2018 IEEE Symposium on Security and Privacy (SP) (2018)
San Francisco, CA, US
May 21, 2018 to May 23, 2018
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SP.2018.00041
Jun Han , Carnegie Mellon University
Albert Jin Chung , Carnegie Mellon University
Manal Kumar Sinha , Carnegie Mellon University
Madhumitha Harishankar , Carnegie Mellon University
Shijia Pan , Carnegie Mellon University
Hae Young Noh , Carnegie Mellon University
Pei Zhang , Carnegie Mellon University
Patrick Tague , Carnegie Mellon University
Context-based pairing solutions increase the usability of IoT device pairing by eliminating any human involvement in the pairing process. This is possible by utilizing on-board sensors (with same sensing modalities) to capture a common physical context (e.g., ambient sound via each device's microphone). However, in a smart home scenario, it is impractical to assume that all devices will share a common sensing modality. For example, a motion detector is only equipped with an infrared sensor while Amazon Echo only has microphones. In this paper, we develop a new context-based pairing mechanism called Perceptio that uses time as the common factor across differing sensor types. By focusing on the event timing, rather than the specific event sensor data, Perceptio creates event fingerprints that can be matched across a variety of IoT devices. We propose Perceptio based on the idea that devices co-located within a physically secure boundary (e.g., single family house) can observe more events in common over time, as opposed to devices outside. Devices make use of the observed contextual information to provide entropy for Perceptio's pairing protocol. We design and implement Perceptio, and evaluate its effectiveness as an autonomous secure pairing solution. Our implementation demonstrates the ability to sufficiently distinguish between legitimate devices (placed within the boundary) and attacker devices (placed outside) by imposing a threshold on fingerprint similarity. Perceptio demonstrates an average fingerprint similarity of 94.9% between legitimate devices while even a hypothetical impossibly well-performing attacker yields only 68.9% between itself and a valid device.
security-of-sensing-systems, context-based-pairing, secure-pairing, IoT-security
J. Han et al., "Do You Feel What I Hear? Enabling Autonomous IoT Device Pairing using Different Sensor Types," 2018 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, US, , pp. 678-694.