Search for: All records

Context-based pairing solutions increase the usability of IoT device pairing by eliminating any human involvement in the pairing process. This is possible by utilizing on-board sensors (with same sensing modalities) to capture a common physical context (e.g., ambient sound via each device’s microphone). However, in a smart home scenario, it is impractical to assume that all devices will share a common sensing modality. For example, a motion detector is only equipped with an infrared sensor while Amazon Echo only has microphones. In this paper, we develop a new context-based pairing mechanism called Perceptio that uses time as the common factor across differing sensor types. By focusing on the event timing, rather than the specific event sensor data, Perceptio creates event fingerprints that can be matched across a variety of IoT devices. We propose Perceptio based on the idea that devices co-located within a physically secure boundary (e.g., single family house) can observe more events in common over time, as opposed to devices outside. Devices make use of the observed contextual information to provide entropy for Perceptio’s pairing protocol. We design and implement Perceptio, and evaluate its effectiveness as an autonomous secure pairing solution. Our implementation demonstrates the ability to sufficiently distinguish between legitimate devices (placed within the boundary) and attacker devices (placed outside) by imposing a threshold on fingerprint similarity. Perceptio demonstrates an average fingerprint similarity of 94.9% between legitimate devices while even a hypothetical impossibly well-performing attacker yields only 68.9% between itself and a valid device. 

Despite the advent of numerous Internet-of-Things (IoT) applications, recent research demonstrates potential side-channel vulnerabilities exploiting sensors which are used for event and environment monitoring. In this paper, we propose a new side-channel attack, where a network of distributed non-acoustic sensors can be exploited by an attacker to launch an eavesdropping attack by reconstructing intelligible speech signals. Specifically, we present PitchIn to demonstrate the feasibility of speech reconstruction from non-acoustic sensor data collected offline across networked devices. Unlike speech reconstruction which requires a high sampling frequency (e.g., > 5 KHz), typical applications using non-acoustic sensors do not rely on richly sampled data, presenting a challenge to the speech reconstruction attack. Hence, PitchIn leverages a distributed form of Time Interleaved Analog-Digital-Conversion (TIADC) to approximate a high sampling frequency, while maintaining low per-node sampling frequency. We demonstrate how distributed TI-ADC can be used to achieve intelligibility by processing an interleaved signal composed of different sensors across networked devices. We implement PitchIn and evaluate reconstructed speech signal intelligibility via user studies. PitchIn has word recognition accuracy as high as 79%. Though some additional work is required to improve accuracy, our results suggest that eavesdropping using a fusion of non-acoustic sensors is a real and practical threat. 

Truck platooning is emerging as a promising solution with many economic incentives. However, securely admitting a new vehicle into a platoon is an extremely important yet difficult task. There is no adequate method today for verifying physical arrangements of vehicles within a platoon formation. Specifically, we address the problem of a platoon ghost attack wherein an attacker spoofs presence within a platoon to gain admission and subsequently execute malicious attacks. To address such concerns, we present Convoy, a novel autonomous platoon admission scheme which binds the vehicles' digital certificates to their physical context (i.e., locality). Convoy exploits the findings that vehicles traveling together experience similar context to prove to each other over time that they are co-present. Specifically, they experience similar road (e.g., bumps and cracks) and traffic (e.g., acceleration and steering) conditions. Our approach is based on the ability for vehicles to capture this context, generate fingerprints to establish shared keys, and later bind these symmetric keys to their public keys. We design and implement the Convoy protocol and evaluate it with real-world driving data. Our implementation demonstrates that vehicles traveling in adjacent lanes can be sufficiently distinguished by their context and this can be utilized to thwart platoon ghost attacks and similar misbehavior