Yao Wang,Tao Gu,Yu Zhang,Minjie Lyu,Tom H. Luan,Hui Li

DOI: https://doi.org/10.1145/3495243.3564146

2022-01-01

Abstract:We present a secure device pairing approach, called BiTouch, using the human body as a conductor to generate and transmit user-specific pairing keys for advancing touch-to-access policy. BiTouch is designed based on the observation that the human body responds uniquely to electrical signals flowing through it. Built-in microphones on devices are essentially used to capture ambient sound as entropy and convert it into an electrical signal, which is subsequently transmitted by the body for device pairing. We implement BiTouch using off-the-shelf microphones and evaluate it with 31 participants. The results demonstrate that BiTouch ensures the user's legitimacy and key transmission reliability, and achieves a pairing success rate of 97.74% and an equal error rate of 2.28%.

Yao Wang,Tao Gu,Yu Zhang,Minjie Lv,Tom H. Luan,Hui Li

DOI: https://doi.org/10.1145/3495243.3558273

2022-01-01

Abstract:We present a secure device pairing approach, called BiTouch, using the human body as a conductor to generate and transmit user-specific pairing keys for advancing touch-to-access policy. BiTouch is designed based on the observation that the human body responds uniquely to electrical signals flowing through it. Built-in microphones on devices are essentially used to capture ambient sound as entropy and convert it into an electrical signal, which is subsequently transmitted by the body for device pairing. We implement BiTouch using off-the-shelf microphones and evaluate it with 31 participants. The results demonstrate that BiTouch ensures the user's legitimacy and key transmission reliability, and achieves a pairing success rate of 97.74% and an equal error rate of 2.28%.

Weixi Gu,Zheng Yang,Longfei Shangguan,Xiaoyu Ji,Yiyang Zhao

DOI: https://doi.org/10.1109/trustcom.2014.34

2014-01-01

Abstract:Near field authentication is of great importance for a range of applications, and has attracted many research efforts in the past decades. Several approaches have been developed and demonstrated their feasibility. The state-of-art works, however, still have much room to improve their automation and usability. First, user assistance is required in most existing approaches, which will be easily observed and imitated by attackers. Second, the authentications of several works heavily depend on special hardware, e.g., Server or high resolution screen, which greatly restricts their application scenarios. In this paper, we present a near field authentication system Tooth that needs little human assistance and is compatible with most smart phones. ToAuth is based on the key insight that the acceleration traces are similar for a pair of smart phones when they are contacting physically and vibrating. The random vibration patterns are sufficiently uncertain to provide high entropy to generate a pair of cryptographic keys yet are inimitable for a third party who does not get in touch with the vibration source. ToAuth leverages the keys to make authentication for smart phones. We implement ToAuth on Android platform and evaluate its performance under various scenarios. Extensive experiments demonstrate ToAuth could achieve around 90% success rate in stable environment, and prevent attacks depended on vibration noise.

Yuchen Miao,Chaojie Gu,Zhenyu Yan,Sze Yiu Chau,Rui Tan,Qi Lin,Wen Hu,Shibo He,Jiming Chen

DOI: https://doi.org/10.1145/3596264

2023-01-01

Abstract:Secure device pairing is important to wearables. Existing solutions either degrade usability due to the need of specific actions like shaking, or they lack universality due to the need of dedicated hardware like electrocardiogram sensors. This paper proposes TouchKey, a symmetric key generation scheme that exploits the skin electric potential (SEP) induced by powerline electromagnetic radiation. The SEP is ubiquitously accessible indoors with analog-to-digital converters widely available on Internet of Things devices. Our measurements show that the SEP has high randomness and the SEPs measured at two close locations on the same human body are similar. Extensive experiments show that TouchKey achieves a high key generation rate of 345 bit/s and an average success rate of 99.29%. Under a range of adversary models including active and passive attacks, TouchKey shows a low false acceptance rate of 0.86%, which outperforms existing solutions. Besides, the overall execution time and energy usage are 0.44 s and 2.716 mJ, which make it suitable for resource-constrained devices.

