H2B: Heartbeat-based Secret Key Generation Using Piezo Vibration Sensors

We present Heartbeats-2-Bits (H2B), which is a system for securely pairing wearable devices by generating a shared secret key from the skin vibrations caused by heartbeat. This work is motivated by potential power saving opportunity arising from the fact that heartbeat intervals can be detected energy-efficiently using inexpensive and power-efficient piezo sensors, which obviates the need to employ complex heartbeat monitors such as Electrocardiogram or Photoplethysmogram. Indeed, our experiments show that piezo sensors can measure heartbeat intervals on many different body locations including chest, wrist, waist, neck and ankle. Unfortunately, we also discover that the heartbeat interval signal captured by piezo vibration sensors has low Signal-to-Noise Ratio (SNR) because they are not designed as precision heartbeat monitors, which becomes the key challenge for H2B. To overcome this problem, we first apply a quantile function-based quantization method to fully extract the useful entropy from the noisy piezo measurements. We then propose a novel Compressive Sensing-based reconciliation method to correct the high bit mismatch rates between the two independently generated keys caused by low SNR. We prototype H2B using off-the-shelf piezo sensors and evaluate its performance on a dataset collected from different body positions of 23 participants. Our results show that H2B has an overwhelming pairing success rate of 95.6%. We also analyze and demonstrate H2B's robustness against three types of attacks. Finally, our power measurements show that H2B is very power-efficient

FastZIP: Faster and More Secure Zero-Interaction Pairing

With the advent of the Internet of Things (IoT), establishing a secure channel between smart devices becomes crucial. Recent research proposes zero-interaction pairing (ZIP), which enables pairing without user assistance by utilizing devices' physical context (e.g., ambient audio) to obtain a shared secret key. The state-of-the-art ZIP schemes suffer from three limitations: (1) prolonged pairing time (i.e., minutes or hours), (2) vulnerability to brute-force offline attacks on a shared key, and (3) susceptibility to attacks caused by predictable context (e.g., replay attack) because they rely on limited entropy of physical context to protect a shared key. We address these limitations, proposing FastZIP, a novel ZIP scheme that significantly reduces pairing time while preventing offline and predictable context attacks. In particular, we adapt a recently introduced Fuzzy Password-Authenticated Key Exchange (fPAKE) protocol and utilize sensor fusion, maximizing their advantages. We instantiate FastZIP for intra-car device pairing to demonstrate its feasibility and show how the design of FastZIP can be adapted to other ZIP use cases. We implement FastZIP and evaluate it by driving four cars for a total of 800 km. We achieve up to three times shorter pairing time compared to the state-of-the-art ZIP schemes while assuring robust security with adversarial error rates below 0.5%.Comment: ACM MobiSys '21 - Code and data at: https://github.com/seemoo-lab/fastzi

Key Generation for Internet of Things

Key generation is a promising technique to bootstrap secure communications for the Internet of Things devices that have no prior knowledge between each other. In the past few years, a variety of key generation protocols and systems have been proposed. In this survey, we review and categorise recent key generation systems based on a novel taxonomy. Then, we provide both quantitative and qualitative comparisons of existing approaches. We also discuss the security vulnerabilities of key generation schemes and possible countermeasures. Finally, we discuss the current challenges and point out several potential research directions

Key Generation for Internet of Things: A Contemporary Survey

Key generation is a promising technique to bootstrap secure communications for the Internet of Things (IoT) devices that have no prior knowledge between each other. In the past few years, a variety of key generation protocols and systems have been proposed. In this survey, we review and categorise recent key generation systems based on a novel taxonomy. Then, we provide both quantitative and qualitative comparisons of existing approaches. We also discuss the security vulnerabilities of key generation schemes and possible countermeasures. Finally, we discuss the current challenges and point out several potential research directions

Survey and Systematization of Secure Device Pairing

Secure Device Pairing (SDP) schemes have been developed to facilitate secure communications among smart devices, both personal mobile devices and Internet of Things (IoT) devices. Comparison and assessment of SDP schemes is troublesome, because each scheme makes different assumptions about out-of-band channels and adversary models, and are driven by their particular use-cases. A conceptual model that facilitates meaningful comparison among SDP schemes is missing. We provide such a model. In this article, we survey and analyze a wide range of SDP schemes that are described in the literature, including a number that have been adopted as standards. A system model and consistent terminology for SDP schemes are built on the foundation of this survey, which are then used to classify existing SDP schemes into a taxonomy that, for the first time, enables their meaningful comparison and analysis.The existing SDP schemes are analyzed using this model, revealing common systemic security weaknesses among the surveyed SDP schemes that should become priority areas for future SDP research, such as improving the integration of privacy requirements into the design of SDP schemes. Our results allow SDP scheme designers to create schemes that are more easily comparable with one another, and to assist the prevention of persisting the weaknesses common to the current generation of SDP schemes.Comment: 34 pages, 5 figures, 3 tables, accepted at IEEE Communications Surveys & Tutorials 2017 (Volume: PP, Issue: 99

Reliable and Secure Drone-assisted MillimeterWave Communications

The next generation of mobile networks and wireless communication, including the fifth-generation (5G) and beyond, will provide a high data rate as one of its fundamental requirements. Providing high data rates can be accomplished through communication over high-frequency bands such as the Millimeter-Wave(mmWave) one. However, mmWave communication experiences short-range communication, which impacts the overall network connectivity. Improving network connectivity can be accomplished through deploying Unmanned Ariel Vehicles(UAVs), commonly known as drones, which serve as aerial small-cell base stations. Moreover, drone deployment is of special interest in recovering network connectivity in the aftermath of disasters. Despite the potential advantages, drone-assisted networks can be more vulnerable to security attacks, given their limited capabilities. This security vulnerability is especially true in the aftermath of a disaster where security measures could be at their lowest. This thesis focuses on drone-assisted mmWave communication networks with their potential to provide reliable communication in terms of higher network connectivity measures, higher total network data rate, and lower end-to-end delay. Equally important, this thesis focuses on proposing and developing security measures needed for drone-assisted networks’ secure operation. More specifically, we aim to employ a swarm of drones to have more connection, reliability, and secure communication over the mmWave band. Finally, we target both the cellular 5Gnetwork and Ad hoc IEEE802.11ad/ay in typical network deployments as well as in post-disaster circumstances

Perils of Zero-Interaction Security in the Internet of Things

The Internet of Things (IoT) demands authentication systems which can provide both security and usability. Recent research utilizes the rich sensing capabilities of smart devices to build security schemes operating without human interaction, such as zero-interaction pairing (ZIP) and zero-interaction authentication (ZIA). Prior work proposed a number of ZIP and ZIA schemes and reported promising results. However, those schemes were often evaluated under conditions which do not reflect realistic IoT scenarios. In addition, drawing any comparison among the existing schemes is impossible due to the lack of a common public dataset and unavailability of scheme implementations. In this paper, we address these challenges by conducting the first large-scale comparative study of ZIP and ZIA schemes, carried out under realistic conditions. We collect and release the most comprehensive dataset in the domain to date, containing over 4250 hours of audio recordings and 1 billion sensor readings from three different scenarios, and evaluate five state-of-the-art schemes based on these data. Our study reveals that the effectiveness of the existing proposals is highly dependent on the scenario they are used in. In particular, we show that these schemes are subject to error rates between 0.6% and 52.8%