research-article

Context-Based Zero-Interaction Pairing and Key Evolution for Advanced Personal Devices

Authors:

Markus Miettinen,

Thien Duc Nguyen,

Ahmad-Reza Sadeghi,

Majid SobhaniAuthors Info & Claims

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

Pages 880 - 891

https://doi.org/10.1145/2660267.2660334

Published: 03 November 2014 Publication History

Abstract

Solutions for pairing devices without prior security associations typically require users to actively take part in the pairing process of the devices. Scenarios involving new types of devices like Internet-of-Things (IoT) appliances and wearable devices make it, however, desirable to be able to pair users' personal devices without user involvement. In this paper, we present a new approach for secure zero-interaction pairing suitable for IoT and wearable devices.

We primarily require pairing to happen between "correct" devices -- the devices that the user intends to pair. Our pairing scheme identifies the correct devices based on measuring sustained co-presence over time. We do this by having the devices compute a fingerprint of their ambient context using information gathered through commonly available sensor modalities like ambient noise and luminosity. We introduce a novel robust and inexpensive approach for fingerprinting contexts over time. Co-present devices will observe roughly similar context fingerprints that we use in a key evolution protocol to gradually increase the confidence in the authenticity of the correct devices. Our experiments show the effectiveness of this approach for zero-interaction pairing.

References

[1]

D. Balfanz, D. K. Smetters, P. Stewart, and H. C. Wong. Talking to strangers: Authentication in ad-hoc wireless networks. In Proc. Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA, Feb. 2002.

[2]

H. Chan, A. Perrig, and D. Song. Random key predistribution schemes for sensor networks. In Proc. 2003 IEEE Symposium on Security and Privacy, pages 197{213, May 2003.

Digital Library

[3]

Y. Dodis, J. Katz, L. Reyzin, and A. Smith. Robust fuzzy extractors and authenticated key agreement from close secrets. In C. Dwork, editor, Advances in Cryptology - CRYPTO 2006, volume 4117 of Lecture Notes in Computer Science, pages 232--250. Springer Berlin Heidelberg, 2006.

Digital Library

[4]

D. Dolev and A. C. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, 29(2):198--208, Mar 1983.

Digital Library

[5]

J.-E. Ekberg. Key establishment in constrained devices. graduate seminar paper in T-110.7290 - Research Seminar on Network Security, Oct. 2006. http://www.tcs.hut.fi/Studies/T-79.7001/2006AUT/seminar-papers/Ekberg-paper-final.pdf.

[6]

L. Eschenauer and V. D. Gligor. A key-management scheme for distributed sensor networks. In Proc. 9th ACM Conference on Computer and Communications Security, CCS'02, pages 41--47, New York, NY, USA, 2002. ACM.

Digital Library

[7]

Gartner. Gartner says by 2017, mobile users will provide personalized data streams to more than 100 apps and services every day, Jan. 2014. http://www.gartner.com/newsroom/id/2654115 {Referenced 2014-04--28}.

[8]

Gartner. Gartner says the internet of things installed base will grow to 26 billion units by 2020, 2014. http://www.gartner.com/newsroom/id/2636073 {Referenced on 2014-04--28}.

[9]

A. Juels and M. Sudan. A fuzzy vault scheme. Designs, Codes and Cryptography, 38(2):237--257, 2006.

Digital Library

[10]

D. Liu, P. Ning, and R. Li. Establishing pairwise keys in distributed sensor networks. ACM Trans. Inf. Syst. Secur., 8(1):41--77, Feb. 2005.

Digital Library

[11]

A. Narayanan, N. Thiagarajan, M. Lakhani, M. Hamburg, and D. Boneh. Location privacy via private proximity testing. In Proc. Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA, Feb. 2011.

[12]

Nest Labs. Nest thermostat and nest smoke and CO alarm, 2014. http://nest.com/ {Referenced on 2014-04--28}.

[13]

Oral-B. ORAL-B R debuts world's first available interactive electric toothbrush at mobile wold congress 2014, 2014. http://connectedtoothbrush.com/ {Referenced 2014-04--28}.

