iShake: Imitation-Resistant Secure Pairing of Smart Devices via Shaking

In conventional device-to-device (D2D) communication through wireless channels, it is an essential demand to authenticate with each other and establish spontaneous secure connections among the smart devices. In this paper, we propose an imitation-resistant mutual authentication and key generation framework for smart devices, by shaking these devices together. According to the multi-sensor data collected from smart devices, these devices are able to authenticate each other and generate a unique and consistent symmetric key if and only if they are shaken together. We have conducted comprehensive experimental study on shaking various devices, illustrated several novel observations and extracted some important clues for efficient key generation. We propose a series of novel techniques to make the key generation robust to noise and privacy-preserving, and generate highly distinctive and fully randomized symmetric keys among these devices. Realistic experiment results indicate that our solution is able to authenticate with each other and generate the symmetric keys with high accuracy and time-efficiency.

[1]  Zulfiqar Ali Memon,et al.  Biometric authentication technique using smartphone sensor , 2016, 2016 13th International Bhurban Conference on Applied Sciences and Technology (IBCAST).

[2]  Alex X. Liu,et al.  Secure unlocking of mobile touch screen devices by simple gestures: you can see it but you can not do it , 2013, MobiCom.

[3]  M. Huemer,et al.  Synchronizing shaking sequences for generating symmetric keys , 2009, 2009 2nd International Workshop on Nonlinear Dynamics and Synchronization.

[4]  Bernt Schiele,et al.  Smart-Its Friends: A Technique for Users to Easily Establish Connections between Smart Artefacts , 2001, UbiComp.

[5]  Tuomas Aura,et al.  Commitment-based device pairing with synchronized drawing , 2014, 2014 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[6]  René Mayrhofer,et al.  Shake Well Before Use: Authentication Based on Accelerometer Data , 2007, Pervasive.

[7]  Ruby B. Lee,et al.  Multi-sensor authentication to improve smartphone security , 2015, 2015 International Conference on Information Systems Security and Privacy (ICISSP).

[8]  René Mayrhofer,et al.  Shake Well Before Use: Intuitive and Secure Pairing of Mobile Devices , 2009, IEEE Transactions on Mobile Computing.

[9]  Bruno Crispo,et al.  Multimodal smartphone user authentication using touchstroke, phone-movement and face patterns , 2017, 2017 IEEE Global Conference on Signal and Information Processing (GlobalSIP).

[10]  Jie Yang,et al.  Collaborative secret key extraction leveraging Received Signal Strength in mobile wireless networks , 2012, 2012 Proceedings IEEE INFOCOM.

[11]  Guihai Chen,et al.  Extracting secret key from wireless link dynamics in vehicular environments , 2013, 2013 Proceedings IEEE INFOCOM.

[12]  Yang Wang,et al.  Fast and practical secret key extraction by exploiting channel response , 2013, 2013 Proceedings IEEE INFOCOM.

[13]  Guoliang Xue,et al.  Near field authentication for smart devices , 2013, 2013 Proceedings IEEE INFOCOM.

[14]  Patrick A. V. Hall,et al.  Approximate String Matching , 1994, Encyclopedia of Algorithms.

[15]  René Mayrhofer,et al.  The Candidate Key Protocol for Generating Secret Shared Keys from Similar Sensor Data Streams , 2007, ESAS.

[16]  Mario Huemer,et al.  Key Generation Based on Acceleration Data of Shaking Processes , 2007, UbiComp.

[17]  Guoliang Xue,et al.  A lightweight system to authenticate smartphones in the near field without NFC chips , 2013, 2013 IEEE International Conference on Communications (ICC).