research-article

Perils of Zero-Interaction Security in the Internet of Things

Authors:

Mikhail Fomichev,

Alejandro Molina,

Matthias HollickAuthors Info & Claims

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, Volume 3, Issue 1

Article No.: 10, Pages 1 - 38

https://doi.org/10.1145/3314397

Published: 29 March 2019 Publication History

Abstract

The Internet of Things (IoT) demands authentication systems which can provide both security and usability. Recent research utilizes the rich sensing capabilities of smart devices to build security schemes operating without human interaction, such as zero-interaction pairing (ZIP) and zero-interaction authentication (ZIA). Prior work proposed a number of ZIP and ZIA schemes and reported promising results. However, those schemes were often evaluated under conditions which do not reflect realistic IoT scenarios. In addition, drawing any comparison among the existing schemes is impossible due to the lack of a common public dataset and unavailability of scheme implementations.

In this paper, we address these challenges by conducting the first large-scale comparative study of ZIP and ZIA schemes, carried out under realistic conditions. We collect and release the most comprehensive dataset in the domain to date, containing over 4250 hours of audio recordings and 1 billion sensor readings from three different scenarios, and evaluate five state-of-the-art schemes based on these data. Our study reveals that the effectiveness of the existing proposals is highly dependent on the scenario they are used in. In particular, we show that these schemes are subject to error rates between 0.6% and 52.8%.

Supplementary Material

fomichev (fomichev.zip)

Supplemental movie, appendix, image and software files for, Perils of Zero-Interaction Security in the Internet of Things

Download
7.23 MB

References

[1]

ANSI/ASA S1.11 2004. Specification for Octave-Band and Fractional-Octave-Band Analog and Digital Filters. Standard. American National Standards Institute.

[2]

Fabien C. Y. Benureau and Nicolas P. Rougier. 2018. Re-run, Repeat, Reproduce, Reuse, Replicate: Transforming Code into Scientific Contributions. Frontiers in Neuroinformatics 11 (2018), 69.

[3]

Leo Breiman. 2001. Random Forests. Machine Learning 45, 1 (2001), 5--32.

Digital Library

[4]

Arne Brüsch, Ngu Nguyen, Dominik Schürmann, Stephan Sigg, and Lars Wolf. 2018. On the Secrecy of Publicly Observable Biometric Features: Security Properties of Gait for Mobile Device Pairing. CoRR abs/1804.03997 (2018).

[5]

Mahmoud Elkhodr, Seyed Shahrestani, and Hon Cheung. 2016. The Internet of Things: New Interoperability, Management and Security Challenges. International Journal of Network Security and its Applications 8, 2 (2016), 85--102.

[6]

Manuel Fernández-Delgado, Eva Cernadas, Senén Barro, and Dinani Amorim. 2014. Do We Need Hundreds of Classifiers to Solve Real World Classification Problems. J. Mach. Learn. Res 15, 1 (2014), 3133--3181.

Digital Library

[7]

Mikhail Fomichev, Flor Álvarez, Daniel Steinmetzer, Paul Gardner-Stephen, and Matthias Hollick. 2018. Survey and Systematization of Secure Device Pairing. IEEE Communications Surveys Tutorials 20, 1 (2018), 517--550.

[8]

Mikhail Fomichev, Max Maass, Lars Almon, Alejandro Molina, and Matthias Hollick. 2019. Audio Data from Mobile Scenario from "Perils of Zero-Interaction Security in the Internet of Things".

[9]

Mikhail Fomichev, Max Maass, Lars Almon, Alejandro Molina, and Matthias Hollick. 2019. Index of Supplementary Files from "Perils of Zero-Interaction Security in the Internet of Things".

[10]

Jerome H Friedman. 2001. Greedy Function Approximation: a Gradient Boosting Machine. Annals of statistics (2001), 1189--1232.

[11]

Futurae Technologies AG. 2017. Futurae Authentication Suite. https://www.futurae.com/product/strongauth/ {Online, Accessed 2018-04-25}.

[12]

Mark A Hall, Eibe Frank, Geoffrey Holmes, Bernhard Pfahringer, Peter Reutemann, and Ian H Witten. 2009. The WEKA Data Mining Software: an Update. SIGKDD Explorations 11, 1 (2009), 10--18.