[14]

Quirky. Spotter multipurpose sensor, 2014. https://www.quirky.com/shop/609-spotter-multi-purpose-sensor {Referenced 2014-04--28}.

[15]

I. Reed and G. Solomon. Polynomial codes over certain finite fields. Journal of the Society for Industrial and Applied Mathematics, 8(2):300--304, 1960.

[16]

D. Schürmann and S. Sigg. Secure communication based on ambient audio. IEEE Transactions on Mobile Computing, 12(2):358--370, Feb 2013.

Digital Library

[17]

J. Suomalainen, J. Valkonen, and N. Asokan. Security associations in personal networks: A comparative analysis. In F. Stajano, C. Meadows, S. Capkun, and T. Moore, editors, Security and Privacy in Ad-hoc and Sensor Networks, volume 4572 of Lecture Notes in Computer Science, pages 43--57. Springer Berlin Heidelberg, 2007.

Digital Library

[18]

P. Traynor, R. Kumar, H. Choi, G. Cao, S. Zhu, and T. La Porta. Efficient hybrid security mechanisms for heterogeneous sensor networks. IEEE Transactions on Mobile Computing, 6(6):663--677, June 2007.

Digital Library

[19]

H. T. T. Truong, X. Gao, B. Shrestha, N. Saxena, N. Asokan, and P. Nurmi. Comparing and fusing different sensor modalities for relay attack resistance in zero-interaction authentication. In IEEE Int. Conf. on Pervasive Computing and Communications (PerCom), Budapest, Hungary, Mar. 2014.

[20]

A. Varshavsky, A. Scannell, A. LaMarca, and E. Lara. Amigo: Proximity-based authentication of mobile devices. In J. Krumm, G. Abowd, A. Seneviratne, and T. Strang, editors, UbiComp 2007: Ubiquitous Computing, volume 4717 of Lecture Notes in Computer Science, pages 253--270. Springer Berlin Heidelberg, 2007.

Digital Library

[21]

Vigilant. Vigilant unveils smart IoT innovation for diabetic patients, Feb. 2014. http://vigilant.ch/en/News/Company_News/2014/0221/53.html {Referenced 2014-08--23}.

[22]

T. D. Wu. The secure remote password protocol. In Proc. Network and Distributed Systems Security Symposium (NDSS), pages 97--111, San Diego, CA, USA, Mar. 1998.

Cited By

Xu ZLi JPan YLi MLazos L(2025)Harvesting Physical-Layer Randomness in Millimeter Wave BandsIEEE Transactions on Mobile Computing10.1109/TMC.2024.349987624:3(2285-2300)Online publication date: Mar-2025
https://doi.org/10.1109/TMC.2024.3499876
Gray DMehrnezhad M(2025)PhotonKey: A key pairing system for IoT resource and input constrained devices using light sensorsJournal of Information Security and Applications10.1016/j.jisa.2024.10392689(103926)Online publication date: Mar-2025
https://doi.org/10.1016/j.jisa.2024.103926
Rehman ULee SChua TNgo CKumar RLauw HKa-Wei Lee R(2024)One-shot Pairing and Authentication Using Moms SecretCompanion Proceedings of the ACM Web Conference 202410.1145/3589335.3651542(770-773)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589335.3651542
Show More Cited By

Index Terms

Context-Based Zero-Interaction Pairing and Key Evolution for Advanced Personal Devices
1. Security and privacy
  1. Security services
    1. Authentication

Recommendations

Pairing-based non-interactive zero-knowledge proofs
Pairing'10: Proceedings of the 4th international conference on Pairing-based cryptography

A non-interactive zero-knowledge proof permits the construction of a proof of the truth of a statement that reveals nothing else but the fact that the statement is true. Non-interactive zero-knowledge proofs are used in the construction of numerous ...
New constructions in pairing-based cryptography
Certificateless Proxy Re-Encryption Without Pairing: Revisited
SCC '15: Proceedings of the 3rd International Workshop on Security in Cloud Computing