Wei Wang,Lin Yang,Qian Zhang

DOI: https://doi.org/10.48550/arXiv.1805.08609

2018-04-27

Abstract:Securely pairing wearables with another device is the key to many promising applications. This paper presents \textit{Touch-And-Guard (TAG)}, a system that uses hand touch as an intuitive manner to establish a secure connection between a wristband wearable and the touched device. It generates secret bits from hand resonant properties, which are obtained using accelerometers and vibration motors. The extracted secret bits are used by both sides to authenticate each other and then communicate confidentially. The ubiquity of accelerometers and motors presents an immediate market for our system. We demonstrate the feasibility of our system using an experimental prototype and conduct experiments involving 12 participants with 1440 trials. The results indicate that we can generate secret bits at a rate of 7.15 bit/s, which is 44% faster than conventional text input PIN authentication.

Cryptography and Security

Jafar Pourbemany,Ye Zhu,Riccardo Bettati

DOI: https://doi.org/10.48550/arXiv.2107.11685

2021-07-25

Abstract:With the growth of wearable devices, which are usually constrained in computational power and user interface, this pairing has to be autonomous. Considering devices that do not have prior information about each other, a secure communication should be established by generating a shared secret key derived from a common context between the devices. Context-based pairing solutions increase the usability of wearable device pairing by eliminating any human involvement in the pairing process. This is possible by utilizing onboard sensors (with the same sensing modalities) to capture a common physical context (e.g., body motion, gait, heartbeat, respiration, and EMG signal). A wide range of approaches has been proposed to address autonomous pairing in wearable devices. This paper surveys context-based pairing in wearable devices by focusing on the signals and sensors exploited. We review the steps needed for generating a common key and provide a survey of existing techniques utilized in each step.

Cryptography and Security,Networking and Internet Architecture

Weirong Cui,Chenglie Du,Jinchao Chen

DOI: https://doi.org/10.1007/s11276-017-1588-9

IF: 2.701

2017-01-01

Wireless Networks

Abstract:Wireless device-to-device (D2D) communication, which enables direct communication between co-located devices without Internet access, is becoming common. Simultaneously, security issues have become technical barriers to D2D communication due to its open-air nature and lack of centralized control. Automatically establishing the secure association between wireless devices that do not share a prior trust remains an open and challenging problem. Recent work has proposed to extract shared keys from the similar ambient radio signals of two co-located wireless devices. Using such methods, information reconciliation based on error-correcting techniques is implemented to make two co-located devices extract the same bitstreams as the shared keys from their similar ambient radio environment. However, due to the bounded capability of the error-correcting code, existing methods can only work effectively in a very short distance range. In this paper, we propose a novel solution, called proximity-based secure pairing (PSP), which allows two wireless devices in physical proximity to automatically authenticate each other and obtain shared keys according to the channel state information of the WiFi signals. In contrast to existing methods, PSP is built on private set intersection computation rather than information reconciliation, which makes it effective over a wider distance range while ensuring security and efficiency. We provide a thorough security analysis and performance evaluation of PSP and demonstrate its advantages in terms of security, efficiency and usability over state-of-the-art methods.

Zhenge Guo,Zhaobin Liu,Jizhong Zhao,Hui He,Meiya Dong

DOI: https://doi.org/10.1007/978-3-030-00021-9_17

2018-01-01

Abstract:Multi-party applications are becoming popular due to the development of mobile smart devices. In this work, we explore PVKE (Physical Vibration Keyless Entry), a novel pairing mechanism, through which users are able to utilize smart devices to detect a vibration from the smart watch, so as to use information from the vibration to deconstruct security keys. Thus, we perform device pairing without complicated operations. We show that the recognition accuracy of vibration key detection achieves 95% through solid experiments.

Lin Yang,Wei Wang,Qian Zhang

DOI: https://doi.org/10.1145/2994551.2994556

2016-01-01

Abstract:Forming secure pairing between wearable devices has become an important problem in many scenarios, such as mobile payments and private data transmission. This paper presents EMG-KEY, a system that can securely pair wearable devices by leveraging the electrical activity caused by human muscle contraction, that is, Electromyogram (EMG), to generate a secret key. Such a key can then be used by devices to authenticate each other's physical proximity and communicate confidentially. Extensive evaluation on 10 volunteers under different scenarios demonstrates that our system can achieve a competitive bit generation rate of 5.51 bit/s while maintaining a matching probability of 88.84%. Also, the evaluation results with the presence of adversaries demonstrate our system is secure to strong attackers who can eavesdrop on proximate wireless communication, capture and imitate legitimate pairing process with the help of camera.