Digital Library

[13]

Jun Han, Albert Jin Chung, Manal Kumar Sinha, Madhumitha Harishankar, Shijia Pan, Hae Young Noh, Pei Zhang, and Patrick Tague. 2018. Do You Feel What I Hear? Enabling Autonomous IoT Device Pairing Using Different Sensor Types. In 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 836--852.

[14]

Nikolaos Karapanos, Claudio Marforio, Claudio Soriente, and Srdjan Capkun. 2015. Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound. In USENIX Security Symposium. 483--498.

Digital Library

[15]

Chucri A. Kardous and Peter B. Shaw. 2014. Evaluation of Smartphone Sound Measurement Applications. The Journal of the Acoustical Society of America 135, 4 (apr 2014), EL186--EL192.

[16]

C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas. 2017. DDoS in the IoT: Mirai and Other Botnets. Computer 50, 7 (2017), 80--84.

Digital Library

[17]

Hong Lu, Wei Pan, Nicholas D. Lane, Tanzeem Choudhury, and Andrew T. Campbell. 2009. SoundSense: Scalable Sound Sensing for People-Centric Applications on Mobile Phones. In Proceedings of the 7th international conference on Mobile systems, applications, and services - Mobisys '09. ACM Press, New York, New York, USA, 165.

Digital Library

[18]

Nicolas Maisonneuve, Matthias Stevens, Maria E. Niessen, and Luc Steels. 2009. NoiseTube: Measuring and Mapping Noise Pollution with Mobile Phones. In Information technologies in environmental engineering. Springer, 215--228.

[19]

Shrirang Mare, Andrés Molina Markham, Cory Cornelius, Ronald Peterson, and David Kotz. 2014. Zebra: Zero-effort Bilateral Recurring Authentication. In Security and Privacy (SP), 2014 IEEE Symposium on. IEEE, 705--720.

Digital Library

[20]

Markus Miettinen, N Asokan, Thien Duc Nguyen, Ahmad-Reza Sadeghi, and Majid Sobhani. 2014. Context-based Zero-Interaction Pairing and Key Evolution for Advanced Personal Devices. In ACM Conference on Computer and Communications Security (CCS). ACM, 880--891.

Digital Library

[21]

Emiliano Miluzzo, Michela Papandrea, Nicholas D Lane, Hong Lu, and Andrew T Campbell. 2010. Pocket, Bag, Hand, etc. - Automatically Detecting Phone Context through Discovery. PhoneSense 2010: International Workshop on Sensing for App Phones (November 2, 2010), held at ACM SenSys '10 (Zurich, Switzerland, November 2-5, 2010) (2010), 21--25.

[22]

Charith Perera, Arkady Zaslavsky, Peter Christen, and Dimitrios Georgakopoulos. 2014. Context Aware Computing for the Internet of Things: A Survey. IEEE communications surveys & tutorials 16, 1 (2014), 414--454.

[23]

Dominik Schürmann, Arne Brüsch, Stephan Sigg, and Lars Wolf. 2017. BANDANA - Body Area Network Device-to-device Authentication Using Natural gAit. In IEEE International Conference on Pervasive Computing and Communications (PerCom). IEEE, 190--196.

[24]

Dominik Schürmann and Stephan Sigg. 2013. Secure Communication Based on Ambient Audio. IEEE Transactions on mobile computing 12 (2013), 358--370.

Digital Library

[25]

Carlton Shepherd, Iakovos Gurulian, Eibe Frank, Konstantinos Markantonakis, Raja Naeem Akram, Emmanouil Panaousis, and Keith Mayes. 2017. The Applicability of Ambient Sensors as Proximity Evidence for NFC Transactions. In 2017 IEEE Security and Privacy Workshops (SPW). IEEE, 179--188.

[26]

Babins Shrestha, Manar Mohamed, and Nitesh Saxena. 2016. Walk-Unlock: Zero-Interaction Authentication Protected with Multi-Modal Gait Biometrics. CoRR abs/1605.00766 (2016).

[27]

Babins Shrestha, Manar Mohamed, Sandeep Tamrakar, and Nitesh Saxena. 2016. Theft-Resilient Mobile Wallets: Transparently Authenticating NFC Users with Tapping Gesture Biometrics. In Proceedings of the 32nd Annual Conference on Computer Security Applications. ACM, 265--276.

