Easy Peasy: A New Handy Method for Pairing Multiple COTS IoT Devices

Context-based paring is a promising direction for pairing IoT devices constrained in user interfaces (UIs). However, it takes a proximate distance or a long time for IoT devices to sense highly correlated context with enough entropy. In this work, we present a fast and secure approach, named MPairing, to pairing multiple commercial off-the-shelf (COTS) IoT devices. This approach is based on the key idea that devices co-located within a physically-secure boundary can perceive qualified context under the help of human-in-the-loop (HITL). Specifically, we leverage received-signal-strength (RSS) trajectory data with manually-generated interference in a short period as the shared secret to achieve fast and secure pairing. Subsequently, the real-time RSS trajectory data is utilized to generate random numbers in lieu of pre-shared key (PSK), which makes our scheme more resistant to background attacks. We theoretically prove the security of our pairing scheme and implement it in real-world environments. Our experimental results demonstrate that our scheme can effectively defend against malicious devices by imposing a threshold on the similarity of RSS trajectory data. The experimental results also show that, compared with the traditional context-based pairing that takes up to 24 hours, in our scheme it takes only 10 seconds on average for a legitimate device to pass the similarity checking, which is efficient and robust.