Wei Wang,Lin Yang,Qian Zhang

DOI: https://doi.org/10.1145/2971648.2971688

2016-01-01

Abstract:Securely pairing wearables with another device is the key to many promising applications, such as mobile payment, sensitive data transfer and secure interactions with smart home devices. This paper presents Touch-And-Guard (TAG), a system that uses hand touch as an intuitive manner to establish a secure connection between a wristband wearable and the touched device. It generates secret bits from hand resonant properties, which are obtained using accelerometers and vibration motors. The extracted secret bits are used by both sides to authenticate each other and then communicate confidentially. The ubiquity of accelerometers and motors presents an immediate market for our system. We demonstrate the feasibility of our system using an experimental prototype and conduct experiments involving 12 participants with 1440 trials. The results indicate that we can generate secret bits at a rate of 7.84 bit/s, which is 58% faster than conventional text input PIN authentication. We also show that our system is resistant to acoustic eavesdroppers in proximity.

Yaqi He,Kai Zeng,Long Jiao,Brian L. Mark,Khaled N. Khasawneh

DOI: https://doi.org/10.1145/3643833.3656127

2024-05-06

Abstract:Wireless device pairing is a critical security mechanism to bootstrap the secure communication between two devices without a pre-shared secret. It has been widely used in many Internet of Things (IoT) applications, such as smart-home and smart-health. Most existing device pairing mechanisms are based on out-of-band channels, e.g., extra sensors or hardware, to validate the proximity of pairing devices. However, out-of-band channels are not universal across all wireless devices, so such a scheme is limited to certain application scenarios or conditions. On the other hand, in-band channel-based device pairing seeks universal applicability by only relying on wireless interfaces. Existing in-band channel-based pairing schemes either require multiple antennas separated by a good distance on one pairing device, which is not feasible in certain scenarios, or require users to repeat multiple sweeps, which is not optimal in terms of usability.

Cryptography and Security,Networking and Internet Architecture

Yang Gao,Yincheng Jin,Jagmohan Chauhan,Seokmin Choi,Jiyang Li,Zhanpeng Jin

DOI: https://doi.org/10.1145/3448113

2021-01-01

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies

Abstract:With the rapid growth of wearable computing and increasing demand for mobile authentication scenarios, voiceprint-based authentication has become one of the prevalent technologies and has already presented tremendous potentials to the public. However, it is vulnerable to voice spoofing attacks (e.g., replay attacks and synthetic voice attacks). To address this threat, we propose a new biometric authentication approach, named EarPrint, which aims to extend voiceprint and build a hidden and secure user authentication scheme on earphones. EarPrint builds on the speaking-induced body sound transmission from the throat to the ear canal, i.e., different users will have different body sound conduction patterns on both sides of ears. As the first exploratory study, extensive experiments on 23 subjects show the EarPrint is robust against ambient noises and body motions. EarPrint achieves an Equal Error Rate (EER) of 3.64% with 75 seconds enrollment data. We also evaluate the resilience of EarPrint against replay attacks. A major contribution of EarPrint is that it leverages two-level uniqueness, including the body sound conduction from the throat to the ear canal and the body asymmetry between the left and the right ears, taking advantage of earphones' paring form-factor. Compared with other mobile and wearable biometric modalities, EarPrint is a low-cost, accurate, and secure authentication solution for earphone users.

Alexander Gallego,Nitesh Saxena,Jonathan Voris

DOI: https://doi.org/10.48550/arXiv.1005.0657

2010-05-05

Cryptography and Security

Abstract:The secure "pairing" of wireless devices based on auxiliary or out-of-band (OOB) communication, such as audio, visual, or tactile channels, is a well-established research direction. However, prior work shows that this approach to pairing can be prone to human errors of different forms that may directly or indirectly translate into man-in-the-middle attacks. To address this problem, we propose a general direction of the use of computer games for pairing. Since games are a popular means of entertainment, our hypothesis is that they may serve as an incentive to users and make the pairing process enjoyable for them, thus improving the usability, as well as the security, of the pairing process. We consider an emerging use case of pairing whereby two different users are involved, each in possession of his or her own device (e.g., Alice and Bob pairing their smartphones for social interactions). We develop "Alice Says," a pairing game based on a popular memory game called Simon (Says), and discuss the underlying design challenges. We also present a preliminary evaluation of Alice Says via a usability study and demonstrate its feasibility in terms of usability and security. Our results indicate that overall Alice Says was deemed as a fun and an enjoyable way to pair devices, confirming our hypothesis. However, contrary to our intuition, the relatively slower speed of Alice Says pairing was found to be a cause of concern and prompts the need for the design of faster pairing games. We put forth several ways in which this issue can be ameliorated. In addition, we also discuss several other security problems which are lacking optimal solutions and suggest ideas on how entertainment can be used to improve the current state of the art solutions that have been developed to address them.

Rong Jin,Liu Shi,Kai Zeng,Amit Pande,Prasant Mohapatra

DOI: https://doi.org/10.1109/cns.2014.6997514

2014-01-01

Abstract:With the prevalence of mobile computing, lots of wireless devices need to establish secure communication on the fly without pre-shared secrets. Device pairing is critical for bootstrapping secure communication between two previously unassociated devices over the wireless channel. Using auxiliary out-of-band channels involving visual, acoustic, tactile or vibrational sensors has been proposed as a feasible option to facilitate device pairing. However, these methods usually require users to perform additional tasks such as copying, comparing, and shaking. It is preferable to have a natural and intuitive pairing method with minimal user tasks. In this paper, we introduce a new method, called MagPairing, for pairing smartphones in close proximity by exploiting correlated magnetometer readings. In MagPairing, users only need to naturally tap the smartphones together for a few seconds without performing any additional operations in authentication and key establishment. Our method exploits the fact that smartphones are equipped with tiny magnets. Highly correlated magnetic field patterns are produced when two smartphones are close to each other. We design MagPairing protocol and implement it on Android smartphones. We conduct extensive simulation and experiments to evaluate MagPairing. Experimental results show that MagPairing can successfully pair two smartphones with 4.5 seconds on average. It is immune to man-in-the-middle attack even when the attacker is a few centimeters away from the pairing devices.

Huaiyu Jia,Dajiang Chen,Zhidong Xie,Zhiguang Qin

DOI: https://doi.org/10.1108/ijwis-06-2024-0169

2024-01-01

International Journal of Web Information Systems

Abstract:Purpose This paper aims to provide a secure and efficient pairing protocol for two devices. Due to the large amount of data involving sensitive information transmitted in Internet of Things (IoT) devices, generating a secure shared key between smart devices for secure data sharing becomes essential. However, existing smart devices pairing schemes require longer pairing time and are difficult to resist attacks caused by context, as the secure channel is established based on restricted entropy from physical context. Design/methodology/approach This paper proposes a fuzzy smart IoT device pairing protocol via speak to microphone, FS2M. In FS2M, the device pairing is realized from the speaking audio of humans in the environment around the devices, which is easily implemented in the vast majority of Internet products. Specifically, to protect the privacy of secret keys and improve efficiency, this paper presents a single-round pairing protocol by adopting a recently published asymmetric fuzzy encapsulation mechanism (AFEM), which allows devices with similar environmental fingerprints to successfully negotiate the shared key. To instantiate AFEM, this paper presents a construction algorithm, the AFEM-ECC, based on elliptic curve cryptography. Findings This paper analyzes the security of the FS2M and its pairing efficiency with extensive experiments. The results show that the proposed protocol can achieve a secure device pairing between two IoT devices with high efficiency. Originality/value In FS2M, a novel cryptographic primitive (i.e., AFEM-ECC) are designed for IoT device pairing by using a new context-environment (i.e., human voice) . The experimental results show that FS2M has a good performance in both communication cost (i.e., 130 KB) and running time (i.e., 10 S).

Zhiping Jiang,Rui Li,Kun Zhao,Shuaiyu Chen

DOI: https://doi.org/10.1007/978-3-030-00021-9_2

2018-01-01

Abstract:In this paper, we propose a secure key pairing system, FaceMatch, to enable confidential communication for smartphones. The idea is to leverage a natural human interaction mode: face-to-face interaction. Two users raise up their smartphones to establish a secure channel based on their similar observations via the smartphones' cameras. One user acts as the initiator and uses the front-facing camera to snap his/her face. The other user captures the initiator's face using his/her rear camera. Utilizing the facial appearance as a secret substitution, the initiator delivers a randomly generated key to the other user. Based on this key, two users establish a confidential communication channel between their devices. FaceMatch achieves secure device pairing without the complex operations needed in prior works. We implemented FaceMatch using off-the-shelf iPhones. The experimental results show that FaceMatch can establish a 128-bit encrypted connection in less than 3 s.

