Context-based pairing solutions increase the usability of IoT device pairing by eliminating any human involvement in the pairing process. This is possible by utilizing on-board sensors (with same sensing modalities) to capture a common physical context (e.g., ambient sound via each device's microphone). However, in a smart home scenario, it is impractical to assume that all devices will share a common sensing modality. For example, a motion detector is only equipped with an infrared sensor while Amazon Echo only has microphones. In this paper, we develop a new context-based pairing mechanism called Perceptio that uses time as the common factor across differing sensor types. By focusing on the event timing, rather than the specific event sensor data, Perceptio creates event fingerprints that can be matched across a variety of IoT devices. We propose Perceptio based on the idea that devices co-located within a physically secure boundary (e.g., single family house) can observe more events in common over time, as opposed to devices outside. Devices make use of the observed contextual information to provide entropy for Perceptio's pairing protocol. We design and implement Perceptio, and evaluate its effectiveness as an autonomous secure pairing solution. Our implementation demonstrates the ability to sufficiently distinguish between legitimate devices (placed within the boundary) and attacker devices (placed outside) by imposing a threshold on fingerprint similarity. Perceptio demonstrates an average fingerprint similarity of 94.9% between legitimate devices while even a hypothetical impossibly well-performing attacker yields only 68.9% between itself and a valid device.
|Title of host publication||Proceedings - 2018 IEEE Symposium on Security and Privacy, SP 2018|
|Publisher||Institute of Electrical and Electronics Engineers Inc.|
|Number of pages||17|
|Publication status||Published - 2018 Jul 23|
|Event||39th IEEE Symposium on Security and Privacy, SP 2018 - San Francisco, United States|
Duration: 2018 May 21 → 2018 May 23
|Name||Proceedings - IEEE Symposium on Security and Privacy|
|Conference||39th IEEE Symposium on Security and Privacy, SP 2018|
|Period||18/5/21 → 18/5/23|
Bibliographical noteFunding Information:
XI. ACKNOWLEDGEMENTS This research was supported in part by the National Science Foundation (under grants CNS-1645759 and CMMI-1653550), University TransportationCenter, Intel and Google. The views and conclusions contained here are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either express or implied, of CMU, NSF, or the U.S. Government or any of its agencies.
This research was supported in part by the National Science Foundation (under grants CNS-1645759 and CMMI-1653550), University Transportation Center, Intel and Google. The views and conclusions contained here are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either express or implied, of CMU, NSF, or the U.S. Government or any of its agencies.
© 2018 IEEE.
All Science Journal Classification (ASJC) codes
- Safety, Risk, Reliability and Quality
- Computer Networks and Communications