Digital Library

[28]

Babins Shrestha, Nitesh Saxena, Hien Thi Thu Truong, and N Asokan. 2014. Drone to the Rescue: Relay-resilient Authentication Using Ambient Multi-Sensing. In International Conference on Financial Cryptography and Data Security (FC). Springer, 349--364.

[29]

Babins Shrestha, Nitesh Saxena, Hien Thi Thu Truong, and N Asokan. 2018. Sensor-based Proximity Detection in the Face of Active Adversaries. IEEE Transactions on Mobile Computing (2018).

[30]

Babins Shrestha, Maliheh Shirvanian, Prakash Shrestha, and Nitesh Saxena. 2016. The Sounds of the Phones: Dangers of Zero-Effort Second Factor Login based on Ambient Audio. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 908--919.

Digital Library

[31]

Stephan Sigg. 2011. Context-based Security: State of the Art, Open Research Topics and a Case Study. In Proceedings of the 5th ACM International Workshop on Context-Awareness for Self-Managing Systems. ACM, 17--23.

Digital Library

[32]

Fei Tang and Hemant Ishwaran. 2017. Random Forest Missing Data Algorithms. Statistical Analysis and Data Mining: The ASA Data Science Journal 10, 6 (2017), 363--377.

[33]

The H2O.ai team. 2015. H2O: Scalable Machine Learning. http://www.h2o.ai version 3.1.0.99999 {Online, Accessed 2018-04-25}.

[34]

The MathWorks, Inc. 2018. Bandpass IIR Filter. https://mathworks.com/help/signal/ref/designfilt.html {Online, Accessed 2018-04-25}.

[35]

The MathWorks, Inc. 2018. Cross-correlation. https://mathworks.com/help/signal/ref/xcorr.html#bual1fd-maxlag {Online, Accessed 2018-04-25}.

[36]

Hien Thi Thu Truong, Xiang Gao, Babins Shrestha, Nitesh Saxena, N Asokan, and Petteri Nurmi. 2014. Comparing and Fusing Different Sensor Modalities for Relay Attack Resistance in Zero-Interaction Authentication. In IEEE International Conference on Pervasive Computing and Communications (PerCom). IEEE, 163--171.

[37]

Geoffrey I. Webb. 1999. Decision Tree Grafting from the All-tests-but-one Partition. In Proceedings of the 16th International Joint Conference on Artificial Intelligence - Volume 2 (IJCAI'99). Morgan Kaufmann Publishers Inc., San Francisco, CA, USA, 702--707.

Digital Library

[38]

Geoffrey I. Webb. 2000. MultiBoosting: A Technique for Combining Boosting and Wagging. Machine Learning 40, 2 (2000), 159--196.

Digital Library

[39]

Wei Xi, Chen Qian, Jinsong Han, Kun Zhao, Sheng Zhong, Xiang-Yang Li, and Jizhong Zhao. 2016. Instant and Robust Authentication and Key Agreement among Mobile Devices. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 616--627.

Digital Library

Cited By

Rehman ULee SChua TNgo CKumar RLauw HKa-Wei Lee R(2024)One-shot Pairing and Authentication Using Moms SecretCompanion Proceedings of the ACM on Web Conference 202410.1145/3589335.3651542(770-773)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589335.3651542
Fomichev MLippert THollick M(2023)Hardening and Speeding Up Zero-interaction Pairing and AuthenticationProceedings of the 2023 International Conference on embedded Wireless Systems and Networks10.5555/3639940.3639974(262-273)Online publication date: 15-Dec-2023
https://dl.acm.org/doi/10.5555/3639940.3639974
Lee KYang YPrabhune OChithra AWest JFawaz KKlingensmith NBanerjee SKim Y(2022)AEROKEYProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/35172546:1(1-29)Online publication date: 29-Mar-2022
https://dl.acm.org/doi/10.1145/3517254
Show More Cited By

Index Terms

Perils of Zero-Interaction Security in the Internet of Things
1. Security and privacy
  1. Security services
    1. Authentication
      1. Multi-factor authentication

