skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Attention:

The NSF Public Access Repository (PAR) system and access will be unavailable from 10:00 PM ET on Thursday, February 12 until 1:00 AM ET on Friday, February 13 due to maintenance. We apologize for the inconvenience.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Bit Whisperer: Improving Access Control over Ad-hoc, Short-range, Wireless Communications via Surface-bound Acoustics
Bluetooth requires device pairing to ensure security in data transmission, encumbering a number of ad-hoc, transactional interactions that require both ease-of-use and "good enough" security: e.g., sharing contact information or secure links to people nearby. We introduce Bit Whisperer, an ad-hoc short-range wireless communication system that enables "walk up and share'" data transmissions with "good enough" security. Bit Whisperer transmits data to proximate devices co-located on a solid surface through high frequency, inaudible acoustic signals. The physical surface has two benefits: it limits communication range since sound travels more robustly on a flat solid surface than air; and, it makes the domain of communication visible, helping users identify exactly with whom they are sharing data without prior pairing. Through a series of technical evaluations, we demonstrate that Bit Whisperer is robust for common use-cases and secure against likely threats. We also implement three example applications to demonstrate the utility of Whisperer: 1-to-1 local contact sharing, 1-to-N private link sharing to open a secure group chat, and 1-to-N local device authentication.  more » « less
Award ID(s):
2029519
PAR ID:
10291653
Author(s) / Creator(s):
; ; ; ; ; ; ; ;
Date Published:
Journal Name:
Proceedings of the 34th ACM User Interface Software and Technology Symposium (UIST)
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; ; ; ; ; (, UIST '21: The 34th Annual ACM Symposium on User Interface Software and Technology)
    null (Ed.)
    Bluetooth requires device pairing to ensure security in data transmission, encumbering a number of ad-hoc, transactional interactions that require both ease-of-use and “good enough” security: e.g., sharing contact information or secure links to people nearby. We introduce Bit Whisperer, an ad-hoc short-range wireless communication system that enables “walk up and share” data transmissions with “good enough” security. Bit Whisperer transmits data to proximate devices co-located on a solid surface through high frequency, inaudible acoustic signals. The physical surface has two benefits: it enhances acoustic signal transmission by reflecting sound waves as they propagate; and, it makes the domain of communication visible, helping users identify exactly with whom they are sharing data without prior pairing. Through a series of technical evaluations, we demonstrate that Bit Whisperer is robust for common use-cases and secure against likely threats. We also implement three example applications to demonstrate the utility of Whisperer: 1-to-1 local contact sharing, 1-to-N private link sharing to open a secure group chat, and 1-to-N local device authentication. 
    more » « less
  2. ; (, Sensors)
    Secure vehicular communication is a critical factor for secure traffic management. Effective security in intelligent transportation systems (ITS) requires effective and timely intrusion detection systems (IDS). In this paper, we consider false data injection attacks and distributed denial-of-service (DDoS) attacks, especially the stealthy DDoS attacks, targeting integrity and availability, respectively, in vehicular ad-hoc networks (VANET). Novel machine learning techniques for intrusion detection and mitigation based on centralized communications through roadside units (RSU) are proposed for the considered attacks. The performance of the proposed methods is evaluated using a traffic simulator and a real traffic dataset. Comparisons with the state-of-the-art solutions clearly demonstrate the superior detection and localization performance of the proposed methods by 78% in the best case and 27% in the worst case, while achieving the same level of false alarm probability. 
    more » « less
  3. ; (, Proceedings of the International Conference on the Internet of Things (IoT))
    With the rapid growth in the number of IoT devices that have wireless communication capabilities, and sensitive information collection capabilities, it is becoming increasingly necessary to ensure that these devices communicate securely with only authorized devices. A major requirement of this secure communication is to ensure that both the devices share a secret, which can be used for secure pairing and encrypted communication. Manually imparting this secret to these devices becomes an unnecessary overhead, especially when the device interaction is transient. In this paper, we empirically investigate the possibility of using an out-of-band communication channel -- vibration, generated by a custom smart ring, to share a secret with a smart IoT device. This exchanged secret can be used to bootstrap a secure wireless channel over which the devices can communicate. We believe that in future IoT devices can use such a technique to seamlessly connect with authorized devices with minimal user interaction overhead. In this paper, we specifically investigate (a) the feasibility of using vibration generated by a custom wearable for communication, (b) the effect of various parameters on this communication channel, and (c) the possibility of information manipulation by an adversary or information leakage to an adversary. For this investigation, we conducted a controlled study as well as a user study with 12 participants. In the controlled study, we could successfully share messages through vibrations with a bit error rate of less than 2.5%. Additionally, through the user study we demonstrate that it is possible to share messages with various types of objects accurately, quickly and securely as compared to several existing techniques. Overall, we find that in the best case we can exchange 85.9% messages successfully with a smart device. 
    more » « less
  4. ; ; ; ; (, 2019 IEEE Security and Privacy Workshops (SPW) -- SafeThings Workshop)
    Security of Internet of Things (IoT) devices is a well-known concern as these devices come in increasing use in homes and commercial environments. To better understand the extent to which companies take security of the IoT devices seriously and the methods they use to secure them, this paper presents findings from a security analysis of 96 top-selling WiFi IoT devices on Amazon. We found that we could carry out a significant portion of the analysis by first analyzing the code of Android companion apps responsible for controlling the devices. An interesting finding was that these devices used only 32 unique companion apps; we found instances of devices from same as well as different brands sharing the same app, significantly reducing our work. We analyzed the code of these companion apps to understand how they communicated with the devices and the security of that communication. We found security problems to be widespread: 50% of the apps corresponding to 38% of the devices did not use proper encryption techniques; some even used well-known weak ciphers such as Caesar cipher. We also purchased 5 devices and confirmed the vulnerabilities found with exploits. In some cases, we were able to bypass the pairing process and still control the device. Finally, we comment on technical and non-technical lessons learned from the study that have security implications. 
    more » « less
  5. (, IEEE Workshop on the Internet of Safe Things)
    Security of Internet of Things (IoT) devices is a well known concern as these devices come in increasing use in homes and commercial environments. To better understand the extent to which companies take security of the IoT devices seriously and the methods they use to secure them, this paper presents findings from a security analysis of 96 top-selling WiFi IoT devices on Amazon. We found that we could carry out a significant portion of the analysis by first analyzing the code of Android companion apps responsible for controlling the devices. An interesting finding was that these devices used only 32 unique companion apps; we found instances of devices from same as well as different brands sharing the same app, significantly reducing our work. We analyzed the code of these companion apps to understand how they communicated with the devices and the security of that communication. We found security problems to be widespread: 50% of the apps corresponding to 38% of the devices did not use proper encryption techniques; some even used well-known weak ciphers such as Caesar cipher. We also purchased 5 devices and confirmed the vulnerabilities found with exploits. In some cases, we were able to bypass the pairing process and still control the device. Finally, we comment on technical and non-technical lessons learned from the study that have security implications 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Text Encoded Conversion
  • XML
  • Save / Share this Record
  • Send to Email