TY - JOUR
T1 - Easy Peasy
T2 - A New Handy Method for Pairing Multiple COTS IoT Devices
AU - Ye, Heng
AU - Zeng, Qiang
AU - Liu, Jiqiang
AU - Du, Xiaojiang
AU - Wang, Wei
N1 - Publisher Copyright:
© 2004-2012 IEEE.
PY - 2023/7/1
Y1 - 2023/7/1
N2 - Context-based paring is a promising direction for pairing IoT devices constrained in user interfaces (UIs). However, it takes a proximate distance or a long time for IoT devices to sense highly correlated context with enough entropy. In this work, we present a fast and secure approach, named MPairing, to pairing multiple commercial off-the-shelf (COTS) IoT devices. This approach is based on the key idea that devices co-located within a physically-secure boundary can perceive qualified context under the help of human-in-the-loop (HITL). Specifically, we leverage received-signal-strength (RSS) trajectory data with manually-generated interference in a short period as the shared secret to achieve fast and secure pairing. Subsequently, the real-time RSS trajectory data is utilized to generate random numbers in lieu of pre-shared key (PSK), which makes our scheme more resistant to background attacks. We theoretically prove the security of our pairing scheme and implement it in real-world environments. Our experimental results demonstrate that our scheme can effectively defend against malicious devices by imposing a threshold on the similarity of RSS trajectory data. The experimental results also show that, compared with the traditional context-based pairing that takes up to 24 hours, in our scheme it takes only 10 seconds on average for a legitimate device to pass the similarity checking, which is efficient and robust.
AB - Context-based paring is a promising direction for pairing IoT devices constrained in user interfaces (UIs). However, it takes a proximate distance or a long time for IoT devices to sense highly correlated context with enough entropy. In this work, we present a fast and secure approach, named MPairing, to pairing multiple commercial off-the-shelf (COTS) IoT devices. This approach is based on the key idea that devices co-located within a physically-secure boundary can perceive qualified context under the help of human-in-the-loop (HITL). Specifically, we leverage received-signal-strength (RSS) trajectory data with manually-generated interference in a short period as the shared secret to achieve fast and secure pairing. Subsequently, the real-time RSS trajectory data is utilized to generate random numbers in lieu of pre-shared key (PSK), which makes our scheme more resistant to background attacks. We theoretically prove the security of our pairing scheme and implement it in real-world environments. Our experimental results demonstrate that our scheme can effectively defend against malicious devices by imposing a threshold on the similarity of RSS trajectory data. The experimental results also show that, compared with the traditional context-based pairing that takes up to 24 hours, in our scheme it takes only 10 seconds on average for a legitimate device to pass the similarity checking, which is efficient and robust.
KW - IoT pairing
KW - human-in-the-loop
KW - multiple devices
UR - http://www.scopus.com/inward/record.url?scp=85136902365&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85136902365&partnerID=8YFLogxK
U2 - 10.1109/TDSC.2022.3199383
DO - 10.1109/TDSC.2022.3199383
M3 - Article
AN - SCOPUS:85136902365
SN - 1545-5971
VL - 20
SP - 3483
EP - 3494
JO - IEEE Transactions on Dependable and Secure Computing
JF - IEEE Transactions on Dependable and Secure Computing
IS - 4
ER -