Proxy Re-Encryption was introduced by Blaze, Bleumer and Strauss to efficiently solve the problem of delegation of decryption rights. In proxy re-encryption, a semi-honest proxy transforms a ciphertext intended for Alice to a ciphertext of the same ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

November 2014

1592 pages

ISBN:9781450329576

DOI:10.1145/2660267

General Chair:
Gail-Joon Ahn
Arizona State University, USA
,
Program Chairs:
Moti Yung
Google -- Columbia University, USA
,
Ninghui Li
Purdue University, USA

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'14

Sponsor:

SIGSAC

CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security

November 3 - 7, 2014

Arizona, Scottsdale, USA

Acceptance Rates

CCS '14 Paper Acceptance Rate 114 of 585 submissions, 19%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

98
Total Citations
View Citations
1,319
Total Downloads

Downloads (Last 12 months)39
Downloads (Last 6 weeks)2

Reflects downloads up to 28 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Xu ZLi JPan YLi MLazos L(2025)Harvesting Physical-Layer Randomness in Millimeter Wave BandsIEEE Transactions on Mobile Computing10.1109/TMC.2024.349987624:3(2285-2300)Online publication date: Mar-2025
https://doi.org/10.1109/TMC.2024.3499876
Gray DMehrnezhad M(2025)PhotonKey: A key pairing system for IoT resource and input constrained devices using light sensorsJournal of Information Security and Applications10.1016/j.jisa.2024.10392689(103926)Online publication date: Mar-2025
https://doi.org/10.1016/j.jisa.2024.103926
Rehman ULee SChua TNgo CKumar RLauw HKa-Wei Lee R(2024)One-shot Pairing and Authentication Using Moms SecretCompanion Proceedings of the ACM Web Conference 202410.1145/3589335.3651542(770-773)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589335.3651542
Yang HLi ZLuo CWei BXu W(2024)InaudibleKey2.0: Deep Learning-Empowered Mobile Device Pairing Protocol Based on Inaudible Acoustic SignalsIEEE/ACM Transactions on Networking10.1109/TNET.2024.340778332:5(4160-4174)Online publication date: Oct-2024
https://doi.org/10.1109/TNET.2024.3407783
Wei BXu WLuo CZhang J(2024)FaceFinger: Embracing Variance for Heartbeat Based Symmetric Key Generation SystemIEEE Transactions on Mobile Computing10.1109/TMC.2024.344026323:12(14218-14232)Online publication date: Dec-2024
https://doi.org/10.1109/TMC.2024.3440263
Wu CZeng Q(2024)Turning Noises to Fingerprint-Free “Credentials”: Secure and Usable Drone AuthenticationIEEE Transactions on Mobile Computing10.1109/TMC.2024.337350323:10(10161-10174)Online publication date: Oct-2024
https://doi.org/10.1109/TMC.2024.3373503
Cao HLiu DJiang HLuo J(2024)MagSign: Harnessing Dynamic Magnetism for User Authentication on IoT DevicesIEEE Transactions on Mobile Computing10.1109/TMC.2022.321685123:1(597-611)Online publication date: Jan-2024
https://doi.org/10.1109/TMC.2022.3216851
Ahlgren IWest JLee KThiruvathukal GKlingensmith N(2024)A Signal Injection Attack Against Zero Involvement Pairing and Authentication for the Internet of Things2024 IEEE Workshop on Design Automation for CPS and IoT (DESTION)10.1109/DESTION62938.2024.00008(9-15)Online publication date: 13-May-2024
https://doi.org/10.1109/DESTION62938.2024.00008
Wang XRao SZhang L(2024)Optimizing secure multimedia communication in embedded systems a parallel convolutional neural network approach to RIS and D2D resource allocationScientific Reports10.1038/s41598-024-73374-z14:1Online publication date: 10-Oct-2024
https://doi.org/10.1038/s41598-024-73374-z
Park SSeo CWang XLee YSeo S(2024)Exclusively in-store: Acoustic location authentication for stationary business devicesJournal of Network and Computer Applications10.1016/j.jnca.2024.104028(104028)Online publication date: Sep-2024
https://doi.org/10.1016/j.jnca.2024.104028
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten