22 research outputs found
H2B: Heartbeat-based Secret Key Generation Using Piezo Vibration Sensors
We present Heartbeats-2-Bits (H2B), which is a system for securely pairing
wearable devices by generating a shared secret key from the skin vibrations
caused by heartbeat. This work is motivated by potential power saving
opportunity arising from the fact that heartbeat intervals can be detected
energy-efficiently using inexpensive and power-efficient piezo sensors, which
obviates the need to employ complex heartbeat monitors such as
Electrocardiogram or Photoplethysmogram. Indeed, our experiments show that
piezo sensors can measure heartbeat intervals on many different body locations
including chest, wrist, waist, neck and ankle. Unfortunately, we also discover
that the heartbeat interval signal captured by piezo vibration sensors has low
Signal-to-Noise Ratio (SNR) because they are not designed as precision
heartbeat monitors, which becomes the key challenge for H2B. To overcome this
problem, we first apply a quantile function-based quantization method to fully
extract the useful entropy from the noisy piezo measurements. We then propose a
novel Compressive Sensing-based reconciliation method to correct the high bit
mismatch rates between the two independently generated keys caused by low SNR.
We prototype H2B using off-the-shelf piezo sensors and evaluate its performance
on a dataset collected from different body positions of 23 participants. Our
results show that H2B has an overwhelming pairing success rate of 95.6%. We
also analyze and demonstrate H2B's robustness against three types of attacks.
Finally, our power measurements show that H2B is very power-efficient
FastZIP: Faster and More Secure Zero-Interaction Pairing
With the advent of the Internet of Things (IoT), establishing a secure
channel between smart devices becomes crucial. Recent research proposes
zero-interaction pairing (ZIP), which enables pairing without user assistance
by utilizing devices' physical context (e.g., ambient audio) to obtain a shared
secret key. The state-of-the-art ZIP schemes suffer from three limitations: (1)
prolonged pairing time (i.e., minutes or hours), (2) vulnerability to
brute-force offline attacks on a shared key, and (3) susceptibility to attacks
caused by predictable context (e.g., replay attack) because they rely on
limited entropy of physical context to protect a shared key. We address these
limitations, proposing FastZIP, a novel ZIP scheme that significantly reduces
pairing time while preventing offline and predictable context attacks. In
particular, we adapt a recently introduced Fuzzy Password-Authenticated Key
Exchange (fPAKE) protocol and utilize sensor fusion, maximizing their
advantages. We instantiate FastZIP for intra-car device pairing to demonstrate
its feasibility and show how the design of FastZIP can be adapted to other ZIP
use cases. We implement FastZIP and evaluate it by driving four cars for a
total of 800 km. We achieve up to three times shorter pairing time compared to
the state-of-the-art ZIP schemes while assuring robust security with
adversarial error rates below 0.5%.Comment: ACM MobiSys '21 - Code and data at:
https://github.com/seemoo-lab/fastzi
Key Generation for Internet of Things
Key generation is a promising technique to bootstrap secure communications for the Internet of Things devices that have no prior knowledge between each other. In the past few years, a variety of key generation protocols and systems have been proposed. In this survey, we review and categorise recent key generation systems based on a novel taxonomy. Then, we provide both quantitative and qualitative comparisons of existing approaches. We also discuss the security vulnerabilities of key generation schemes and possible countermeasures. Finally, we discuss the current challenges and point out several potential research directions
Key Generation for Internet of Things: A Contemporary Survey
Key generation is a promising technique to bootstrap secure communications for the Internet of Things (IoT) devices that have no prior knowledge between each other. In the past few years, a variety of key generation protocols and systems have been proposed. In this survey, we review and categorise recent key generation systems based on a novel taxonomy. Then, we provide both quantitative and qualitative comparisons of existing approaches. We also discuss the security vulnerabilities of key generation schemes and possible countermeasures. Finally, we discuss the current challenges and point out several potential research directions
Survey and Systematization of Secure Device Pairing
Secure Device Pairing (SDP) schemes have been developed to facilitate secure
communications among smart devices, both personal mobile devices and Internet
of Things (IoT) devices. Comparison and assessment of SDP schemes is
troublesome, because each scheme makes different assumptions about out-of-band
channels and adversary models, and are driven by their particular use-cases. A
conceptual model that facilitates meaningful comparison among SDP schemes is
missing. We provide such a model. In this article, we survey and analyze a wide
range of SDP schemes that are described in the literature, including a number
that have been adopted as standards. A system model and consistent terminology
for SDP schemes are built on the foundation of this survey, which are then used
to classify existing SDP schemes into a taxonomy that, for the first time,
enables their meaningful comparison and analysis.The existing SDP schemes are
analyzed using this model, revealing common systemic security weaknesses among
the surveyed SDP schemes that should become priority areas for future SDP
research, such as improving the integration of privacy requirements into the
design of SDP schemes. Our results allow SDP scheme designers to create schemes
that are more easily comparable with one another, and to assist the prevention
of persisting the weaknesses common to the current generation of SDP schemes.Comment: 34 pages, 5 figures, 3 tables, accepted at IEEE Communications
Surveys & Tutorials 2017 (Volume: PP, Issue: 99
Reliable and Secure Drone-assisted MillimeterWave Communications
The next generation of mobile networks and wireless communication, including the fifth-generation (5G) and beyond, will provide a high data rate as one of its fundamental requirements. Providing high data rates can be accomplished through communication over high-frequency bands such as the Millimeter-Wave(mmWave) one. However, mmWave communication experiences short-range communication, which impacts the overall network connectivity. Improving network connectivity can be accomplished through deploying Unmanned Ariel Vehicles(UAVs), commonly known as drones, which serve as aerial small-cell base stations. Moreover, drone deployment is of special interest in recovering network connectivity in the aftermath of disasters. Despite the potential advantages, drone-assisted networks can be more vulnerable to security attacks, given their limited capabilities. This security vulnerability is especially true in the aftermath of a disaster where security measures could be at their lowest. This thesis focuses on drone-assisted mmWave communication networks with their potential to provide reliable communication in terms of higher network connectivity measures, higher total network data rate, and lower end-to-end delay. Equally important, this thesis focuses on proposing and developing security measures needed for drone-assisted networksâ secure operation. More specifically, we aim to employ a swarm of drones to have more connection, reliability, and secure communication over the mmWave band. Finally, we target both the cellular 5Gnetwork and Ad hoc IEEE802.11ad/ay in typical network deployments as well as in post-disaster circumstances
Perils of Zero-Interaction Security in the Internet of Things
The Internet of Things (IoT) demands authentication systems which can provide both security and usability. Recent research utilizes the rich sensing capabilities of smart devices to build security schemes operating without human interaction, such as zero-interaction pairing (ZIP) and zero-interaction authentication (ZIA). Prior work proposed a number of ZIP and ZIA schemes and reported promising results. However, those schemes were often evaluated under conditions which do not reflect realistic IoT scenarios. In addition, drawing any comparison among the existing schemes is impossible due to the lack of a common public dataset and unavailability of scheme implementations.
In this paper, we address these challenges by conducting the first large-scale comparative study of ZIP and ZIA schemes, carried out under realistic conditions. We collect and release the most comprehensive dataset in the domain to date, containing over 4250 hours of audio recordings and 1 billion sensor readings from three different scenarios, and evaluate five state-of-the-art schemes based on these data. Our study reveals that the effectiveness of the existing proposals is highly dependent on the scenario they are used in. In particular, we show that these schemes are subject to error rates between 0.6% and 52.8%