With the advent of the Internet of Things (IoT), establishing a secure channel between smart devices becomes crucial. Recent research proposes zero-interaction pairing (ZIP), which enables pairing without user assistance by utilizing devices' physical context (e.g., ambient audio) to obtain a shared secret key. The state-of-the-art ZIP schemes suffer from three limitations: (1) prolonged pairing time (i.e., minutes or hours), (2) vulnerability to brute-force offline attacks on a shared key, and (3) susceptibility to attacks caused by predictable context (e.g., replay attack) because they rely on limited entropy of physical context to protect a shared key. We address these limitations, proposing FastZIP, a novel ZIP scheme that significantly reduces pairing time while preventing offline and predictable context attacks. In particular, we adapt a recently introduced Fuzzy Password-Authenticated Key Exchange (fPAKE) protocol and utilize sensor fusion, maximizing their advantages. We instantiate FastZIP for intra-car device pairing to demonstrate its feasibility and show how the design of FastZIP can be adapted to other ZIP use cases. We implement FastZIP and evaluate it by driving four cars for a total of 800 km. We achieve up to three times shorter pairing time compared to the state-of-the-art ZIP schemes while assuring robust security with adversarial error rates below 0.5%.
|Title of host publication||MobiSys 2021 - Proceedings of the 19th Annual International Conference on Mobile Systems, Applications, and Services|
|Publisher||Association for Computing Machinery, Inc|
|Number of pages||13|
|Publication status||Published - 2021 Jun 24|
|Event||19th ACM International Conference on Mobile Systems, Applications, and Services, MobiSys 2021 - Virtual, Online, United States|
Duration: 2021 Jun 24 → 2021 Jul 2
|Name||MobiSys 2021 - Proceedings of the 19th Annual International Conference on Mobile Systems, Applications, and Services|
|Conference||19th ACM International Conference on Mobile Systems, Applications, and Services, MobiSys 2021|
|Period||21/6/24 → 21/7/2|
Bibliographical noteFunding Information:
We thank our shepherd and our anonymous reviewers for their insightful comments that helped to improve this paper. We also thank Max Maass and Arne Brüsch for their assistance in conducting this research. This work has been co-funded by the Research Council of Norway as part of the project Parrot (311197) as well as the German Federal Ministry of Education and Research and the Hessian Ministry of Higher Education, Research, Science and the Arts within their joint support of the National Research Center for Applied Cybersecurity ATHENE. Jun Han and Julia Hesse are co-corresponding authors of this work.
© 2021 ACM.
All Science Journal Classification (ASJC) codes
- Computer Networks and Communications
- Computer Science Applications