Recommendations

A new provably secure certificateless signature scheme for Internet of Things
Abstract
With the rapid popularization of Internet of Things (IoT) in various fields, the security of the IoT has been widely concerned. Security authentication technology is the foundation of the security of the IoT. Certificateless signature, ...
A secure and efficient certificateless signature scheme for Internet of Things
Abstract
The Internet of Things (IoT) is a new technological innovation, which makes things intelligent and our life more convenient. To ensure secure communication between smart objects in the IoT, certificateless signature is a feasible ...
A comprehensive survey of authentication methods in Internet-of-Things and its conjunctions
Abstract
Internet of Thing (IoT) is one of the most influential technologies in the present time. People, processes, and things are connected with the Internet through IoT. With the increasing demands of user applications, the number of ...
Graphical abstract

Display Omitted
Highlights
- We show the evolution of the authentication solutions for IoTs.
- We consider the ...

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies Volume 3, Issue 1

March 2019

786 pages

EISSN:2474-9567

DOI:10.1145/3323054

Issue’s Table of Contents

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 March 2019

Accepted: 01 January 2019

Revised: 01 November 2018

Received: 01 August 2018

Published in IMWUT Volume 3, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
703
Total Downloads

Downloads (Last 12 months)47
Downloads (Last 6 weeks)1

Reflects downloads up to

Other Metrics

View Author Metrics

Citations

Cited By

Rehman ULee SChua TNgo CKumar RLauw HKa-Wei Lee R(2024)One-shot Pairing and Authentication Using Moms SecretCompanion Proceedings of the ACM on Web Conference 202410.1145/3589335.3651542(770-773)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589335.3651542
Fomichev MLippert THollick M(2023)Hardening and Speeding Up Zero-interaction Pairing and AuthenticationProceedings of the 2023 International Conference on embedded Wireless Systems and Networks10.5555/3639940.3639974(262-273)Online publication date: 15-Dec-2023
https://dl.acm.org/doi/10.5555/3639940.3639974
Lee KYang YPrabhune OChithra AWest JFawaz KKlingensmith NBanerjee SKim Y(2022)AEROKEYProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/35172546:1(1-29)Online publication date: 29-Mar-2022
https://dl.acm.org/doi/10.1145/3517254
Fomichev MAbanto-leon LStiegler MMolina ALink JHollick M(2022)Next2You: Robust Copresence Detection Based on Channel State InformationACM Transactions on Internet of Things10.1145/34912443:2(1-31)Online publication date: 15-Feb-2022
https://dl.acm.org/doi/10.1145/3491244
Bhattacharjya SSaiedian H(2022)End-to-End Security for IoT Communications: A Practical ImplementationEmerging Trends in Cybersecurity Applications10.1007/978-3-031-09640-2_2(21-43)Online publication date: 6-Jul-2022
https://doi.org/10.1007/978-3-031-09640-2_2
Khalfaoui SLeneutre JVillard AMa JUrien P(2021)Security Analysis of Out-of-Band Device Pairing ProtocolsWireless Communications & Mobile Computing10.1155/2021/88874722021Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1155/2021/8887472
Huang DAl-Hourani ASithamparanathan KRowe WBulot LThompson A(2021)Deep Learning Methods for Device Authentication Using RF Fingerprinting2021 15th International Conference on Signal Processing and Communication Systems (ICSPCS)10.1109/ICSPCS53099.2021.9660226(1-7)Online publication date: 13-Dec-2021
https://doi.org/10.1109/ICSPCS53099.2021.9660226
Caprolu MSciancalepore SDi Pietro R(2021)Short-Range Audio Channels Security: Survey of Mechanisms, Applications, and Research ChallengesIEEE Communications Surveys & Tutorials10.1109/COMST.2020.296903023:1(311-340)Online publication date: Sep-2022
https://doi.org/10.1109/COMST.2020.2969030
Bhattacharjya SSaiedian H(2021)Establishing and validating secured keys for IoT devices: using P3 connection model on a cloud-based architectureInternational Journal of Information Security10.1007/s10207-021-00562-721:3(427-436)Online publication date: 28-Aug-2021
https://doi.org/10.1007/s10207-021-00562-7
Oser PFeger SWoźniak PKarolus JSpagnuelo DGupta ALüders SSchmidt AKargl F(2020)SAFERProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/34141734:3(1-22)Online publication date: 4-Sep-2020
https://dl.acm.org/doi/10.1145/3414173
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents