skip to main content


Title: Do You Feel What I Hear? Enabling Autonomous IoT Device Pairing Using Different Sensor Types
Context-based pairing solutions increase the usability of IoT device pairing by eliminating any human involvement in the pairing process. This is possible by utilizing on-board sensors (with same sensing modalities) to capture a common physical context (e.g., ambient sound via each device’s microphone). However, in a smart home scenario, it is impractical to assume that all devices will share a common sensing modality. For example, a motion detector is only equipped with an infrared sensor while Amazon Echo only has microphones. In this paper, we develop a new context-based pairing mechanism called Perceptio that uses time as the common factor across differing sensor types. By focusing on the event timing, rather than the specific event sensor data, Perceptio creates event fingerprints that can be matched across a variety of IoT devices. We propose Perceptio based on the idea that devices co-located within a physically secure boundary (e.g., single family house) can observe more events in common over time, as opposed to devices outside. Devices make use of the observed contextual information to provide entropy for Perceptio’s pairing protocol. We design and implement Perceptio, and evaluate its effectiveness as an autonomous secure pairing solution. Our implementation demonstrates the ability to sufficiently distinguish between legitimate devices (placed within the boundary) and attacker devices (placed outside) by imposing a threshold on fingerprint similarity. Perceptio demonstrates an average fingerprint similarity of 94.9% between legitimate devices while even a hypothetical impossibly well-performing attacker yields only 68.9% between itself and a valid device.  more » « less
Award ID(s):
1645759
PAR ID:
10082721
Author(s) / Creator(s):
; ; ; ; ; ; ;
Date Published:
Journal Name:
39th IEEE Symposium on Security and Privacy (Oakland 2018)
Page Range / eLocation ID:
836 - 852
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. With the advent of the in-vehicle infotainment (IVI) systems (e.g., Android Automotive) and other portable devices (e.g., smartphones) that may be brought into a vehicle, it becomes crucial to establish a secure channel between the vehicle and an in-vehicle device or between two in-vehicle devices. Traditional pairing schemes are tedious, as they require user interaction (e.g., manually typing in a passcode or bringing the two devices close to each other). Modern vehicles, together with smartphones and many emerging Internet-of-things (IoT) devices (e.g., dashcam) are often equipped with built-in Global Positioning System (GPS) receivers. In this paper, we propose a GPS-based Key estab- lishment technique, called GPSKey, by leveraging the inherent randomness of vehicle movement. Specifically, vehicle movement changes with road ground conditions, traffic situations, and pedal operations. It thus may have rich randomness. Meanwhile, two in- vehicle GPS receivers can observe the same vehicle movement and exploit it for key establishment without requiring user interaction. We implement a prototype of GPSKey on top of off-the-shelf devices. Experimental results show that legitimate devices in the same vehicle require 1.18-minute of driving on average to establish a 128-bit key. Meanwhile, the attacker who follows or leads the victim’s vehicle is unable to infer the key. 
    more » « less
  2. Easily establishing pairing between Internet-of-Things (IoT) devices is important for fast deployment in many smart home scenarios. Traditional pairing methods, including passkey, QR code, and RFID, often require specific user interfaces, surface’s shape/material, or additional tags/readers. The growing number of low-resource IoT devices without an interface may not meet these requirements, which makes their pairing a challenge. On the other hand, these devices often already have sensors embedded for sensing tasks, such as inertial sensors. These sensors can be used for limited user interaction with the devices, but are not suitable for pairing on their own. In this paper, we present UniverSense, an alternative pairing method between low-resource IoT devices with an inertial sensor and a more powerful networked device equipped with a camera. To establish pairing between them, the user moves the low-resource IoT device in front of the camera. Both the camera and the on-device sensors capture the physical motion of the low-resource device. UniverSense converts these signals into a common state-space to generate fingerprints for pairing. We conduct real-world experiments to evaluate UniverSense and it achieves an F1 score of 99.9% in experiments carried out by five participants. 
    more » « less
  3. The increasingly sophisticated at-home screening systems for obstructive sleep apnea (OSA), integrated with both contactless and contact-based sensing modalities, bring convenience and reliability to remote chronic disease management. However, the device pairing processes between system components are vulnerable to wireless exploitation from a noncompliant user wishing to manipulate the test results. This work presents SIENNA, an insider-resistant context-based pairing protocol. SIENNA leverages JADE-ICA to uniquely identify a user’s respiration pattern within a multi-person environment and fuzzy commitment for automatic device pairing, while using friendly jamming technique to prevent an insider with knowledge of respiration patterns from acquiring the pairing key. Our analysis and test results show that SIENNA can achieve reliable (> 90% success rate) device pairing under a noisy environment and is robust against the attacker with full knowledge of the context information. 
    more » « less
  4. The increasingly sophisticated at-home screening systems for obstructive sleep apnea (OSA), integrated with both contactless and contact-based sensing modalities, bring convenience and reliability to remote chronic disease management. However, the device pairing processes between system components are vulnerable to wireless exploitation from a noncompliant user wishing to manipulate the test results. This work presents SIENNA, an insider-resistant context-based pairing protocol. SIENNA leverages JADE-ICA to uniquely identify a user’s respiration pattern within a multi-person environment and fuzzy commitment for automatic device pairing, while using friendly jamming technique to prevent an insider with knowledge of respiration patterns from acquiring the pairing key. Our analysis and test results show that SIENNA can achieve reliable (> 90% success rate) device pairing under a noisy environment and is robust against the attacker with full knowledge of the context information. 
    more » « less
  5. Recent advances in Internet of Things (IoT) technologies have sparked significant interest toward developing learning-based sensing applications on embedded edge devices. These efforts, however, are being challenged by the complexities of adapting to unforeseen conditions in an open-world environment, mainly due to the intensive computational and energy demands exceeding the capabilities of edge devices. In this article, we propose OpenSense, an open-world time-series sensing framework for making inferences from time-series sensor data and achieving incremental learning on an embedded edge device with limited resources. The proposed framework is able to achieve two essential tasks, inference and incremental learning, eliminating the necessity for powerful cloud servers. In addition, to secure enough time for incremental learning and reduce energy consumption, we need to schedule sensing activities without missing any events in the environment. Therefore, we propose two dynamic sensor scheduling techniques: 1) a class-level period assignment scheduler that finds an appropriate sensing period for each inferred class and 2) a Q-learning-based scheduler that dynamically determines the sensing interval for each classification moment by learning the patterns of event classes. With this framework, we discuss the design choices made to ensure satisfactory learning performance and efficient resource usage. Experimental results demonstrate the ability of the system to incrementally adapt to unforeseen conditions and to efficiently schedule to run on a resource-constrained device. 
    more » « less