Zhenge Guo,Xueguang Gao,Qiang Ma,Jizhong Zhao

DOI: https://doi.org/10.26599/TST.2018.9010085

2018-01-01

Abstract:Multi-party applications are becoming popular due to the development of mobile smart devices. In this work, we explore Secure Device Pairing (SDP), a novel pairing mechanism, which allows users to use smart watches to detect the handshake between users, and use the shaking information to create security keys that are highly random. Thus, we perform device pairing without complicated operations. SDP dynamically adjusts the sensor's sampling frequency and uses different classifiers at varying stages to save the energy. A multi-level quantization algorithm is used to maximize the mutual information between two communicating entities without information leakage. We evaluate the main modules of SDP with 1800 sets of handshake data. Results show that the recognition accuracy of the handshake detection algorithm is 98.2%, and the power consumption is only 1/3 of that of the single sampling frequency classifier.

Zhaoyang Zhang,Honggang Wang,Athanasios V. Vasilakos,Hua Fang

DOI: https://doi.org/10.4108/icst.bodynets.2013.253689

2013-01-01

Abstract:Wireless Body Area Networks (WBANs) are the core of components of future m-Health system and is playing a crucial role in healthcare applications. A key requirement for such applications is secure communications between body sensors. This paper presents a novel key agreement scheme which allows wireless body sensors in WBANs to share a common key generated using wireless channel information. Unlike traditional biometric based security approach, the proposed key agreement does not need extra hardware, which can secure data communications in a plug-n-play manner. Our experimental results show that the proposed scheme is feasible for WBANs.

Rong Jin,Liu Shi,Kai Zeng,Amit Pande,Prasant Mohapatra

DOI: https://doi.org/10.1109/tifs.2015.2505626

IF: 7.231

2016-01-01

IEEE Transactions on Information Forensics and Security

Abstract:With the prevalence of mobile computing, lots of wireless devices need to establish secure communication on the fly without pre-shared secrets. Device pairing is critical for bootstrapping secure communication between two previously unassociated devices over the wireless channel. Using auxiliary out-of-band channels involving visual, acoustic, tactile, or vibrational sensors has been proposed as a feasible option to facilitate device pairing. However, these methods usually require users to perform additional tasks, such as copying, comparing, and shaking. It is preferable to have a natural and intuitive pairing method with minimal user tasks. In this paper, we introduce a new method, called MagPairing, for pairing smartphones in close proximity by exploiting correlated magnetometer readings. In MagPairing, users only need to naturally tap the smartphones together for a few seconds without performing any additional operations in authentication and key establishment. Our method exploits the fact that smartphones are equipped with tiny magnets. Highly correlated magnetic field patterns are produced when two smartphones are close to each other. We design MagPairing protocol and implement it on Android smartphones. We conduct extensive simulations and real-world experiments to evaluate MagPairing. Experiments verify that the captured sensor data on which MagPairing is based has high entropy and sufficient length, and is nondisclosure to attackers more than few centimeters away. Usability tests on various kinds of smartphones by totally untrained users show that the whole pairing process needs only 4.5 s on average with more than 90% success rate.

Meng Jin,Xinbing Wang

DOI: https://doi.org/10.1109/ipsn54338.2022.00021

2022-01-01

Abstract:Secure Device-to-Device (D2D) communication is important for the Internet-of-Things (IoT) devices. Key agreement between devices is the important first step in building a secure D2D channel. Due to the lack of third-party certification, key agreement for IoT devices has to rely on the untrusted channel between them, which makes the process vulnerable to attacks such as eavesdropping, jamming, and predictable channel attack. We solve this problem with a novel key agreement method named EchoKey, where two nearby devices can generate symmetric key independently, leveraging the ambient sound signal that can be locally collected by devices. The intuition of this idea is that the propagation delays of the ambient sounds and its echoes will carry fine-grained information about the spatial context of the receiving device, which can be transformed to a special key for that device. So, nearby devices which have similar spatial context will generate similar keys. We implement a prototype of EchoKey and evaluate its performance in resisting different attacks. The results tell that, with EchoKey, the key agreement process is even undetectable by an attacker which is only 50cm away from the pairing devices, and is thus resistant to all attacks mentioned above.