3 research outputs found
Zero-Interaction Security-Towards Sound Experimental Validation
Reproducibility and realistic datasets are crucial for advancing research. Unfortunately, they are often neglected as valid scientific contributions in many young disciplines, with computer science being no exception. In this article, we show the challenges encountered when reproducing the work of others, collecting realistic data in the wild, and ensuring that our own work is reproducible in turn. The presented findings are based on our study investigating the limits of zero-interaction security (ZIS)- a novel concept, leveraging sensor data collected by Internet of Things (IoT) devices to pair or authenticate devices. In particular, we share our experiences in reproducing five state-of-the-art ZIS schemes, collecting a comprehensive dataset of sensor data from the real world, evaluating these schemes on the collected data, and releasing the data, code, and documentation to facilitate reproducibility of our results
FastZIP: Faster and More Secure Zero-Interaction Pairing
With the advent of the Internet of Things (IoT), establishing a secure
channel between smart devices becomes crucial. Recent research proposes
zero-interaction pairing (ZIP), which enables pairing without user assistance
by utilizing devices' physical context (e.g., ambient audio) to obtain a shared
secret key. The state-of-the-art ZIP schemes suffer from three limitations: (1)
prolonged pairing time (i.e., minutes or hours), (2) vulnerability to
brute-force offline attacks on a shared key, and (3) susceptibility to attacks
caused by predictable context (e.g., replay attack) because they rely on
limited entropy of physical context to protect a shared key. We address these
limitations, proposing FastZIP, a novel ZIP scheme that significantly reduces
pairing time while preventing offline and predictable context attacks. In
particular, we adapt a recently introduced Fuzzy Password-Authenticated Key
Exchange (fPAKE) protocol and utilize sensor fusion, maximizing their
advantages. We instantiate FastZIP for intra-car device pairing to demonstrate
its feasibility and show how the design of FastZIP can be adapted to other ZIP
use cases. We implement FastZIP and evaluate it by driving four cars for a
total of 800 km. We achieve up to three times shorter pairing time compared to
the state-of-the-art ZIP schemes while assuring robust security with
adversarial error rates below 0.5%.Comment: ACM MobiSys '21 - Code and data at:
https://github.com/seemoo-lab/fastzi
Zero-Interaction Security - Towards Sound Experimental Validation
Reproducibility and realistic datasets are crucial for advancing research. Unfortunately, they are often neglected as valid scientific contributions in many young disciplines, with computer science being no exception. In this article, we show the challenges encountered when reproducing the work of others, collecting realistic data in the wild, and ensuring that our own work is reproducible in turn. The presented findings are based on our study investigating the limits of zero-interaction security (ZIS)- a novel concept, leveraging sensor data collected by Internet of Things (IoT) devices to pair or authenticate devices. In particular, we share our experiences in reproducing five state-of-the-art ZIS schemes, collecting a comprehensive dataset of sensor data from the real world, evaluating these schemes on the collected data, and releasing the data, code, and documentation to facilitate reproducibility of our results