Abstract
Due to the scalability limitations, the secure device pairing of Internet of Things objects cannot be efficiently conducted based on traditional cryptographic techniques using a pre-shared security knowledge. The use of Out-of-Band (OoB) channels has been proposed as a way to authenticate the key establishment process but they require a relatively long time and an extensive user involvement to transfer the authentication bits. However, the context-based schemes exploit the randomness of the ambient environment to extract a common secret without an extensive user intervention under the requirement of having a secure perimeter during the extraction phase, which is considered as a strong security assumption.
In this paper, we introduce a novel hybrid scheme, called COOB, that efficiently combines a state-of-the-art fast context-based encoder with our Out-of-Band based scheme. This protocol exploits a nonce exponentiation to achieve the temporary secrecy goal needed for the authentication. Our method provides security against an attacker that can violate the secure perimeter requirement, which is not supported by the existing contextual schemes. This security improvement has been formally validated in the symbolic model using the TAMARIN prover. Based on our implementation of the Out-of-Band channel, COOB enhances the usability by reducing the pairing time up to \(39\%\) for an 80-bit OoB exchange while keeping an optimal protocol cost.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The TAMARIN model of COOB can be found in https://github.com/samehkhalfaoui/COOB-TAMARIN-model/blob/master/COOB_model.spthy.
References
Akter, S., Chakraborty, T., Khan, T.A., Chellappan, S., Al Islam, A.A.: Can you get into the middle of near field communication? In: 2017 IEEE 42nd Conference on Local Computer Networks (LCN), pp. 365–373. IEEE (2017)
Alliance, W.F.: Wi-fi simple configuration technical specification, version 2.0. 5 (2014)
Balfanz, D., Smetters, D.K., Stewart, P., Wong, H.C.: Talking to strangers: Authentication in ad-hoc wireless networks. In: NDSS. Citeseer (2002)
Bluetooth, S.: Bluetooth core specification v5. 0. Bluetooth Special Interest Group: Kirkland, WA, USA (2016)
Brown, D.R.: Recommended elliptic curve domain parameters. Standards Efficient Cryptogr. Group Ver 1 (2010)
Burrows, M., Abadi, M., Needham, R.M.: A logic of authentication. Proc. Royal Soc. London. A. Math. Phys. Sci. 426(1871), 233–271 (1989)
Claycomb, W.R., Shin, D.: Extending formal analysis of mobile device authentication. J. Internet Serv. Inf. Secur. 1(1), 86–102 (2011)
Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theor. 22(6), 644–654 (2006). https://doi.org/10.1109/TIT.1976.1055638
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)
Fomichev, M., Álvarez, F., Steinmetzer, D., Gardner-Stephen, P., Hollick, M.: Survey and systematization of secure device pairing. IEEE Commun. Surv. Tutorials 20(1), 517–550 (2017)
Fomichev, M., Maass, M., Almon, L., Molina, A., Hollick, M.: Perils of zero-interaction security in the internet of things. Proc. ACM Interactive, Mobile, Wearable and Ubiquitous Technol. 3(1), 10 (2019)
Gehrmann, C., Mitchell, C.J., Nyberg, K.: Manual authentication for wireless devices. RSA Cryptobytes 7(1), 29–37 (2004)
Goodrich, M.T., Sirivianos, M., Solis, J., Tsudik, G., Uzun, E.: Loud and clear: human-verifiable authentication based on audio. In: 26th IEEE International Conference on Distributed Computing Systems (ICDCS 2006), p. 10. IEEE (2006)
Halevi, T., Saxena, N.: Acoustic eavesdropping attacks on constrained wireless device pairing. IEEE Trans. Inf. Foren. Secur. 8(3), 563–577 (2013)
Jin, R., Shi, L., Zeng, K., Pande, A., Mohapatra, P.: Magpairing: Pairing smartphones in close proximity using magnetometers. IEEE Trans. Inf. Foren. Security 11(6), 1306–1320 (2015)
Juels, A., Sudan, M.: A fuzzy vault scheme. Designs, Codes and Cryptography 38(2), 237–257 (2006)
Kainda, R., Flechais, I., Roscoe, A.: Usability and security of out-of-band channels in secure device pairing protocols. In: Proceedings of the 5th Symposium on Usable Privacy and Security, p. 11. ACM (2009)
