Skip to main content

COOB: Hybrid Secure Device Pairing Scheme in a Hostile Environment

  • Conference paper
  • First Online:
Security and Privacy in Communication Networks (SecureComm 2020)

Abstract

Due to the scalability limitations, the secure device pairing of Internet of Things objects cannot be efficiently conducted based on traditional cryptographic techniques using a pre-shared security knowledge. The use of Out-of-Band (OoB) channels has been proposed as a way to authenticate the key establishment process but they require a relatively long time and an extensive user involvement to transfer the authentication bits. However, the context-based schemes exploit the randomness of the ambient environment to extract a common secret without an extensive user intervention under the requirement of having a secure perimeter during the extraction phase, which is considered as a strong security assumption.

In this paper, we introduce a novel hybrid scheme, called COOB, that efficiently combines a state-of-the-art fast context-based encoder with our Out-of-Band based scheme. This protocol exploits a nonce exponentiation to achieve the temporary secrecy goal needed for the authentication. Our method provides security against an attacker that can violate the secure perimeter requirement, which is not supported by the existing contextual schemes. This security improvement has been formally validated in the symbolic model using the TAMARIN prover. Based on our implementation of the Out-of-Band channel, COOB enhances the usability by reducing the pairing time up to \(39\%\) for an 80-bit OoB exchange while keeping an optimal protocol cost.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    The TAMARIN model of COOB can be found in https://github.com/samehkhalfaoui/COOB-TAMARIN-model/blob/master/COOB_model.spthy.

References

  1. Akter, S., Chakraborty, T., Khan, T.A., Chellappan, S., Al Islam, A.A.: Can you get into the middle of near field communication? In: 2017 IEEE 42nd Conference on Local Computer Networks (LCN), pp. 365–373. IEEE (2017)

    Google Scholar 

  2. Alliance, W.F.: Wi-fi simple configuration technical specification, version 2.0. 5 (2014)

    Google Scholar 

  3. Balfanz, D., Smetters, D.K., Stewart, P., Wong, H.C.: Talking to strangers: Authentication in ad-hoc wireless networks. In: NDSS. Citeseer (2002)

    Google Scholar 

  4. Bluetooth, S.: Bluetooth core specification v5. 0. Bluetooth Special Interest Group: Kirkland, WA, USA (2016)

    Google Scholar 

  5. Brown, D.R.: Recommended elliptic curve domain parameters. Standards Efficient Cryptogr. Group Ver 1 (2010)

    Google Scholar 

  6. Burrows, M., Abadi, M., Needham, R.M.: A logic of authentication. Proc. Royal Soc. London. A. Math. Phys. Sci. 426(1871), 233–271 (1989)

    Google Scholar 

  7. Claycomb, W.R., Shin, D.: Extending formal analysis of mobile device authentication. J. Internet Serv. Inf. Secur. 1(1), 86–102 (2011)

    Google Scholar 

  8. Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theor. 22(6), 644–654 (2006). https://doi.org/10.1109/TIT.1976.1055638

  9. Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)

    Article  MathSciNet  Google Scholar 

  10. Fomichev, M., Álvarez, F., Steinmetzer, D., Gardner-Stephen, P., Hollick, M.: Survey and systematization of secure device pairing. IEEE Commun. Surv. Tutorials 20(1), 517–550 (2017)

    Article  Google Scholar 

  11. Fomichev, M., Maass, M., Almon, L., Molina, A., Hollick, M.: Perils of zero-interaction security in the internet of things. Proc. ACM Interactive, Mobile, Wearable and Ubiquitous Technol. 3(1), 10 (2019)

    Google Scholar 

  12. Gehrmann, C., Mitchell, C.J., Nyberg, K.: Manual authentication for wireless devices. RSA Cryptobytes 7(1), 29–37 (2004)

    Google Scholar 

  13. Goodrich, M.T., Sirivianos, M., Solis, J., Tsudik, G., Uzun, E.: Loud and clear: human-verifiable authentication based on audio. In: 26th IEEE International Conference on Distributed Computing Systems (ICDCS 2006), p. 10. IEEE (2006)

    Google Scholar 

  14. Halevi, T., Saxena, N.: Acoustic eavesdropping attacks on constrained wireless device pairing. IEEE Trans. Inf. Foren. Secur. 8(3), 563–577 (2013)

    Article  Google Scholar 

  15. Jin, R., Shi, L., Zeng, K., Pande, A., Mohapatra, P.: Magpairing: Pairing smartphones in close proximity using magnetometers. IEEE Trans. Inf. Foren. Security 11(6), 1306–1320 (2015)

    Article  Google Scholar 

  16. Juels, A., Sudan, M.: A fuzzy vault scheme. Designs, Codes and Cryptography 38(2), 237–257 (2006)

    Article  MathSciNet  Google Scholar 

  17. Kainda, R., Flechais, I., Roscoe, A.: Usability and security of out-of-band channels in secure device pairing protocols. In: Proceedings of the 5th Symposium on Usable Privacy and Security, p. 11. ACM (2009)

