Abstract

Many IoT devices lack the necessary interfaces (keyboards, screens) for entering passwords or changing default ones. For these devices, bootstrapping trust can be challenging. We address the problem of device pairing in the absence of any shared secrets. Pairing is a two-phase process that requires mutual authentication between the two parties and the agreement to a common key that can be used to further bootstrap essential cryptographic mechanisms. We propose a secret-free and in-band trust establishment protocol that achieves the secure pairing of commercial off-the-shelf (COTS) wireless devices with a hub. As compared to the state-of-the-art, our protocol does not require any hardware/firmware modification to the devices, or any out-of-band channels, but can be applied to any COTS device. Furthermore, our protocol is resistant to active signal manipulations attacks that include recently demonstrated signal nullification at an intended receiver. These security properties are achieved in-band with the assistance of a helper device such as a smartphone and by exploiting hard-to-forge signal propagation laws. We perform extensive theoretical analysis to verify the security of the proposed protocol. In addition, we validate our theoretical results with experiments using COTS devices and USRP radios.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.