Perils of Zero-Interaction Security in the Internet of Things

@article{Fomichev2019PerilsOZ,
  title={Perils of Zero-Interaction Security in the Internet of Things},
  author={Mikhail Fomichev and Max Maass and Lars Almon and Alejandro Molina and Matthias Hollick},
  journal={Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies},
  year={2019},
  volume={3},
  pages={1 - 38}
}
The Internet of Things (IoT) demands authentication systems which can provide both security and usability. Recent research utilizes the rich sensing capabilities of smart devices to build security schemes operating without human interaction, such as zero-interaction pairing (ZIP) and zero-interaction authentication (ZIA). Prior work proposed a number of ZIP and ZIA schemes and reported promising results. However, those schemes were often evaluated under conditions which do not reflect realistic… 
A Novel Simplified Framework to Secure IoT Communications
TLDR
The zero-trust (ZT) model described in this paper addresses confidentiality, integrity, and authentication triad of cybersecurity while ensuring that the interactions with these devices are seamless.
FastZIP: faster and more secure zero-interaction pairing
TLDR
This work proposes FastZIP, a novel ZIP scheme that significantly reduces pairing time while preventing offline and predictable context attacks, and adapts a recently introduced Fuzzy Password-Authenticated Key Exchange protocol and utilize sensor fusion, maximizing their advantages.
ZERO-INTERACTION SECURITY-TOWARDS SOUND EXPERIMENTAL VALIDATION
TLDR
The challenges encountered when reproducing the work of others, collecting realistic data in the wild, and ensuring that the authors' own work is reproducible in turn are shown, investigating the limits of zero-interaction security (ZIS).
Next2You: Robust Copresence Detection Based on Channel State Information
TLDR
This work proposes Next2You, a novel copresence detection scheme utilizing channel state information (CSI), which leverages magnitude and phase values from a range of subcarriers specifying a Wi-Fi channel to capture a robust wireless context created when devices communicate.
AEROKEY: Using Ambient Electromagnetic Radiation for Secure and Usable Wireless Device Authentication
TLDR
This work presents a novel over-the-air device authentication scheme named AeroKey that achieves both high security and high usability and proposes and implements essential techniques to overcome challenges in realizing AeroKey on low-cost microcontroller units, such as poor time synchronization, lack of precision analog front-end, and inconsistent sampling rates.
SAFER
Users of Internet of Things (IoT) devices are often unaware of their security risks and cannot sufficiently factor security considerations into their device selection. This puts networks,
Short-Range Audio Channels Security: Survey of Mechanisms, Applications, and Research Challenges
TLDR
This paper survey and classify methods, applications, and use-cases rooted on short-range audio channels for the provisioning of security services—including Two-Factor Authentication techniques, pairing solutions, device authorization strategies, defense methodologies, and attack schemes, and point out the strengths and weaknesses deriving from the use of short- range audio channels.
Moonshine: An Online Randomness Distiller for Zero-Involvement Authentication
TLDR
This work explores the information-theoretic capacity of context-based authentication mechanisms to generate random bit strings from environmental noise sources with known properties, and presents an efficient algorithm to improve the quality of keys generated by context- based methods.
SAFER: Development and Evaluation of an IoT Device Risk Assessment Framework in a Multinational Organization
Users of Internet of Things (IoT) devices are often unaware of their security risks and cannot sufficiently factor security considerations into their device selection. This puts networks,
Read Between the Lines: An Empirical Measurement of Sensitive Applications of Voice Personal Assistant Systems
TLDR
An empirical analysis of the third-party applications of Amazon Alexa and Google Home to systematically assess the attack surfaces is performed and a natural language processing tool is developed that classifies a given voice command from two dimensions: whether the voice command is designed to insert action or retrieve information and whether the command is sensitive or nonsensitive.
...
...

References

SHOWING 1-10 OF 40 REFERENCES
Comparing and fusing different sensor modalities for relay attack resistance in Zero-Interaction Authentication
TLDR
This paper systematically investigates the performance of different sensor modalities for co-presence detection with respect to a standard Dolev-Yao adversary, and motivates the need for a stronger adversarial model to characterize an attacker who can compromise the integrity of context sensing itself.
Survey and Systematization of Secure Device Pairing
TLDR
A system model and consistent terminology for SDP schemes are built on the foundation of this survey, which are used to classify existing S DP schemes into a taxonomy that enables their meaningful comparison and analysis, and reveal common systemic security weaknesses among the surveyed schemes.
Context-Based Zero-Interaction Pairing and Key Evolution for Advanced Personal Devices
TLDR
This paper introduces a novel robust and inexpensive approach for fingerprinting contexts over time by having the devices compute a fingerprint of their ambient context using information gathered through commonly available sensor modalities like ambient noise and luminosity.
Instant and Robust Authentication and Key Agreement among Mobile Devices
TLDR
This work design and implement an authentication and key agreement protocol for mobile devices, called The Dancing Signals (TDS), being extremely fast and error-free, and shows that TDS only takes a couple of seconds to make devices agree on a 256-bit secret key with high entropy.
Do You Feel What I Hear? Enabling Autonomous IoT Device Pairing Using Different Sensor Types
TLDR
A new context-based pairing mechanism called Perceptio that uses time as the common factor across differing sensor types and demonstrates the ability to sufficiently distinguish between legitimate devices placed within the boundary and attacker devices (placed outside) by imposing a threshold on fingerprint similarity.
Drone to the Rescue: Relay-Resilient Authentication using Ambient Multi-sensing
TLDR
This work considers WiFi, Bluetooth, GPS and Audio as different contextual modalities for the purpose of relay-resistant authentication as well as utilizing the contextual information to determine proximity.
The Applicability of Ambient Sensors as Proximity Evidence for NFC Transactions
TLDR
It is concluded that no single evaluated mobile ambient sensor is suitable for proximity detection in NFC-based contactless applications in realistic deployment scenarios and identifies a number of potential avenues that may improve their effectiveness.
Context Aware Computing for The Internet of Things: A Survey
TLDR
This paper surveys context awareness from an IoT perspective and addresses a broad range of techniques, methods, models, functionalities, systems, applications, and middleware solutions related to context awareness and IoT.
Secure Communication Based on Ambient Audio
TLDR
This paper experimentally verified the feasibility of the proposed fuzzy-cryptography protocol in four different realistic settings and a laboratory experiment and applies statistical tests to show that the entropy of fingerprints based on ambient audio is high.
Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound
TLDR
A usable and deployable two-factor authentication mechanism that can be easily deployed as it works with current phones and major browsers without plugins, and empirical evidence that ambient noise is a robust discriminant to determine the proximity of two devices both indoors and outdoors, and even if the phone is in a pocket or purse is provided.
...
...