    Google Scholar 

  18. Karapanos, N., Marforio, C., Soriente, C., Capkun, S.: Sound-proof: usable two-factor authentication based on ambient sound. In: 24th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 15), pp. 483–498 (2015)

    Google Scholar 

  19. Kfir, Z., Wool, A.: Picking virtual pockets using relay attacks on contactless smartcard. In: First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM 2005), pp. 47–58. IEEE (2005)

    Google Scholar 

  20. Kumar, A., Saxena, N., Tsudik, G., Uzun, E.: A comparative study of secure device pairing methods. Pervasive Mob. Comput. 5(6), 734–749 (2009)

    Article  Google Scholar 

  21. Lee, K., Raghunathan, V., Raghunathan, A., Kim, Y.: Syncvibe: fast and secure device pairing through physical vibration on commodity smartphones. In: 2018 IEEE 36th International Conference on Computer Design (ICCD), pp. 234–241. IEEE (2018)

    Google Scholar 

  22. Lowe, G.: A hierarchy of authentication specifications. In: Proceedings 10th Computer Security Foundations Workshop, pp. 31–43. IEEE (1997)

    Google Scholar 

  23. Mathur, S., Miller, R., Varshavsky, A., Trappe, W., Mandayam, N.: Proximate: proximity-based secure pairing using ambient wireless signals. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, pp. 211–224 (2011)

    Google Scholar 

  24. Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_48

    Chapter  Google Scholar 

  25. Mirzadeh, S., Cruickshank, H., Tafazolli, R.: Secure device pairing: a survey. IEEE Commun. Surv. Tutorials 16(1), 17–40 (2013)

    Article  Google Scholar 

  26. Saxena, N., Ekberg, J.E., Kostiainen, K., Asokan, N.: Secure device pairing based on a visual channel. In: 2006 IEEE Symposium on Security and Privacy (S&P’06), pp. 6-pp. IEEE (2006)

    Google Scholar 

  27. Saxena, N., Uddin, M.B., Voris, J., Asokan, N.: Vibrate-to-unlock: Mobile phone assisted user authentication to multiple personal RFID tags. In: 2011 IEEE International Conference on Pervasive Computing and Communications (PerCom), pp. 181–188. IEEE (2011)

    Google Scholar 

  28. Scannell, A., Varshavsky, A., LaMarca, A., De Lara, E.: Proximity-based authentication of mobile devices. Int. J. Secur. Networks 4(1–2), 4–16 (2009)

    Article  Google Scholar 

  29. Schürmann, D., Sigg, S.: Secure communication based on ambient audio. IEEE Trans. Mob. Comput. 12(2), 358–370 (2011)

    Article  Google Scholar 

  30. Sen, J.: Security in wireless sensor networks. Wireless Sensor Netw. Current Status and Future Trends 407, 408 (2012)

    Google Scholar 

  31. Shrestha, B., Saxena, N., Truong, H.T.T., Asokan, N.: Sensor-based proximity detection in the face of active adversaries. IEEE Trans. Mob. Comput. 18(2), 444–457 (2018)

    Article  Google Scholar 

  32. Soriente, C., Tsudik, G., Uzun, E.: HAPADEP: human-assisted pure audio device pairing. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 385–400. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85886-7_27

    Chapter  Google Scholar 

  33. Xi, W., Li, X.Y., Qian, C., Han, J., Tang, S., Zhao, J., Zhao, K.: Keep: fast secret key extraction protocol for d2d communication. In: 2014 IEEE 22nd International Symposium of Quality of Service (IWQoS), pp. 350–359. IEEE (2014)

    Google Scholar 

  34. Xi, W., et al.: Instant and robust authentication and key agreement among mobile devices. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 616–627. ACM (2016)

    Google Scholar 

  35. Zafer, M., Agrawal, D., Srivatsa, M.: Limitations of generating a secret key using wireless fading under active adversary. IEEE/ACM Trans. Networking 20(5), 1440–1451 (2012)

    Article  Google Scholar 

  36. Zhang, B., Ren, K., Xing, G., Fu, X., Wang, C.: Sbvlc: Secure barcode-based visible light communication for smartphones. IEEE Trans. Mob. Comput. 15(2), 432–446 (2015)

    Article  Google Scholar 

Download references

Acknowledgement

This work was supported by the SEIDO lab (The joint research laboratory for Security and Internet of Things between EDF R&D and Télécom Paris.). The authors would like to thank Dr. Ivan GAZEAU for his support in the formal verification of the protocol.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Sameh Khalfaoui .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Khalfaoui, S., Leneutre, J., Villard, A., Ma, J., Urien, P. (2020). COOB: Hybrid Secure Device Pairing Scheme in a Hostile Environment. In: Park, N., Sun, K., Foresti, S., Butler, K., Saxena, N. (eds) Security and Privacy in Communication Networks. SecureComm 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 336. Springer, Cham. https://doi.org/10.1007/978-3-030-63095-9_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-63095-9_27

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-63094-2

  • Online ISBN: 978-3-030-63095-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics