be locally collected by devices. The intuition of this idea is that the propagation delays of the ambient sounds and its echoes will carry fine-grained information about the spatial context of the receiving device, which can be transformed to a special key for that device. So, nearby devices which have similar spatial context will generate similar keys. We implement a prototype of EchoKey and evaluate its performance in resisting different attacks. The results tell that, with EchoKey, the key agreement process is even undetectable by an attacker which is only 50cm away from the pairing devices, and is thus resistant to all attacks mentioned above.

Jiang Zhiping,Qian Chen,Zhao Kun,Chen Shuaiyu,Li Rui,Wang Xu,He Chen,Du Junzhao

DOI: https://doi.org/10.1007/s11036-019-01330-7

2019-01-01

Mobile Networks and Applications

Abstract:Ad hoc connection/pairing among IoT devices will be pervasive in the Next Generation Networking (NGN). However, due to its de-centralized nature, it faces more security challenges. In this paper, we propose a secure key pairing protocol for NGN, VariSecure, to enable confidential communication for smartphones. The idea is to leverage a natural human interaction mode: face-to-face interaction. Two users raise up their smartphones to establish a secure channel based on their similar observations from the view of the smartphones’ cameras. One user acts as the initiator and uses the front-facing camera to snap his/her face. The other user captures the initiator’s face using his/her rear camera. Utilizing the facial appearance as a secret substitution, the initiator delivers a randomly generated key to the other user, thus establishing a confidential communication channel between their devices. VariSecure achieves secure device pairing without the complex operations needed in prior works. We implemented VariSecure on the commercial off-the-shelf (COTS) smart devices. The experimental results show that VariSecure can establish a face-to-face secure pairing in less than 3 seconds.

Congcong Shi,Lei Xie,Chuyu Wang,Peicheng Yang,Yubo Song,Sanglu Lu

DOI: https://doi.org/10.1155/2021/6668478

2021-01-01

Wireless Communications and Mobile Computing

Abstract:In traditional device-to-device (D2D) communication based on wireless channel, identity authentication and spontaneous secure connections between smart devices are essential requirements. In this paper, we propose an imitation-resistant secure pairing framework including authentication and key generation for smart devices, by shaking these devices together. Based on the data collected by multiple sensors of smart devices, these devices can authenticate each other and generate a unique and consistent symmetric key only when they are shaken together. We have conducted comprehensive experimental study on shaking various devices. Based on this study, we have listed several novel observations and extracted important clues for key generation. We propose a series of innovative technologies to generate highly unique and completely randomized symmetric keys among these devices, and the generation process is robust to noise and protects privacy. Our experimental results show that our system can accurately and efficiently generate keys and authenticate each other.