Karapanos, N., Marforio, C., Soriente, C., Capkun, S.: Sound-proof: usable two-factor authentication based on ambient sound. In: 24th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 15), pp. 483–498 (2015)
Kfir, Z., Wool, A.: Picking virtual pockets using relay attacks on contactless smartcard. In: First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM 2005), pp. 47–58. IEEE (2005)
Kumar, A., Saxena, N., Tsudik, G., Uzun, E.: A comparative study of secure device pairing methods. Pervasive Mob. Comput. 5(6), 734–749 (2009)
Lee, K., Raghunathan, V., Raghunathan, A., Kim, Y.: Syncvibe: fast and secure device pairing through physical vibration on commodity smartphones. In: 2018 IEEE 36th International Conference on Computer Design (ICCD), pp. 234–241. IEEE (2018)
Lowe, G.: A hierarchy of authentication specifications. In: Proceedings 10th Computer Security Foundations Workshop, pp. 31–43. IEEE (1997)
Mathur, S., Miller, R., Varshavsky, A., Trappe, W., Mandayam, N.: Proximate: proximity-based secure pairing using ambient wireless signals. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, pp. 211–224 (2011)
Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_48
Mirzadeh, S., Cruickshank, H., Tafazolli, R.: Secure device pairing: a survey. IEEE Commun. Surv. Tutorials 16(1), 17–40 (2013)
Saxena, N., Ekberg, J.E., Kostiainen, K., Asokan, N.: Secure device pairing based on a visual channel. In: 2006 IEEE Symposium on Security and Privacy (S&P’06), pp. 6-pp. IEEE (2006)
Saxena, N., Uddin, M.B., Voris, J., Asokan, N.: Vibrate-to-unlock: Mobile phone assisted user authentication to multiple personal RFID tags. In: 2011 IEEE International Conference on Pervasive Computing and Communications (PerCom), pp. 181–188. IEEE (2011)
Scannell, A., Varshavsky, A., LaMarca, A., De Lara, E.: Proximity-based authentication of mobile devices. Int. J. Secur. Networks 4(1–2), 4–16 (2009)
Schürmann, D., Sigg, S.: Secure communication based on ambient audio. IEEE Trans. Mob. Comput. 12(2), 358–370 (2011)
Sen, J.: Security in wireless sensor networks. Wireless Sensor Netw. Current Status and Future Trends 407, 408 (2012)
Shrestha, B., Saxena, N., Truong, H.T.T., Asokan, N.: Sensor-based proximity detection in the face of active adversaries. IEEE Trans. Mob. Comput. 18(2), 444–457 (2018)
Soriente, C., Tsudik, G., Uzun, E.: HAPADEP: human-assisted pure audio device pairing. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 385–400. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85886-7_27
Xi, W., Li, X.Y., Qian, C., Han, J., Tang, S., Zhao, J., Zhao, K.: Keep: fast secret key extraction protocol for d2d communication. In: 2014 IEEE 22nd International Symposium of Quality of Service (IWQoS), pp. 350–359. IEEE (2014)
Xi, W., et al.: Instant and robust authentication and key agreement among mobile devices. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 616–627. ACM (2016)
Zafer, M., Agrawal, D., Srivatsa, M.: Limitations of generating a secret key using wireless fading under active adversary. IEEE/ACM Trans. Networking 20(5), 1440–1451 (2012)
Zhang, B., Ren, K., Xing, G., Fu, X., Wang, C.: Sbvlc: Secure barcode-based visible light communication for smartphones. IEEE Trans. Mob. Comput. 15(2), 432–446 (2015)
Acknowledgement
This work was supported by the SEIDO lab (The joint research laboratory for Security and Internet of Things between EDF R&D and Télécom Paris.). The authors would like to thank Dr. Ivan GAZEAU for his support in the formal verification of the protocol.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Khalfaoui, S., Leneutre, J., Villard, A., Ma, J., Urien, P. (2020). COOB: Hybrid Secure Device Pairing Scheme in a Hostile Environment. In: Park, N., Sun, K., Foresti, S., Butler, K., Saxena, N. (eds) Security and Privacy in Communication Networks. SecureComm 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 336. Springer, Cham. https://doi.org/10.1007/978-3-030-63095-9_27
Download citation
DOI: https://doi.org/10.1007/978-3-030-63095-9_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-63094-2
Online ISBN: 978-3-030-63095-9
eBook Packages: Computer ScienceComputer Science (R0)